AIM is designed for private, internal knowledge. Treat any deployment as security-sensitive.
- Do not commit
.env,.env.local, API keys, Slack tokens, Neo4j passwords, or tunnel URLs. - Rotate any token that has appeared in local logs or screenshots.
- Keep
APP_ENV=production,DEBUG=false, explicitCORS_ORIGINS, and non-emptyAPI_KEYSfor any public deployment. - Use
WEB_CONCURRENCY=1per process. Scale with multiple single-worker instances behind a load balancer.
Implemented:
- Slack webhook HMAC verification.
- API-key auth with constant-time comparisons.
- Tenant-key hashing for conversation ownership.
- Data classification and access-control helper layers.
- Optional field-level encryption for selected graph properties.
- Redis-backed rate limiting with in-memory fallback.
- Exact incident abstention when graph evidence is missing.
Not complete:
- No full prompt-injection red-team corpus yet.
- No ingest-time PII redaction pass yet.
- Jira/Confluence integrations are not production-hardened.
- No external penetration test or formal audit.
This is currently a portfolio/research project.