-
-
Notifications
You must be signed in to change notification settings - Fork 0
Security
| Version | Supported |
|---|---|
Latest on main
|
Yes |
| Older releases | No |
Do not open a public GitHub issue for security vulnerabilities.
Email the maintainer directly: rgumieri@gmail.com with subject [Nenya Security] <brief description>
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (optional)
What to expect:
- Acknowledgment within 48 hours
- Initial assessment within 5 business days
- Resolution timeline communicated based on severity
- CVE assignment for critical vulnerabilities
- Coordinated disclosure once a fix is released
Nenya stores authentication tokens in RAM-locked memory to prevent sensitive data from being written to disk:
-
mlock/mmap: Tokens allocated using
syscall.Mmapwithsyscall.Mlock -
Zero-fill on destroy: Memory zeroed before release via
syscall.Munmap -
Constant-time comparison: Uses
subtle.ConstantTimeCompareto prevent timing attacks -
No string copies: Tokens stored as
[]byteslices, not Go strings
[Service]
LimitMEMLOCK=infinityWithout this setting, mlock will fail and the gateway reports ErrMLockFailure.
Authentication attempts are rate-limited per client IP to prevent brute-force attacks.
- Non-root execution: Runs as UID 65532 with dropped capabilities
-
Memory protection:
IPC_LOCKfor mlock; prevents secrets from swapping -
Read-only filesystem: Immutable root + private
/tmp - Seccomp + no-new-privileges: Restricted syscalls, prevents privilege escalation
- Socket activation: Seamless restarts with zero dropped connections
- Tier-0 regex filter: Always-on redaction of AWS keys, GitHub tokens, passwords, etc.
-
Body limits:
MaxBytesReaderprevents memory exhaustion - Header sanitization: Hop-by-hop headers stripped before proxying
Nenya enforces per-API key access controls via RBAC. API keys defined under api_keys in secrets support:
Roles:
-
admin— Unrestricted access (bypasses RBAC) -
user— Access to configured agents, all non-admin endpoints -
read-only— GET requests only
Agent Scoping:
-
allowed_agentsrestricts which agents the key can access (empty = all agents) - Admin keys bypass agent restrictions
Endpoint Restrictions:
-
allowed_endpointsallowlists fine-grained method + path access (e.g.GET /v1/models) - Overrides default role permissions when set
- Admin keys bypass endpoint restrictions
Metrics: nenya_auth_denials_total with reason label.
See Secrets for configuration examples.
Security vulnerabilities include but are not limited to:
- Authentication/authorization bypasses
- Request smuggling or HTTP desync attacks
- Denial of service (resource exhaustion)
- Information disclosure (leaked secrets, headers, or internal state)
- SSRF or injection vulnerabilities
Issues outside scope (feature requests, bugs without security impact) should be reported via GitHub Issues.
- Disclaimer — Usage terms and liability
- Secrets — Secure token storage
Getting Started
- Home — Project overview
- Quick Start — Install and run in 5 minutes
- Client Setup — OpenCode, Cursor, and other clients
- Deployment — Bare metal, container, Kubernetes
Core Concepts
- Configuration — Config reference and examples
- Providers — 22 providers, capabilities, special behaviors
- Routing — Latency-aware routing and fallback chains
- Architecture — Package overview and request lifecycle
- MCP Integration — MCP server integration
Reference
- Passthrough Proxy — Raw provider endpoint proxying
- Secrets — Systemd credentials and container secrets
- Model Discovery — Dynamic model catalog fetching
- API Endpoints — Endpoint reference
Operations
- Demo — Test all pipeline tiers
- Troubleshooting — Common issues and solutions
- FAQ — Frequently asked questions
- Security — Security policy and vulnerability reporting
Project
- Roadmap — Planned features
- Disclaimer — Legal disclaimer