Security

This page summarizes the security controls that are implemented in the current Walos codebase today. It is intentionally narrower than a compliance or uptime statement.

Authentication

• Administrator sign-in compares credentials from the ADMIN and ADMIN_AUTH environment variables using a constant-time check
• A sealed (AES-GCM, HKDF-derived key) session cookie gates server-rendered /app/* routes via middleware
• API keys are project-scoped and can be revoked independently of the admin login session

Credential Handling

• API keys are stored as scrypt hashes instead of plaintext
• Sensitive runtime secrets stay in environment variables and are excluded from source control
• Current security conventions and tradeoffs are documented in the repository security notes

Request Protections

• App Router responses set a managed Content Security Policy in middleware
• Server actions and request boundaries validate inputs before mutating state
• Query-gateway traffic is subject to request quotas and rate limiting

Current Scope

• Organizations, projects, and environments are modeled as separate control-plane boundaries
• Public uptime monitoring and incident feeds are still being rolled out
• This page intentionally summarizes controls that are implemented in the current codebase today

Reporting a vulnerability

If you discover a security issue, please email security@walos.xyz. We take all reports seriously.