Security
Your work stays yours.
Every credential is encrypted before it touches disk. Every action is logged. Your data stays where you put it, and leaves only when you say so. This is not a policy. It is how the system is built.
Encryption
Strong encryption. Always.
AES-256-GCM at rest.
API keys and credentials are encrypted with AES-256-GCM before they touch disk. Each value is encrypted with a key derived from the installation. They never appear in logs, session output, or API responses. The encrypted form is the only form ever persisted.
Credentials never travel in plaintext.
Each delivery uses a separate ECDH P-256 key exchange. A shared secret is derived, used once, and discarded. Nothing sensitive is transmitted without end-to-end encryption between nodes. The wire carries ciphertext. The plaintext never leaves the source node.
ECDSA P-256 certificates.
Every node gets a unique certificate signed by the installation’s own certificate authority. Mutual TLS is enforced on every peer connection. There is no plaintext fallback. Connections that cannot be authenticated are refused before any data is exchanged.
Access & Identity
No one gets in who should not be there.
mTLS on every peer connection.
Every node-to-node connection requires both sides to present a valid certificate. Authentication is mutual. The connecting node and the receiving node each verify the other. This happens at the transport layer before any application-level request is processed.
Default deny.
Every permission starts closed. Access must be explicitly granted through a rule. There are no wildcard permissions. If a request does not match an explicit allow, it is refused. This applies to agent actions, file operations, and API calls without exception.
Credential rotation built in.
Credentials are versioned. Rotation is a first-class operation, not an afterthought. The previous version remains valid during the rollover window so nothing breaks mid-operation. Subscribers receive the new value over the same encrypted channel automatically.
Data & Governance
Every node is known. Every action is logged.
Data stays on your node.
There is no centralised credential store. No cloud-hosted secrets. Your data lives on the machines you control. You decide what leaves and what stays. The architecture makes data leakage difficult by design, not by policy.
Every action is recorded.
Every tool call, session start, credential access, and permission change is logged with a timestamp and session ID. The audit log is append-only. Nothing is deleted or sanitised after the fact. Any sequence of events can be reconstructed.
Your relay sees nothing.
When nodes connect over the internet, traffic routes through the bridge relay. The relay forwards encrypted packets without decoding them. End-to-end encryption means the relay cannot read the content of any message it carries.
Secrets are redacted at the boundary.
Sensitive values are stripped before they enter logs, evidence stores, or the session record. The system cannot accidentally leak a credential because it never stores cleartext at the boundary. Redaction happens before any persistence.
SOC 2
Built with SOC 2 in mind.
We are not yet SOC 2 certified. But the five trust service criteria shaped how this platform was designed from the ground up: security, availability, processing integrity, confidentiality, and privacy.
The controls are in place. The audit pathway is open. Prospective enterprise customers can request our current security posture documentation.