Audra Flow

Security & RBAC

Audra Flow is built with a “Security First” architecture. Enterprise data — project context, AI knowledge bases, and user artefacts — is protected through defence-in-depth strategies that span network isolation, application-level controls, and encryption at every layer.

Authentication

Identity is verified through industry-standard protocols before any request reaches application logic.

JWT-Based Authentication

  • Access tokens are signed with 256-bit encryption (HS256 / RS256).
  • Short-lived access tokens (15-minute expiry) limit the blast radius of a compromised token.
  • Refresh token rotation is backed by Redis, ensuring that stale tokens are invalidated immediately.

Enterprise SSO

For organisations that require centralised identity management, Audra Flow supports OpenID Connect (OIDC) integration with Azure Active Directory, with additional providers on the roadmap. SSO ensures that onboarding, offboarding, and credential policies are governed by your existing identity provider.

Role-Based Access Control

Audra Flow enforces a granular RBAC model with five distinct roles. Permissions are evaluated on every API request and on every UI action, ensuring consistent enforcement regardless of access path.

RolePrimary Responsibilities
OwnerFull administrative control including billing, project deletion, and organisation settings.
AdminUser management, template governance, AI configuration, integration management, and audit log access.
EditorCreate and modify project artefacts, run AI generations, and manage project-level content.
ViewerRead-only access to all project content and AI-generated outputs.
GuestRestricted, read-only access to specific shared artefacts only.

Permission Model

Permissions are defined as a matrix of resources and actions. Resources represent the entities in the system (projects, documents, specifications, AI configuration, and more), while actions describe what can be done with them.

Supported Actions

  • create — add a new resource.
  • read — view a resource.
  • update — modify an existing resource.
  • delete — remove a resource (with referential integrity checks).
  • approve — transition a resource through a review workflow.
  • manage — full administrative control over a resource category.
  • suggest — propose changes that require administrative approval.

Key Enforcement Rules

  • Permissions are checked on both the server and the client so that the UI never displays actions a user cannot perform.
  • Non-admin users who wish to change project membership can only suggest changes; an Admin must approve the request before it takes effect.
  • Deleting a definition artefact (persona, journey, service map) that is referenced by a specification is blocked. Users are offered the option to archive instead.

Data Protection

Encryption at Rest

  • Database storage is encrypted with AES-256 via AWS KMS.
  • Object storage (S3) uses server-side encryption by default.
  • Secrets — API keys, database credentials — are stored in AWS Secrets Manager, never in code or environment variables.

Encryption in Transit

  • TLS 1.2+ is enforced for all external and internal communication.
  • HTTP Strict Transport Security (HSTS) forces HTTPS connections.
  • Certificates are managed by AWS Certificate Manager with automatic rotation.

Application Security

Security Headers

Audra Flow applies a strict set of HTTP security headers via the Helmet middleware:

  • Content Security Policy (CSP) script-src 'self' with no unsafe-eval; frame-ancestors 'none' to prevent clickjacking.
  • Mixed-Content Blocking — all mixed content is blocked.
  • Rate Limiting — Redis-backed rate limiters protect against brute-force and denial-of-service attacks.

Input Validation

  • All API inputs are validated with Zod schemas before processing.
  • SQL injection is prevented through Prisma ORM parameterised queries.

AI & LLM Security

  • Zero-Retention: Customer data is never used to train public foundation models.
  • Context Isolation: RAG retrieval is scoped to the authenticated user's active project permissions, preventing cross-tenant data leakage.
  • Prompt Injection Defence: System instructions are separated from user input. Output validation ensures responses adhere to requested formats and do not leak system prompts.

Audit Logging

Every security-relevant action in Audra Flow generates an immutable audit record. Audit logs capture:

  • Access events — login, logout, failed authentication attempts.
  • Modification events — creation, update, and deletion of artefacts, users, and configuration.
  • Administrative overrides — when an Admin exercises elevated privileges (e.g., deleting another user's content), the action and optional reason are recorded separately.

Enterprise admins can export audit logs in CSV format for internal compliance reviews. Automated alerts are triggered for high-severity errors and security anomalies.

Network Isolation

In production, all compute resources and data stores run within private subnets inside an AWS VPC. Only the Application Load Balancer is exposed to the public internet, terminating TLS before traffic enters the private network. Outbound traffic is routed through NAT Gateways with strict security group rules.

Containers run as non-root users in ephemeral AWS Fargate tasks. Container images are scanned for known vulnerabilities during the CI/CD pipeline before deployment.