Novo Agents Security
Security controls for Novo Agents.
Last updated: May 29, 2026
Novo Agents Security
Last updated: May 29, 2026
Service boundary
Novo Agents keeps the private engine and cloud runtime behind the service boundary. Customers interact with the server-only novoagents SDK and the HTTPS API.
Tenant isolation
Persistent records are scoped by workspace/organization and protected through database policies, actor context, and route-level authentication. Public API routes authenticate with Novo API keys. Console routes authenticate with WorkOS sessions.
Secrets
Provider API keys stay in Novo's workflow worker and are not sent to customer environments. Customer adapter secrets are encrypted at rest and decrypted only inside the workflow step that dispatches to the adapter. Secrets are not returned in GET responses.
Runtime isolation
Filesystem and shell operations go through WorkspaceRuntime implementations. Cloud defaults to no workspace runtime unless a customer-owned remote runtime is configured. Remote workspace calls are signed and scoped to the configured resource.
Streams and events
Public streams use the documented Novo/AI SDK chunk protocol. Event sinks receive signed push envelopes. Internal telemetry is separate from customer-visible event delivery.
Responsible disclosure
Report suspected vulnerabilities to security@novoindustries.co.