All features

Security & compliance

Rate limiting, CSP, encrypted secrets, and a sandboxed email renderer.

Inbound email HTML renders inside a fully sandboxed iframe with a DOMPurified srcdoc, so a poisoned email can't script the agent UI. Rate limits run in Redis and survive restarts. The production CSP is strict. MFA secrets and plugin signing keys are encrypted at rest.

8 total 8 shipping

  • Rate limiting

    Shipping

    Redis-backed counters; survives restarts. 60 req/min unauth global, 600 req/min auth, 5 req/min on MFA. Per-route overrides via middleware.

  • CSRF protection

    Shipping

    Double-submit cookie, intentionally bypassed for Bearer-token auth since API tokens aren't CSRF-vulnerable.

  • Strict Content Security Policy

    Shipping

    Production CSP: default-src 'self'; script-src 'self'; …. Plugin frame-src configurable for the future sandbox. HSTS in production with includeSubDomains.

  • File upload validation

    Shipping

    MIME-type allowlist, extension blocklist (executables, scripts, JARs), 50 MB default cap (10 MB for guests).

  • Encrypted secrets at rest

    Shipping

    AES-256-GCM via utils/encryption.rs, used for MFA TOTP secrets and the local plugin signing key. Same key path, same primitives.

  • Security event log

    Shipping

    security_events table + helper. Login attempts, MFA changes, password resets, invitation redemptions all recorded.

  • Plugin trust chain

    Shipping

    Every install path verifies the signature against the trust chain. Refused unless signed by Nosdesk root, a registered publisher, or the instance’s local key.

  • Sandboxed email rendering

    Shipping

    EmailHtmlBody renders inbound HTML in a fully sandboxed iframe (sandbox="allow-same-origin" only, no scripts) with a DOMPurified srcdoc. vSafeHtml directive registers DOMPurify-on-set globally.

Previous Backup & restore

Want to see it in action?

Join the waitlist for early access, or browse the rest of the catalogue.

Join waitlist All features