Skip to main content
Docs
Open console

Security posture

MemoryNode runs as a single Cloudflare Worker with Supabase as the data plane. This document captures the current launch security model.

Authentication modes

  • API routes use x-api-key (hashed at rest).
  • Dashboard routes use session cookie + CSRF token.
  • Admin routes use x-admin-token and optional ADMIN_ALLOWED_IPS allowlist.
  • Billing webhook routes verify PayU callbacks via reverse SHA-512 (or HMAC-SHA256 fallback) using PAYU_MERCHANT_SALT.

Core controls

  • Per-key and per-route rate limits.
  • Workspace concurrency caps for write-heavy routes.
  • Cost guardrails for AI-heavy operations.
  • Request ID and audit event logging for privileged operations.
  • Tenant isolation checks on memory read/write/search paths.
  • Webhook internal token auth is route-bound to POST /v1/memories only (not accepted as a general alternate auth mode across routes).

Secrets

  • Production secrets are configured in your deployment platform (Cloudflare Worker secrets for the API). Never commit secrets to git.
  • Required production configuration is validated before release (pnpm check:config in CI).
  • Local examples use *.example env templates only.

Customer responsibilities

  • Rotate API keys from the console if a key may have leaked.
  • Scope memories per end-user with explicit user_id / owner_id in production (default default-user is for quickstarts only).
  • Restrict dashboard access to trusted team members; session cookies are HttpOnly + CSRF-protected.

Type to search all pages. navigate · Enter open · Esc close