Security

Security model

ThoxMicroV is designed around a gated access model. Users can register, but access is not automatic. Administrators must approve users and assign device-specific grants before dashboards or terminal sessions become available.

Identity and Access

Supabase Auth. Email + password (12+ chars) and magic links. Sessions in HttpOnly cookies, refreshed by middleware on every request.

Approval Workflow

Users register and land in a pending state. Administrators approve, reject, or suspend accounts.

Device-Specific Grants

  • Every table has Row-Level Security enabled.

  • Profiles cannot escalate their own admin flag or approval state — blocked by the profiles RLS policy and re-checked server-side on writes.

  • Devices are visible only to their owner, to admins, or to a profile with an unexpired device_grants row.

  • The append-only audit_log can only be inserted by the service role.

Terminal Access Controls

  1. 1

    The Next.js server checks requireDeviceAccess(operator) against RLS-filtered queries.

  2. 2

    It mints a 5-minute HS256 JWT scoped to (profile_id, device_id, jti) and records the session.

  3. 3

    The browser opens a WebSocket to the exec-relay sidecar with the token.

  4. 4

    The relay verifies signature, audience, issuer, expiry, and claim shape before spawning a PTY into the right node container running thoxosctl shell — a constrained REPL, not bash.

  5. 5

    On disconnect, the row is closed with byte counters.

Terminal warning

Browser terminal access is a powerful operational capability. THOX.ai recommends limiting terminal permissions to trusted administrators, enabling audit review, and using least-privilege device assignments.

Audit Logging

Authentication, approvals, device grants, terminal session open/close events, and inference calls are recorded with actor, target, source IP, and user agent.

Local-First AI

AI workloads run on the device. The control plane never relays plaintext prompts or completions.

Network Exposure Reduction

Devices initiate outbound connections to the control plane and coordinator; no public inbound device exposure required.

Kernel and Runtime Operational Boundaries

ThoxOS may include platform-specific Linux patches, NVIDIA packages, and THOX.ai kernel optimizations. Administrative access should be restricted to trusted operators who understand the impact of modifying system services, kernel parameters, runtime settings, and local AI workloads.

Partner Access Model

Development partners and OS vendors receive scoped grants and patch ledger access. The platform does not require unmanaged broad access to partner edge systems.

Secrets handling

  • SUPABASE_SERVICE_ROLE_KEY, EXEC_RELAY_JWT_SECRET, and COORDINATOR_ADMIN_KEY are server-only and never sent to the browser.

  • JWT signing uses HMAC-SHA-256 with constant-time signature comparison.

  • Coordinator HTTPS uses a self-signed cert in the sandbox; replace with a real certificate before going outside dev.

Secrets warning

Do not place production secrets, model keys, customer data, privileged tokens, partner credentials, or device enrollment keys in client-side code, public repositories, browser storage, or unsecured configuration files.

Kernel and runtime warning

ThoxOS may include platform-specific Linux patches, NVIDIA packages, and THOX.ai kernel optimizations. Administrative access should be restricted to trusted operators who understand the impact of modifying system services, kernel parameters, runtime settings, and local AI workloads.

First user becomes admin. The first user to register on a fresh database becomes admin automatically via the seed_first_admin trigger. Disable the trigger after the real admin is created.

We deliberately do not claim

  • No "unhackable" or "military grade".

    The coordinator exists; it just never sees plaintext. Strong words mislead reviewers and do not survive an actual audit.

  • No "Patent Pending".

    Patents are not filed. We will say so when they are.

  • No certified HIPAA, GDPR, or SOC 2 compliance.

    ThoxMicroV is designed to support privacy-aligned deployment patterns. Certification is the operator’s responsibility, on the operator’s deployment.

  • No relabeling of vendor work.

    Intel patches are Intel’s. NVIDIA frameworks are NVIDIA’s. THOX.ai kernel optimizations are THOX.ai’s. The patch ledger preserves provenance.

  • No "no central server".

    A coordinator service exists for peer rendezvous. Its security property is that it never sees plaintext, not that it does not exist.

  • No fabricated benchmarks.

    Performance numbers must be measured by the integrating party, on the integrating party’s hardware, with the integrating party’s workload.

  • No vendor endorsement.

    ThoxMicroV is built to support Intel and NVIDIA platforms — not officially certified or endorsed by either company unless explicitly authorized.

Operational recommendations

Limit terminal grants to trusted operators.

Disable the seed_first_admin trigger after the first admin is created.

Audit who has service_role access in the Supabase project.

Use the audit log to verify who has accessed which device and when.

Hardening checklist before shipping outside dev

  • Replace EXEC_RELAY_JWT_SECRET with a freshly generated value.

  • Front the exec-relay with TLS (wss://) and update NEXT_PUBLIC_EXEC_RELAY_URL.

  • Replace COORDINATOR_ADMIN_KEY with a random value.

  • Disable the seed_first_admin trigger after the real admin is created.

  • Set is_admin = false on every account that is not actually an admin.

  • Audit who has service_role access in the Supabase project.

  • Configure SMTP in Supabase for password reset and magic-link delivery.