ai2workout

Security

ai2workout is designed as a narrow, OAuth-based bridge between Intervals.icu and MCP-compatible AI clients.

Core principles

• No user-facing Intervals.icu API-key copy-paste.
• OAuth tokens encrypted before database storage.
• Training data fetched on demand instead of bulk-imported by default.
• Explicit MCP write tools for workout and event creation.
• Audit logging for sensitive service events.

Responsible disclosure

If you find a vulnerability, email pierre@cloudustry.com with a clear description and reproduction steps. Please do not access data that is not yours.

Current beta limitations

Public launch hardening will include a self-serve disconnect page, expanded token revocation handling, stricter abuse controls, and production monitoring.