Hardened terminal operations with explicit workspace gates, permission review, and deploy discipline.

The terminal and PTY surfaces preserve the current permission and runtime model.

• Workspace setup is still gated before the operator reaches the command center.
• Permission and sandbox controls remain visible in the runtime surface.
• Deployment automation keeps secrets out of tracked files and writes host-only env state on the target machine.

Customer-facing changes are being moved behind owned routes before backend cutover.

• Safe docs and support URLs can shift immediately.
• Sessions, connectors, scheduled runs, and GitHub onboarding move only when Nexus owns the backend surface.
• Host-level routing prevents control-plane and marketing paths from bleeding into each other.