Security

Built for safe agent orchestration

MiraBridge treats AI coding as a permissioned runtime problem: separate clients, shared backend contracts, scoped sessions, and clear approvals before the agent touches your workspace.

Runner Isolation

MiraBridge Desktop, VS Code, and mobile are independent clients over the same Gateway brain. Each runner keeps its own lifecycle, session ownership, conversation scope, and workspace context.

Permissioned Tools

Agent actions are routed through backend contracts and surfaced for explicit approval before file edits, terminal commands, patch review, browser automation, MCP tools, or other runtime operations execute.

Secrets And Tokens

Desktop stores refresh credentials through the native runtime instead of browser local storage. Long-lived credentials and BYOK provider keys are handled as sensitive account settings.

Code Privacy

Workspace context is used to answer the task at hand. MiraBridge is designed so local runner context stays scoped to the selected workspace and selected session.

Enterprise Controls

Team and enterprise workflows are built around auditability, plan controls, usage visibility, SSO-ready account boundaries, and support paths for security review.

Responsible Disclosure

Send security reports to [email protected]. Include affected surface, reproduction steps, impact, and any logs or request IDs that help us investigate quickly.