SECURITY
Built so your secrets stay secret.
Nova runs autonomously with broad capability — so it's engineered from the ground up to contain blast radius, isolate credentials, and prove what it did.
Self-hosted · Single-tenant · OAuth-based access
ARCHITECTURE
Isolation at every layer
The model receives results — never the secrets used to fetch them. Every trust boundary is its own layer.
Credential isolation
API tokens and OAuth credentials live inside separate MCP processes. The model receives results only — never the secrets used to fetch them.
Path validation
Every file operation resolves through realpath and a sensitive-path deny-list, blocking symlink escapes and access to keys, .env files, and credentials.
Locked network surface
Health and webhook servers bind to loopback only; the optional desktop API is reachable solely over a private Tailscale network. No public 0.0.0.0 listener exists.
Authenticated MCP
Internal tool servers require independently rotatable bearer tokens, and every request body is size-capped to resist abuse.
Verified webhooks
Inbound webhooks are HMAC-verified (GitHub, Linear, generic) and rate-limited per hook before any agent run begins.
Subprocess sandbox
Each session's tools run in an isolated subprocess, reaped by process group so nothing lingers.
DATA
You can see everything Nova does
Every action is on record. No hidden state, no silent deletes, no long-lived static secrets.
Append-only audit log
Every tool call, job run, and error is written to an append-only log with inputs, outputs, and duration. Nothing is silently deleted.
OAuth-based access
No long-lived API keys sit in the runtime. Access flows through OAuth with scoped, rotatable credentials.
Kill-phrase shutdown
A configurable kill phrase triggers an immediate, graceful shutdown with an ops alert — a hard stop you control.
Single-tenant isolation
One instance serves one operator. There is no shared multi-tenant data surface and no cross-customer access.
RELIABILITY
Always on, never abrupt
Operations stay up while the runtime restarts, self-heals, or responds to shutdown signals.
Drain-safe deploys
In-flight turns finish before any restart — up to a full drain window — with a hard-kill backstop.
Live health checks
Health reflects real liveness: channel connections, database, and a warm runtime — not just config flags.
Self-hosted, single binary
The full runtime — compute, database, and tool servers — runs on one host you control.
Nova Private Cloud
BetaRun the entire runtime inside your own VPC with zero data egress — single-tenant, your keys, your network. This is where hard data-residency, BAA, and certification commitments live.
COMPLIANCE
Posture, stated plainly
We hold no certifications today. Here's exactly how Nova is built relative to common frameworks — and what comes with Private Cloud.
SOC 2 & ISO 27001
Built to meet SOC 2 Type II and ISO 27001 controls. Formal certification is on the roadmap with Nova Private Cloud.
GDPR-ready
Single-tenant design, full data control, and an append-only audit trail support GDPR obligations.
HIPAA-aligned architecture
Credential isolation and access controls designed with sensitive workloads in mind. BAA available with Private Cloud (Beta).
ISO 42001-aware governance
Every model action is traced and logged, supporting AI-governance review.
OAuth-based authentication
No static API keys in the runtime; scoped, rotatable OAuth credentials throughout.
Single-tenant isolation
Architecturally one operator per instance — no shared surface to misconfigure.
Ready to put an autonomous agent to work — safely?
Tell us about your stack and what you need to keep secure. We'll show you exactly how Nova runs — and how it's contained.
Self-hosted · Single-tenant · OAuth-based access