Security
Zero trust
Privilege isolation
Passwordless login using WebAuthn/FIDO2. Your identity is protected by hardware-backed cryptographic credentials.
Sign in with your device—no passwords to remember or leak. Passkeys use public-key cryptography and are resistant to phishing.
Works with Touch ID, Windows Hello, and security keys. One credential, multiple devices.
Short-lived certificates for node access. No persistent keys stored—each session generates fresh credentials.
Each session gets a new certificate. Validity windows are measured in minutes, not months.
Compromised credentials expire automatically. No key rotation, no manual cleanup.
Every request is verified. Project-scoped tokens with explicit ownership checks for all node operations.
No implicit trust. Every API call is authenticated and authorized against your project scope.
Tokens are short-lived and scoped. Access is granted only when explicitly verified.
Dedicated compute per customer. Your agents run in isolated environments—never shared.
Your workloads run on dedicated resources. No noisy neighbors, no cross-tenant data exposure.
Isolation at the process and network level. Each agent executes in its own sandbox.
SSH private keys are generated client-side. Keys never leave your browser—complete end-to-end security.
Keys are created in your browser and never transmitted. We never see your private material.
Signing happens locally. Only signatures and public keys are sent over the wire.
TLS 1.3 for all communications. WebSocket connections use secure channels with strict origin validation.
All traffic is encrypted end-to-end. TLS 1.3 with strong cipher suites only.
WebSocket connections require valid certificates and enforce strict origin checks.