Encrypted by design.
Blind by architecture.
The relay routes encrypted bytes between your local agent and remote users. It can't read any of it — by design. Your code, credentials, and conversations never leave your machine in plaintext.
Core Properties
Security from the ground up.
End-to-End Encryption
All communication between browser and local agent uses AES-256-GCM authenticated encryption with per-session keys derived via X25519 + HKDF. The relay sees only ciphertext — never message content.
Zero Trust Architecture
Every request is authenticated. Every action requires explicit approval. Default-deny policies protect sensitive operations — file writes, bash commands, and git commits all require user confirmation.
- File writes require approval
- Bash commands require approval
- Git commits require approval
Local Execution Only
All code runs on your local machine. The relay handles transport — not code hosting. Your repository, credentials, and files stay local.
What the relay never sees:
— Your source code
— Your API keys
— Your git credentials
— Your file contents
Credential Custody
Desktop credentials are encrypted using OS-backed secure storage when available. On macOS/Linux, agent config and private identity material live at ~/.commands-agent/config.json; on Windows, the path is %LOCALAPPDATA%\\commands-agent\\config.json. macOS/Linux files are written with restricted permissions (0600).
Secure storage by platform:
— macOS: Keychain
— Windows: Credential Manager
— Linux: Secret Service API
Encryption Protocol
Authenticated key exchange.
When a remote session starts, browser and agent perform a cryptographic handshake. The relay facilitates routing but cannot participate in the key exchange.
Agent generates identity
Long-term Ed25519 keypair registered to your account. Private key never leaves your machine.
Ephemeral session keys
Browser and agent each generate ephemeral X25519 keypairs for the session. New keys per session — no reuse.
Authentication
Agent signs the session public key with its Ed25519 identity key. Browser verifies the signature against the registered public key.
Key derivation
HKDF-SHA256 derives symmetric encryption keys from the X25519 shared secret using context string commands.com/gateway/v1/e2ee.
Transport
AES-256-GCM AEAD with deterministic direction-specific nonces. Strict sequence enforcement prevents replay attacks.
Forward secrecy
Compromise of long-term keys doesn't reveal past sessions.
Relay blindness
The server cannot decrypt any message content — ever.
Replay protection
Session nonces and sequence enforcement prevent replay attacks.
Downgrade protection
Fixed cipher suites prevent negotiation attacks.
Compliance & Auditing
Trust, but verify.
SOC 2 Type II
Annual third-party audit of our security, availability, and confidentiality controls. (Coming Q2 2026)
GDPR Compliant
Full GDPR compliance with data minimization, right to erasure, and data portability.
Audit Logs
Metadata-only audit trails for compliance teams. No content logging by default. Enterprise plans support custom retention policies.
Penetration Testing
Quarterly penetration tests by independent security researchers to validate our threat model.
Responsible Disclosure
Found something?
We want to hear from you. Report issues to security@commands.com — we commit to responding within 48 hours and fixing critical issues within 7 days.
Bug Bounty Program
We offer rewards for vulnerabilities disclosed responsibly. Include in your report:
- Detailed description of the vulnerability
- Steps to reproduce
- Potential impact and severity assessment
Our Commitments
- Respond within 48 hours
- Fix critical issues within 7 days
- Credit researchers publicly (with permission)
- No legal action for good-faith disclosure
Questions about our security model?
Our team is happy to walk you through the architecture.