Security

The tokens you enter at onboarding — your Claude Code token, GitHub PAT, and Slack tokens — are treated as transient inputs:

• They are written directly to your agent's dedicated AWS Secrets Manager secret, encrypted at rest with a per-tenant key.
• They are never written to the provision request stored in S3, which records only boolean flags such as “a GitHub PAT was provided.”
• They are never returned in an API response and never logged.
• Writes use a read-merge-write pattern so adding one credential never clobbers the others already in your agent's secret.

Every agent belongs to a tenant, and your account is bound to your tenant at signup. The dashboard and the agents API only ever return requests scoped to your tenant — you cannot see or act on another tenant's agents. Each onboarded agent runs as its own isolated instance with its own identity and its own secret.

• Invite-only signup. Accounts can only be created from an admin-issued, single-use invite bound to a specific email address.
• Password hashing. Passwords are hashed with scrypt and a random per-user salt; the plaintext is never stored.
• Signed sessions. Sessions are HMAC-SHA256 signed cookies, set httpOnly and (in production) secure, with server-side revocation support.
• CSRF protection. State-changing requests are checked against their origin before they run.
• Rate limiting. Login and signup endpoints are throttled per client to slow credential-stuffing and invite-probing.

At onboarding you choose whether the Isomorph control plane may open one-way SSH into your agent for support and recovery. It is on by default so we can help when an agent gets stuck. Opt out for stricter privacy — the agent then accepts no inbound SSH, at the cost of no remote repair if it breaks.

Found a security issue? Email security@isomorphlabs.io with the details and steps to reproduce. Please don't open a public issue for security reports. As a pre-alpha platform we're actively hardening, and we appreciate disclosures.