Security is a core priority for MiraBridge. This page covers the security measures in place.
Authentication
- Argon2 password hashing β industry-standard memory-hard algorithm
- JWT tokens β short-lived access tokens with refresh rotation
- OAuth β GitHub and Google integration (tokens via postMessage, not URL params)
- Token revocation β JTI tracking for instant invalidation
Encryption
- AES-256-GCM β all sensitive data encrypted at rest
- TLS 1.3 β all data encrypted in transit
- API key encryption β BYOK keys are encrypted before storage
Rate Limiting
Three-bucket rate limiting protects against abuse:
- Auth bucket β login, register, token refresh
- AI bucket β chat requests, tool executions
- Default bucket β all other API endpoints
Attack Protection
- BOLA/IDOR β resource access scoped to authenticated user
- SSRF β URL validation prevents internal network access
- XSS β HTML escaping in all user-facing output
- SQL injection β parameterized queries via Prisma ORM
- Input validation β strict whitelist validation on all endpoints
Next Steps
- Data Privacy β GDPR compliance
- Enterprise β self-hosting for full control