bluenexus.ai Get API Key

Security Model

How BlueNexus protects user data, credentials, and API access.

Token Encryption

All OAuth tokens for connected services (Google, Slack, etc.) are encrypted before database storage:

  • Algorithm: AES-256-GCM (authenticated encryption)
  • Key derivation: Scrypt-based key derivation
  • IV: Fresh random initialization vector per encryption operation
  • At rest: Tokens are never stored in plaintext

When the agent needs to call a service API, it decrypts the token in memory, uses it for the API call, and discards the plaintext.

Account Encryption Keys

Each BlueNexus account has a unique encryption key, wrapped (encrypted) via two independent paths:

User Path (Sovereignty)

  • Derived from the user's wallet signature (SIWE)
  • Allows users to decrypt their data independently of BlueNexus
  • Used for data export and compliance

System Path (Operations)

  • Derived from a system-level encryption key
  • Enables background processing (scheduled tasks, token refresh) without user interaction
  • Primary path for day-to-day operations

Cryptographic details:

  • Wrap algorithm: XSalsa20-Poly1305 (authenticated encryption)
  • Key derivation: HKDF (HMAC-based Key Derivation Function)
  • Fresh random nonce per operation
  • Context-aware encryption prevents token substitution between accounts

TEE Confidential Compute

LLM operations and agent execution can run inside Trusted Execution Environments (TEEs):

  • Data is isolated from the host infrastructure and other tenants
  • Even BlueNexus operators cannot access data in transit within the TEE
  • Agent tool execution runs in isolated E2B sandboxes (30-second timeout, auto-cleanup)

Prompt Injection Detection

The use-agent tool scans incoming prompts for injection attacks before execution:

  • Critical and high-risk prompts are blocked with McpToolPromptInjectionBlockedError
  • The detection runs on every use-agent call

Response Sanitization

Before returning tool results to your app, responses are sanitized:

Token Redaction

Pattern-based removal of sensitive data:

  • OAuth tokens (Google ya29.xxx, Facebook EAAB..., Slack xoxb-, xoxp-)
  • Bearer tokens and Basic auth headers
  • API keys and secrets
  • GitHub tokens (ghp_, gho_, ghs_, ghr_)
  • AWS access keys (AKIA...)
  • Long alphanumeric strings likely to be tokens (50+ characters)

Response Truncation

Responses are truncated to 50KB to prevent oversized results from consuming your LLM's context window.

Data Boundaries

Untrusted content from external services is wrapped with boundary markers that instruct the LLM to treat the content as data, not instructions — an additional defense against indirect prompt injection.

OAuth Security

  • PKCE mandatory: S256 only (PLAIN prohibited)
  • Authorization code hashing: Codes are hashed before database storage
  • One-time codes: Atomic database operations prevent code reuse
  • State management: UUID-based state tokens with 15-minute expiration
  • Replay detection: Multiple-use attempts are detected and logged, with extended retention for forensics
  • Client secret storage: bcrypt hashed + AES-256-GCM encrypted
  • Redirect URI validation: HTTPS required (HTTP only for localhost/127.0.0.1)

Session Security

  • Tokens are bound to auth sessions
  • Revoking a session immediately invalidates all associated tokens
  • Session activity is tracked (last used timestamp)
  • Refresh token rotation with replay detection

Audit Logging

All API requests are tracked as business events:

  • Request method, path, IP, user agent
  • Authentication context (account, session, client)
  • Response status and timing
  • Credit consumption

This audit trail supports compliance requirements and incident investigation.

Rate Limiting

Protects against abuse:

  • Global: 100 requests/minute per IP
  • MCP endpoint: 30 requests/minute
  • Auth endpoints: 10 requests/minute
  • Client registration: 5 requests/minute

See Rate Limits for details.

Next Steps