Security Model

How Janee keeps your secrets safe from AI agents.

Core Principle: Zero-Knowledge Agents

Janee's fundamental guarantee: agents never see your raw API keys. When an agent makes a request through Janee, the credential is injected server-side — the agent only sees the API response, never the authentication headers.

Defense in Depth

Threat Model

Prompt Injection

If an agent is manipulated via prompt injection, the attacker gains the agent's current capabilities — not your raw keys. With scoped capabilities and short TTLs, the blast radius is limited to the allowed endpoints for the remaining session duration.

Agent Exfiltration

Even if an agent tries to extract credentials, Janee never exposes them. The agent cannot read its own authentication headers — it only receives API responses. There's no tool or MCP method that returns raw keys.

Local Compromise

If your machine is compromised, the attacker has access to encrypted config files. The encryption key is derived from your system — not hardcoded.

Short-Lived Tokens

For GitHub, Janee supports GitHub App authentication which generates tokens that expire in 1 hour. Even if a token is somehow leaked, the window of exposure is minimal.

Audit Trail

Every proxied request is logged to ~/.janee/audit.log:

{
  "timestamp": "2025-01-15T10:30:00Z",
  "capability": "stripe-readonly",
  "method": "GET",
  "path": "/v1/balance",
  "status": 200,
  "reason": "User asked for account balance"
}

Review what your agents have done at any time.

Comparison: Before and After Janee