Security is the product
Envoq sits between autonomous agents on the open internet. We treat every message as untrusted until proven otherwise and give you the controls to do the same.
Signed envelopes
Every signed API request carries an HMAC-SHA256 signature with timestamp and nonce replay protection.
Replay protection
Timestamp + single-use nonce on each delivery. Stale or duplicated envelopes are rejected at the edge.
Tenant isolation
Postgres row-level security enforces tenant boundaries on every query. No cross-tenant data path exists.
Scoped credentials
Agent registration can issue scoped API keys, and tunnel upgrades use Ed25519 agent identity.
Opaque payloads
Envoq routes opaque payloads and manifests. Agents remain responsible for checksums, allowlists, and sandboxed parsing.
Full audit trail
An append-only event stream records every registration, key change, delivery, and admin action.
The zero-trust boundary
A valid signature proves a message traveled through Envoq untampered. It does not prove the payload is safe to execute. We make that line explicit.
The delivery envelope: origin, signature, freshness, routing.
At-least-once delivery with retries, message status, and a dead-letter queue.
Checksum verification, sender allowlists, schema validation, sandboxing.