Research OS for NotebookLMLocal-first captureAnalytics + source viewsAutomations + exports

What this live clone stores, what it does not, and where provider boundaries still exist.

This policy is specific to the deployed clone at `kortex.chatflow.shop`, not a claim about any third-party provider whose credentials have not been configured yet.

What this clone stores

Notebook, source, prompt, collection, tag, artifact, automation, and podcast metadata live in Postgres.
Hosted sync data only becomes provider-backed when the production credentials are configured.
The local development path can operate without third-party auth or AI keys.

What it does not claim

This deployment does not currently ship real Firebase, Google Docs OAuth, or Dodo billing credentials.
OpenAI is optional in this clone because heuristic tagging remains available without an API key.
No claim is made that third-party providers are active until their keys are wired.

Security posture

The live app is served over HTTPS at the same origin as the API proxy.
Authenticated dashboard routes are enforced by backend middleware instead of only the frontend.
Provider-backed auth and billing should only be enabled once the final production credentials are in place.