The Black Box Architecture
A zero-access pipeline where secrets are never decrypted on disk, never stored in plaintext, and never visible to the human eye—even your own.
The Veil
Your secret is "Phantomized" locally. Using AES-256-GCM, the browser encrypts the key before it ever touches the network. We never receive your plaintext.
The Gatekeeper
Auth is handled by Clerk at the Edge. Only verified tokens can trigger the proxy, ensuring that agent requests are tethered to authenticated user sessions.
The Obsidian Vault
Encrypted data is double-salted and wrapped in a proprietary XML structure. Our database stores only the "Phantomized" blob—meaning a total breach yields nothing but noise.
The Black Box
Decryption occurs in isolated RAM for sub-millisecond execution. The worker injects the key into the API request header and discards it immediately.
The Ghost Protocol
Post-execution, we don't wait for garbage collection. We manually scrub memory blocks with null-byte loops (\0) to ensure no trace of the secret remains.
The Clean Slate
Outbound responses are scrubbed for malicious injection or accidental key leakage before returning to your agent. The pipeline ends as it began: zero exposure.