Enterprise Trust

Security Architecture

Oceum is built security-first. Every layer of the platform -- from credential storage to agent execution to multi-org isolation -- is designed so enterprises can deploy autonomous agents with confidence.

AES-256
Vault Encryption
4
Audit Rounds
927
Automated Tests
0
Plaintext Secrets
01

Zero-Knowledge Vault

Credentials, API keys, and sensitive configuration are encrypted at rest. Oceum never sees your secrets in plaintext -- agents access them through a blind relay that decrypts only at execution time.

AES-256-GCM Encryption
Every vault entry is encrypted with AES-256-GCM, an authenticated encryption scheme that provides both confidentiality and integrity verification. Random initialization vectors are generated per entry.
NIST-approved
Per-Org HMAC-SHA256 Keys
Each organization gets a unique encryption key derived via HMAC-SHA256. Compromising one organization's key reveals nothing about another. Complete cryptographic isolation between tenants.
tenant-isolated
Blind Relay Pattern
Agents never receive raw credentials. The vault proxy decrypts secrets, injects them into outbound requests, and discards plaintext immediately. No secret ever reaches agent memory.
zero-knowledge
Domain-Locked Execution
Each vault entry specifies an allowed target domain. The proxy enforces HTTPS-only requests and blocks SSRF bypass patterns including IPv6-mapped, octal, hex, and decimal IP encodings.
SSRF-hardened
Credential Rotation
Built-in rotation support with batch processing (up to 200 entries per cycle). Access logs are capped and auditable. Token IDs are truncated in logs to prevent leakage.
automated
Auth Tag Verification
GCM authentication tags are verified on every decryption. Tampered ciphertext is rejected before any plaintext is produced, preventing ciphertext manipulation attacks.
integrity-verified
// Vault encryption flow
const key = hmacSHA256(orgId, masterKey);
const iv = crypto.randomBytes(16);
const cipher = createCipheriv('aes-256-gcm', key, iv);
// Plaintext never persisted -- encrypted at rest, decrypted at relay time only
02

Authentication & Access Control

Dual-layer authentication with organizational boundary enforcement on every request. No request reaches business logic without verified identity and membership.

JWT + API Key Dual Auth
Interactive sessions use signed JWTs with 24-hour expiry. Programmatic access uses API keys with bcrypt-hashed storage. Both paths converge to the same authorization layer.
dual-path
Membership Verification
Every authenticated request verifies active membership in the target organization. Removed users lose access immediately -- no stale session windows. JWT membership checks run on every call.
real-time
Bcrypt Password Hashing
Passwords are hashed with bcrypt (10 cost rounds). Password reset tokens are time-bound and single-use, with replay protection via issued-at vs. last-update comparison.
one-way hash
Rate Limiting
Login, password change, and sensitive API endpoints are rate-limited to prevent brute-force and credential stuffing attacks. Configurable thresholds per endpoint.
throttled
RBAC Per Organization
Owner, Admin, and Member roles with strict privilege escalation prevention. Admins cannot remove owners. Only owners can remove admins. Org-scoped permissions on every mutation.
role-gated
SSO Integration
Google and Microsoft SSO with server-side token verification. SSO tokens are validated before any session data is stored. No client-side token injection vectors.
verified server-side
03

Governance Infrastructure

Autonomous agents operate within explicit boundaries. Every sensitive action requires approval, every execution is logged, and every decision can be replayed for audit.

Approval Workflows
Agents emit structured approval tags for sensitive operations. Intent-gating validates that the LLM genuinely decided to request approval, preventing prompt injection from triggering approvals.
intent-verified
Immutable Audit Trails
Every agent action, approval decision, and credential access is logged with timestamps, actor identity, and org context. Logs are append-only and retained per plan tier (7 days free, 90 days pro).
append-only
Governed Execution
Agent actions are validated against a whitelist before execution. Unknown actions are rejected. Target identifiers are UUID-validated to prevent injection through action parameters.
action-whitelist
Agent Journal
Every observation, decision, action, and deferral is recorded in an append-only journal. No UPDATE or DELETE permitted. Monthly range-partitioned for query performance. Complete chain of custody for autonomous agent behavior.
append-only
Replay with Deduplication
Webhook events and Stripe callbacks use event ID caching for exactly-once processing. Replayed or duplicated events are detected and skipped, preventing double-execution of sensitive operations.
idempotent
Progressive Autonomy
Agents graduate through four trust tiers: supervised, trusted, autonomous, and expert. Each tier unlocks additional capabilities. Tier advancement is gated by approval history and time-in-service.
graduated
LLM Output Validation
Agent LLM responses are parsed and validated before execution. Input tags are stripped from user messages to prevent prompt injection. Structured output tags are gated by intent verification.
injection-resistant
04

Infrastructure Security

Defense-in-depth across every layer of the stack. Headers, origins, inputs, and outputs are all validated, sanitized, and restricted.

