Security: AIX-Format/GemClaw
Security
π GemclawOS Security Implementation π‘οΈ Current Hardening
Secure API Proxy : All Gemini API calls go through /api/gemini-token to prevent client-side key exposure.Immutable Store : User tokens and sensitive Firebase objects live in the Firebase Auth Context, NOT in global state.CSP Enforced : Content Security Policies in next.config.js to prevent XSS.Authenticated Storage : Firebase Storage requires valid UID checks for all uploads.
Audio Biometrics : Voice-based authentication for sensitive agent commands.Encrypted Memory : Client-side AES encryption for semantic memory buffers before Firestore sync.Audit Logs : Firestore-based logging for all agent materialization events.Rate-Limiting : Edge-level throttling for forge synthesis routes.
Zero-Trust : No API key should EVER have a NEXT_PUBLIC_ prefix if it has write access.Validation : All toolcall inputs are sanitized before being committed to state.
There aren't any published security advisories
You canβt perform that action at this time.