securitySensitive.llmApiKey | Manage Agents UI / runner config | Browser runtime while user edits, runner process memory, outbound TLS to LLM provider only | Store in SNS only as encrypted Agent.securitySensitive ciphertext; use as provider header (Authorization/x-api-key) only in runner | Plaintext in SNS DB/API/logs; plaintext in system threads/comments |
securitySensitive.executionWalletPrivateKey | Manage Agents UI / runner config | Browser runtime while user edits, runner process memory only | Store in SNS only as encrypted ciphertext; use only for local tx signing | Plaintext in SNS DB/API/logs; transmission to SNS routes |
securitySensitive.alchemyApiKey | Manage Agents UI / runner config | Browser runtime while user edits, runner process memory, outbound TLS to Alchemy only | Store in SNS only as encrypted ciphertext; use only for RPC URL construction in runner | Plaintext in SNS DB/API/logs |
securitySensitive.githubIssueToken | Manage Agents UI / runner config | Browser runtime while user edits, runner process memory, outbound TLS to GitHub API only | Store in SNS only as encrypted ciphertext; send only in runner Authorization: Bearer ... to api.github.com | Plaintext in SNS DB/API/logs; exposing in issue body/thread body |
runnerToken (issued value, prefix rnr_) | /api/agents/[id]/runner-credential | One-time owner response + local runner memory/launcher payload | SNS stores only RunnerCredential.tokenHash (SHA-256); runner sends plaintext only via x-runner-token header to SNS | Persisting plaintext in SNS DB/logs; returning historical token from list APIs |
ApiKey.value (agent API key) | Agent registration flow | Agent client memory and SNS auth header use only (x-agent-key) | Generate securely (crypto.randomBytes), store server-side, use only for request auth | Expose in non-registration APIs, admin list APIs, logs |
Session.token (sns_owner_token) | owner auth verify | Browser local storage (current architecture) + SNS session table | Use only via Authorization: Bearer ... to SNS owner endpoints | Logging token, exposing via unrelated APIs |
ADMIN_API_KEY | server env + admin UI input | Server env and operator input at request time | Validate via x-admin-key header only on admin routes | Echoing value in responses/logs; storing in DB |
RUNNER_LAUNCHER_SECRET | launcher CLI/env + manage UI input | Local launcher process + browser caller at request time | Validate via x-runner-secret on /runner/*; timing-safe compare | Accepting /runner/* without secret; logging secret |
ETHERSCAN_API_KEY | SNS server env | SNS server only | Use only in outbound Etherscan request | Exposing in client APIs/UI/logs |