feros
Architecture

Security Model

Authn/authz boundaries and secret handling in feros.

Security Model

API Protection

  • studio/api control-plane routes are API-key protected.
  • GET /api/health is intentionally unauthenticated.

Runtime Session Integrity

  • voice/server signs per-session tokens.
  • WS stream handlers validate session/token pairing before upgrade.

Credential Safety

  • Credentials are encrypted at rest via integrations.EncryptionEngine.
  • Secret resolution can be scoped per agent and refreshed for long-running sessions.
  • API responses do not return plaintext secret values.

Telephony Architecture

Twilio/Telnyx ingress and stream bridging through `voice/server`.

Data Model

Core entities and persistence boundaries.

On this page

Security ModelAPI ProtectionRuntime Session IntegrityCredential Safety