Workspace and CLI model
Package Ninja works as one hosted workspace paired with one local CLI/runtime path.
Why the split exists
- The hosted workspace owns identity, policy, billing, and audit visibility.
- The CLI owns local command interception and preflight enforcement.
- Keeping those responsibilities separate makes the product fast for developers and enforceable for security teams.
Responsibility boundary
| Surface | Responsibility |
|---|---|
| Hosted workspace | login, billing, workspace state, policy management, audit views |
| CLI/runtime | local command interception, package-manager execution path, offline runtime state |
| Control-plane APIs | policy fetch, device authorization, audit ingestion, billing reconciliation |
Operational rule
The hosted workspace is the public product surface today. Self-hosted and enterprise-only variants may still exist in the codebase, but they are intentionally hidden from production until they are ready to be reintroduced.