Security is a core priority for MiraBridge. This page covers the security measures in place.
Authentication
- Argon2 password hashing โ industry-standard memory-hard algorithm
- JWT tokens โ short-lived access tokens with refresh rotation
- OAuth โ GitHub and Google integration (tokens via postMessage, not URL params)
- Token revocation โ JTI tracking for instant invalidation
Encryption
- AES-256-GCM โ all sensitive data encrypted at rest
- TLS 1.3 โ all data encrypted in transit
- API key encryption โ BYOK keys are encrypted before storage
Rate Limiting
Three-bucket rate limiting protects against abuse:
- Auth bucket โ login, register, token refresh
- AI bucket โ chat requests, tool executions
- Default bucket โ all other API endpoints
Attack Protection
- BOLA/IDOR โ resource access scoped to authenticated user
- SSRF โ URL validation prevents internal network access
- XSS โ HTML escaping in all user-facing output
- SQL injection โ parameterized queries via Prisma ORM
- Input validation โ strict whitelist validation on all endpoints
Next Steps
- Data Privacy โ GDPR compliance
- Enterprise โ self-hosting for full control