Nox-Lumen MfgSecurity and compliance
Core principles
- Clear data boundaries — on-prem can keep data, code, models, and inference inside the customer network
- Credential minimization — external secrets live in the Credential service, never in prompts / logs / ledgers
- Three-tier isolation — tenant / user / session boundaries; cross-tier access denied by default
- Full audit coverage — security-relevant actions emit tamper-evident logs
Data boundaries
On-premises flow
Rendering diagram…
- Data does not traverse external SaaS unless configured
- LLM inference uses customer-hosted models or approved intranet gateways
- Logging / telemetry remain inside policy
SaaS flow
- Processing occurs in the vendor cloud per contract retention defaults (often 30 d hot + 90 d cold)
- Model calls leverage vendor-approved channels and are not used for training (contractual safeguards)
- Optional “zero retention” mode deletes customer payloads immediately after handling
Credential management
Capabilities
- Central vaulting — DOORS / Gerrit / Feishu / LLM keys, etc.
- Encrypted at rest — AES-256; master keys in HSM / KMS
- Tenant isolation — credentials never cross tenants
- Just-in-time injection — surfaced only inside tool executions; prompts see opaque IDs only
- Audit on read — every fetch logged without secret values
Lifecycle logging
| Action | Log contents | Written to Ledger? |
|---|---|---|
| Create | Who/when/name/scope | No |
| Read | Which tool/session consumed which credential ID | Reference ID only |
| Rotate | Timestamp & actor | No |
| Revoke | Timestamp & impacted scopes | Impact summary |
Authentication & authorization
Authentication methods
| Method | Typical use |
|---|---|
| Username/password + complexity policy | Default |
| SSO (OIDC / SAML 2.0) | Enterprise rollout |
| LDAP / Active Directory | Legacy IT estates |
| Feishu / WeCom apps | IM-integrated deployments |
| API keys | Automation (bound to users) |
Authorization model
Rendering diagram…
Session roles
- Owner — read/write, share, archive
- Collaborator — read/write, cannot archive
- Viewer — read-only
Audit logging
Events captured
- Sign-in / sign-out / auth failures
- Permission changes
- Credential lifecycle (create/read/rotate/revoke)
- Session create / share / archive
- Tool calls (including high-risk
execute_code) - Data exports (downloads / API pulls)
- Admin configuration changes
Properties
- Tamper resistance — append-only; optional WORM storage
- Structured JSON with stable schemas
- Exportable — filter by time range, user, action class
- Retention — default one year, extendable for regulatory programs
Classified / domestic compliance
Classified (Level-3 style) alignment
Architecture targets common control families:
- Physical security of hosting facilities
- TLS 1.2+ on all service links
- DMZ / layered network placement
- Hardened hosts and least privilege
- Centralized management + audit
Domestic technology stack
- CPUs / OS / databases / middleware on approved vendor lists (see Deployment plans)
- Domestic LLMs (DeepSeek / Qwen / GLM / MiniMax, etc.)
- Data residency without cross-border transfer
Cryptographic evaluation support
- National algorithms (SM2 / SM3 / SM4) available where required
- Key management via HSM / national CAs
- Evaluation templates available on request
Source-code security (private builds)
| Risk | Mitigation |
|---|---|
| Leakage | NDA + non-commercial license clauses |
| Unauthorized redistribution | Contract forbids resale / external SaaS rebadging |
| Dependency vulnerabilities | SBOM + quarterly dependency reviews |
Tool sandboxing
execute_code and similar tools run in isolated sandboxes:
- Dedicated containers with cgroup limits
- Network isolation (optional allow-lists)
- Read-only root FS + ephemeral workspace
- Hard timeouts
Compliance questionnaire support
Templates available mapping to:
- ISO 27001 control families
- SOC 2 Type II criteria
- GDPR processing records
- Classified assessment checklists