Security Architecture

This page provides a detailed view of Workjet's security architecture across its three zones: device, gateway, and providers. For a high-level summary, see the Security Overview.

Architecture Diagram

                          Trust Boundary 1              Trust Boundary 2
  +------------------+          |          +------------------+          |          +---------------+
  |  Zone 1: Device  |          |          | Zone 2: Gateway  |          |          | Zone 3: AI    |
  |                  |          |          |                  |          |          |               |
  |  Tauri Desktop   | ------TLS 1.3----> | Cloudflare Edge  | ------TLS 1.3----> | Anthropic     |
  |  - React UI      |          |          | - Auth (D1/KV)   |          |          | OpenAI        |
  |  - OS Keychain   |          |          | - DLP Pipeline   |          |          | Google        |
  |  - MCP Servers   |          |          | - Model Router   |          |          | Ollama        |
  |  - Local FS      |          |          | - Rate Limiter   |          |          +---------------+
  +------------------+          |          | - Audit Log (R2) |          |
                                           +------------------+
  

Zone 1: Device Security

OS Keychain

All credentials (API keys, MCP connector tokens, session tokens) are stored in the operating system's native keychain:

• macOS: Keychain Access (encrypted with user password)
• Windows: Credential Manager (DPAPI encrypted)
• Linux: Secret Service API (GNOME Keyring / KWallet)

Credentials are never stored in plain text files, environment variables, or application state. They are retrieved from the keychain on demand and injected into MCP server processes as environment variables at startup.

MCP Server Isolation

Each MCP connector runs as a separate child process with its own environment. Credentials for one connector are not visible to other connectors. Process isolation means a compromised connector cannot access credentials for other services.

Local Data

• Conversation history is stored on the local filesystem (not synced to cloud)
• Settings are stored in localStorage (non-sensitive configuration only)
• No telemetry data is collected or transmitted

Zone 2: Gateway Security

Authentication

• Sessions: HttpOnly, Secure, SameSite=Lax cookies with 7-day expiry
• API keys: SHA-256 hashed before storage, verified via hash comparison
• OAuth: Google OAuth 2.0 with PKCE for browser-based flows

Data Processing

The gateway processes requests in memory and does not persist message content. Only metadata (user, model, token counts, cost, DLP results) is stored in the audit log. The actual conversation content passes through the gateway but is not retained.

Multi-Tenant Isolation

See Multi-Tenant Isolation for details on how tenant data is separated at every layer.

Zone 3: Provider Security

AI providers receive only the data that passes through the gateway's DLP pipeline. Sensitive data flagged by DLP is redacted or blocked before reaching the provider. Each provider has its own data retention and privacy policies.

• Use the DLP pipeline to control what data reaches providers
• Use Ollama routing for data that must stay on-premises

Next Steps

• Learn about encryption in detail
• Review credential management
• Understand multi-tenant isolation