> Security & Encryption

When you scan the QR code, the following happens:

1. The QR code encodes the WebSocket URL and the agent's Curve25519 public key.
2. The mobile app generates its own Curve25519 keypair and sends its public key to the agent.
3. Both sides compute a shared secret using nacl.box.before(theirPublicKey, mySecretKey).
4. The shared secret is never transmitted — it is derived independently on each device.

All messages after pairing are encrypted using NaCl secretbox, which provides authenticated encryption with the XSalsa20-Poly1305 algorithm.

• A unique 24-byte random nonce is generated for every message.
• The nonce is prepended to the ciphertext and sent alongside it.
• The receiver decrypts using the shared secret and the nonce.
• Poly1305 MAC ensures messages cannot be tampered with.

When a previously paired device reconnects, the server verifies its identity with a challenge-response protocol:

1. The agent generates 32 random bytes and sends them to the mobile app.
2. The mobile app computes nacl.hash(challengeBytes) and sends back the base64-encoded result.
3. The agent independently computes the same hash and compares. If they match, the device is authenticated.

This prevents replay attacks and ensures only the original paired device can reconnect.

Shared secrets are stored using platform-specific secure storage:

• Agent (Desktop/Server) — SQLite database with Electron's safeStorage encryption.
• iOS — Keychain Services, hardware-backed on devices with Secure Enclave.
• Android — Android Keystore via Expo SecureStore.

Secrets never leave the device and are not included in backups.

Commands sent to the AI agent are sanitized to mitigate prompt injection:

• Special characters and control sequences are escaped.
• Input length limits are enforced to prevent context window abuse.
• System prompts are isolated from user input to prevent override attempts.