Security · Stratam

Defense layers

Layer 1 / Transport

TLS everywhere

Caddy terminates TLS at the edge with auto-renewing Let's Encrypt certs. No raw HTTP — port 80 redirects, port 443 is the only public entrypoint. HSTS enabled.

Layer 2 / Authentication

Bearer-only, no URL keys

Phone tokens travel as Authorization: Bearer, X-Jarvis-Phone-Token header, or a SameSite=Strict cookie. URL ?key= params are deprecated and warned. Tokens never leak into Referer or browser history.

Layer 3 / Storage

Encrypted at rest

OAuth refresh tokens (Discord, Gmail, Twilio, etc.) and the conversation vault are encrypted with a per-operator Fernet key rotated every 90 days. Database backups inherit the encryption — they're never readable without the key.

Layer 4 / Isolation

Per-operator containers

Each operator's data lives in a dedicated Docker volume scoped to their account. No cross-operator queries, no shared state. Code execution happens in ephemeral sibling containers with --network=none --read-only --memory=128m.

Layer 5 / Action gating

Destructive-tool guards

self_modify_code, self_restart, docker_cmd, host_exec require both JARVIS_SELF_MODIFY_ALLOWED=1 AND source-trust (owner-typed channels only). Shell commands hit a hard-block regex BEFORE execution (rm -rf /, fork bombs, mkfs, etc).

Layer 6 / Output

Anti-fabrication post-process

Three regex tiers scan every Stratam reply for action language ("I'm deploying", "Let me check"). If the claim isn't matched by a real tool call in the same turn, we append an inline warning so you see the receipt mismatch.

What we collect, where it lives

Waitlist email + signup metadata ~/.jarvis/waitlist.jsonl
per-operator

Conversation history ~/.jarvis/conversation_archive.jsonl
per-operator

Tool-call audit log ~/.jarvis/activity.jsonl
per-operator

OAuth refresh tokens (Discord, Gmail, …) Fernet-encrypted
90-day rotation

Code sandbox outputs tmpfs in ephemeral container
destroyed on exit

Browser session cookies ~/.jarvis/playwright_profile
per-operator

Self-modify snapshots /opt/jarvis/.jarvis_self_history/
last 50 snapshots

Backups jarvis_backups volume
daily, 30-day retention

The audit trail

Every tool call Stratam makes is logged with a timestamp, the arguments, the result, and the elapsed time. You can query /api/jarvis/activity on your operator instance for the full feed, or look at /activity on a live operator dashboard.

This is foundational for trust: an agent that takes action needs a receipt for everything it claims to have done. The anti-fab post-process is the second layer — it warns you when the receipt doesn't match the claim.

Your control surface

Pause destructive actions globally

Set JARVIS_SELF_MODIFY_ALLOWED=0 in your operator's .env and Stratam refuses every destructive call until you flip it back. The eternal-improvement loop honors the same flag — when off, no autonomous code shipping.

Revoke channel trust

Each inbound channel (Discord, Telegram, email, SMS) has a source-trust label. By default, only the configured operator (Discord owner ID) can drive destructive tools. Add another Discord user ID to DISCORD_TRUSTED_USER_IDS to extend; remove it to revoke.

Restart-cascade breaker

If Stratam's container restarts 4+ times in an hour, the eternal-improvement loop auto-disables and requires manual re-arming. Catches the worst-case "bad self-modify ships and the system loops on its own crash."

Export + delete

Email hello@stratam.us to get all your data exported as JSON, or to delete your account. We honor delete requests within 7 days. 30-day retention for reactivation after that; then permanent.

Real defense, not just vibes.

The short version