Security defaults for production AI infrastructure.
VeloxAI was built around secret minimization, scoped authorization, queue isolation, and auditable operational events.
API key security
Keys use pk_live and pk_test formats, are stored as SHA-256 hashes, and are revealed only on create or rotate.
Auth and teams
Users belong to organizations with owner, admin, developer, and viewer roles. Email verification is required before API key creation.
Sandboxing
Custom code tools and workflow code return sandbox_required until isolated execution with strict CPU, memory, network, and filesystem limits is configured.
Observability
Structured logs redact secrets, request IDs support tracing, and alert/webhook pipelines avoid leaking sensitive tokens.