Sign in

Reference

Security

Kyew is designed with security as a priority. Your data is private, encrypted, and isolated from other users.

Data Isolation

User Scoping

All data is scoped to your Google account:

User A: google:111111
  └─ Memories, Skills, Tools, Connections (isolated)

User B: google:222222
  └─ Memories, Skills, Tools, Connections (isolated)

There is no way for User A to access User B's data. The storage layer enforces user scoping on every query.

Multi-Tenancy

// Every database query includes user_id
const memories = await db
  .select()
  .from(memories)
  .where(eq(memories.user_id, userId));  // Always filtered

Encryption

In Transit

All connections use TLS 1.3:

  • Client to Cloudflare Workers
  • Workers to D1 Database
  • Workers to KV Store

At Rest

  • D1 Database: Encrypted by Cloudflare
  • KV Store: Encrypted by Cloudflare
  • Connections: Additional user-specific encryption for credentials

Credential Storage

API keys and tokens stored in connections are encrypted:

Original: ghp_xxxxxxxxxxxx
Stored:   encrypted(ghp_xxxxxxxxxxxx, user_specific_key)

Authentication

OAuth 2.0

Kyew uses Google OAuth 2.0:

  1. No passwords stored
  2. Google handles authentication
  3. Only basic profile info accessed (email, name)
  4. Refresh tokens encrypted in KV

Session Management

  • JWT tokens with expiration
  • Secure session storage in KV
  • Automatic token refresh

Code Tool Isolation

Code tools run in Cloudflare Sandbox - VM-isolated containers:

What Code Tools CANNOT Do

  • Access Kyew database
  • Read environment variables
  • Access other users' data
  • Make requests to non-whitelisted domains
  • Run indefinitely (timeout enforced)
  • Use unlimited memory (limit enforced)

Sandbox Architecture

┌─────────────────────────────────────────┐
│             Kyew Worker              │
│                                          │
│  ┌────────────────────────────────────┐ │
│  │   Cloudflare Sandbox (VM Isolated) │ │
│  │                                    │ │
│  │  • Separate memory space           │ │
│  │  • No access to worker bindings    │ │
│  │  • Restricted network access       │ │
│  │  • Timeout enforced                │ │
│  │                                    │ │
│  └────────────────────────────────────┘ │
└─────────────────────────────────────────┘

Approval Requirement

Code tools require explicit approval before they can execute. This gives you time to review the code for:

  • Malicious behavior
  • Security vulnerabilities
  • Unintended side effects

Rate Limiting

Per-user rate limits prevent abuse:

  • Requests per minute: Configurable (default 100)
  • Memory storage quota: Configurable
  • Skill storage quota: Configurable

API Key Security

For programmatic access, API keys:

  • Are user-specific
  • Can be rotated
  • Are stored hashed (not plaintext)
  • Support scoped permissions (future)

Audit Logging

All skill changes are logged:

{
  "action": "skill.approved",
  "skill_id": "skill-abc123",
  "user_id": "google:111111",
  "timestamp": "2024-01-15T10:30:00Z",
  "details": { "review_notes": "Verified against docs" }
}

View audit history:

"show audit log for skill skill-abc123"

Best Practices

For Users

  1. Review code tools before approving
  2. Use specific domains in allowed_domains for code tools
  3. Rotate API keys periodically
  4. Review pending skills before approval

For Credentials

  1. Use connections instead of hardcoding secrets
  2. Scope permissions appropriately
  3. Don't share credentials across tools unnecessarily

Compliance

Kyew is hosted on Cloudflare's infrastructure:

  • SOC 2 Type II certified
  • GDPR compliant
  • Data stored in user-selected regions (where available)

Reporting Issues

If you discover a security vulnerability:

  • Do not disclose publicly
  • Contact support with details
  • Allow time for remediation
Previous
Architecture
Next
Troubleshooting