Security is a core priority for MiraBridge. This page covers the security measures in place.
Authentication
- Argon2 password hashing â industry-standard memory-hard algorithm
- JWT tokens â short-lived access tokens with refresh rotation
- OAuth â GitHub and Google integration (tokens via postMessage, not URL params)
- Token revocation â JTI tracking for instant invalidation
Encryption
- AES-256-GCM â all sensitive data encrypted at rest
- TLS 1.3 â all data encrypted in transit
- API key encryption â BYOK keys are encrypted before storage
Rate Limiting
Three-bucket rate limiting protects against abuse:
- Auth bucket â login, register, token refresh
- AI bucket â chat requests, tool executions
- Default bucket â all other API endpoints
Attack Protection
- BOLA/IDOR â resource access scoped to authenticated user
- SSRF â URL validation prevents internal network access
- XSS â HTML escaping in all user-facing output
- SQL injection â parameterized queries via Prisma ORM
- Input validation â strict whitelist validation on all endpoints
Next Steps
- Data Privacy â GDPR compliance
- Enterprise â self-hosting for full control