-
-
Notifications
You must be signed in to change notification settings - Fork 6
Security
Michael Elliott edited this page Mar 14, 2026
·
2 revisions
Detects and blocks injection attempts:
- Pattern matching for known techniques (ignore instructions, DAN, base64, jailbreak)
- Keyword density analysis (strict mode)
- Multi-layer detection with configurable sensitivity
{ "security": { "shield": { "enabled": true, "mode": "standard" } } }Modes: standard (balanced), strict (aggressive keyword density), permissive (patterns only).
AES-256-GCM encrypted vault for storing API keys, tokens, and secrets.
{ "security": { "vault": { "enabled": true } } }- Secrets encrypted at rest in
~/.titan/vault.enc - Master key derived from gateway password via PBKDF2
- Access via tools:
vault_set,vault_get,vault_list,vault_delete - Access via slash command:
/vault
HMAC-SHA256 signed JSONL audit logs for tamper detection.
{ "security": { "audit": { "enabled": true, "path": "~/.titan/audit.jsonl" } } }- Every tool execution, config change, and auth event is logged
- Each log entry includes HMAC-SHA256 signature for integrity verification
- Searchable via
audit_searchtool or Security admin panel - Exportable for compliance review
| Mode | Description |
|---|---|
host |
Direct execution (default) |
docker |
Docker container isolation |
none |
No sandboxing |
The code_exec tool uses Docker containers with resource limits, network isolation, and automatic cleanup. Python stubs are auto-generated for the HTTP tool bridge.
| Mode | Description |
|---|---|
supervised |
Approval required for dangerous tools (default) |
autonomous |
All tools auto-approved |
locked |
No tool execution |
{
"security": {
"allowedTools": ["shell", "read_file", "web_search"],
"deniedTools": [],
"networkAllowlist": ["api.github.com"]
}
}Role-based access control for multi-user deployments:
| Role | Permissions |
|---|---|
owner |
Full access, user management, config changes |
admin |
Tool execution, config viewing, skill management |
operator |
Chat, limited tool execution |
viewer |
Read-only access to chat and dashboard |
- Rate limiting (30 req/min API, 5 req/min login)
- CORS (configurable, localhost only by default)
- Security headers (XSS, frame, content-type)
- 24h token TTL with refresh
- Timing-safe password comparison
- SSRF protection on
web_fetchand browser tools - HMAC-SHA256 mesh authentication
The CapSolver integration for browser automation:
- API key stored in encrypted vault (not plaintext config)
- CAPTCHA solving only triggered during browser automation tasks
- Supports reCAPTCHA v2/v3, hCaptcha, Cloudflare Turnstile
- Rate-limited to prevent abuse
- HMAC-SHA256 authentication for all peer communication
- Peer approval system (approve/reject/revoke)
- Approved peers persisted to
~/.titan/approved-peers.json - Encrypted WebSocket transport