Project trust

Project trust is a consent gate. A repository opened in DevAware OS is untrusted by default; the user grants trust explicitly before scripts, MCP servers, or dev servers tied to that project can run.

Trust scopes what executes — it is not a guarantee against malicious code. An unfamiliar repository should be treated the way any untrusted input is treated; project trust narrows the blast radius rather than removing risk.