HSTS + Security Headers
Strict-Transport-Security enforces HTTPS. X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy headers are set on every response via server configuration.
header-hardened
CORS Restrictions
All API endpoints enforce explicit CORS origin allowlists. No wildcard origins. Cross-origin requests from unauthorized domains are rejected before reaching handler logic.
origin-locked
SSRF Protection
Outbound requests from vault proxy and agent actions are validated against a blocklist that catches IPv6-mapped, octal, hex, and decimal IP bypass patterns. Only HTTPS targets are allowed.
bypass-resistant
XSS Prevention
All user-generated content is escaped via dedicated escHTML functions before rendering. Blog content uses a whitelist-based sanitizer that strips SVG, event handlers, and style attributes.
whitelist-sanitized
Prototype Pollution Protection
Object property assignment blocks __proto__, constructor, and prototype keys. Prevents attackers from manipulating JavaScript prototype chains through vault or configuration endpoints.
chain-safe
Timing-Safe Comparisons
All secret comparisons (cron secrets, webhook signatures, API keys) use crypto.timingSafeEqual to prevent timing side-channel attacks. Fail-closed when environment variables are unset.
constant-time
05

Deployment Options

Run Oceum wherever your security policy requires. Same codebase, same API, same governance -- from managed cloud to fully air-gapped on-premise.

Cloud
Managed SaaS
Hosted on Vercel Pro with edge network delivery. Supabase Postgres with automated backups. Zero infrastructure management required.
  • Vercel Pro edge network
  • Supabase managed Postgres
  • Automated TLS + CDN
  • 99.9% uptime SLA
  • US East (Virginia) data residency
Self-Hosted
Docker Deployment
Single Docker image with all APIs and cron jobs. Connect your own Postgres. Full control over data residency and network boundaries.
  • Single Docker container
  • Bring your own Postgres
  • No Supabase dependency
  • Custom network policies
  • On-premise data residency
Air-Gapped
Isolated Infrastructure
Complete network isolation with Orion LLM running locally. No external API calls. Designed for classified environments and regulated industries.
  • Orion LLM (local inference)
  • Zero external dependencies
  • Air-gapped Postgres
  • No vendor lock-in
  • ORION_FALLBACK=false mode
06

Compliance Roadmap

Building toward enterprise compliance certifications with a security-first architecture that already implements the controls these frameworks require.

Implemented
SOC 2 Type II Controls
MFA/2FA (TOTP), token revocation, account lockout, password complexity, login audit trails, admin action logging, log retention enforcement, CI/CD pipeline, RLS defense-in-depth. Auditor engagement pending.
Implemented
GDPR Compliance
Self-service data export (Art.20), cascading account deletion (Art.17), per-org data segregation, RLS policies on all tables, consent-based processing, PII redaction in training exports.
Implemented
Multi-Org Data Segregation
Every database query is scoped to the authenticated organization. Service role access enforces org_id filtering. Cross-org data leakage is architecturally prevented.
Implemented
Encryption at Rest
All sensitive data encrypted with AES-256-GCM. Per-org key derivation. Random initialization vectors. Authentication tags verified on every decryption. No plaintext secrets in storage.
Implemented
Audit Logging
Comprehensive event logging across agent actions, credential access, authentication events, and administrative changes. Append-only with configurable retention (7-90 days by plan tier).
Implemented
Vulnerability Management
Four completed security audit rounds covering infrastructure hardening, prompt injection prevention, vault security, and access control. 927 automated tests in CI/CD pipeline.

Compliance Documentation

Detailed policy documents covering enterprise compliance requirements.

Access Control Policy
Role-based access control, authentication requirements, session management, and privilege escalation prevention.
policy
Change Management Policy
Change request procedures, approval workflows, rollback protocols, and deployment governance.
policy
Data Classification Policy
Data sensitivity tiers, handling requirements, encryption standards, and retention rules.
policy
Vendor Management Policy
Third-party risk assessment, vendor security requirements, and supply chain governance.
policy
07

Testing & Audit History

Security is a continuous process. Four dedicated audit rounds have hardened every surface of the platform, from API endpoints to LLM output parsing.

Audit Round 1
Infrastructure foundation: SSO token injection fix, API key prefix lookup, fetch timeouts, rate limiting, error message sanitization, cost calculation hardening, XSS escaping.
7 findings fixed
Audit Round 2
Vault and webhook hardening: prototype pollution blocking, blog sanitizer rewrite, Stripe webhook deduplication, deploy webhook fail-closed, agent config flag injection prevention.
17 findings fixed
Audit Round 3
Access control and timing: password reset replay protection, JWT membership enforcement, timing-safe cron secrets, social key redaction, CORS restrictions, account deletion cleanup.
12 findings fixed
Audit Round 4
LLM security and vault deep dive: prompt injection intent gating, ticket rate limiting, action whitelist enforcement, UUID target validation, SSRF bypass patterns, membership re-verification.
11 findings fixed
927 Automated Tests
Comprehensive test suite covering authentication flows, vault encryption/decryption, RBAC enforcement, input validation, XSS prevention, and agent governance logic. Runs on every deploy.
CI/CD enforced
Error Sanitization
All API error responses are sanitized before reaching clients. Internal details, stack traces, and infrastructure information are stripped. Generic error messages prevent information leakage.
no leakage
Get Started

Ship Agents That
Enterprises Trust

Start with Pro to deploy governed agents. Scale to Team or Enterprise as your operations expand.

Launch Portal View Pricing Read Docs