Your code deserves
world-class security
Midcore is built with security at every layer — from kernel-level sandboxing to zero-data-retention AI providers. Here's how we protect your most valuable asset.
Security-First Architecture
Every layer of Midcore is built with security as a first-class concern — not an afterthought.
Encryption Everywhere
AES-256 at rest, TLS 1.3 in transit. Your code is encrypted from the moment it leaves your machine.
Zero-Trust by Default
Deny-by-default access controls. Every request is authenticated, authorized, and scoped.
Full Transparency
Audit logs for every privileged action. You always know who did what, when, and why.
Infrastructure Security
Built on battle-tested cloud infrastructure with defense-in-depth.
Cloud Infrastructure
- Hosted on AWS and GCP with SOC 2 Type II certified data centers
- Multi-region deployment with geographic data residency options
- Network isolation via VPCs with strict security group policies
- DDoS protection and automated threat detection
Encryption Standards
- AES-256 encryption for all data at rest
- TLS 1.3 for all data in transit — no exceptions
- Per-session key derivation with HKDF and automatic rotation
- Database-level encryption with managed key services
Access Controls
- Mandatory multi-factor authentication for all production access
- Role-based access control (RBAC) with principle of least privilege
- Automated access reviews on a quarterly cycle
- Hardware security keys required for infrastructure access
Application Security
Security controls woven into the product architecture, not bolted on.
Deterministic Gates
33+ verification gates that every release must pass. Security checks are automated and non-bypassable.
RBAC & Tenant Isolation
Deny-by-default RBAC with tenant-scoped data. Every query is scoped to your organization — no cross-tenant access.
Secrets Management
No hardcoded secrets. All credentials are managed via vault with automatic rotation support.
Append-Only Audit Ledger
Every privileged action, gate result, and evidence artifact is recorded in an immutable audit trail.
Sandbox Isolation
AI agent commands execute in sandboxed environments with kernel-level isolation and network controls.
Input Validation
All API inputs are validated at trust boundaries. Stable error shapes. No injection vectors.
Privacy Mode
When Privacy Mode is enabled, your code is processed exclusively by LLM providers with zero-data-retention (ZDR) agreements. No code is stored on provider servers beyond the duration of the API request. Codebase indexing uses only obfuscated file paths and embeddings.
Secure Development
How we build and ship Midcore securely.
Supply Chain Security
SBOM generation for every release artifact. Dependency provenance verified. Signed builds.
Code Review
All changes require peer review. Automated BugBot scans every PR for security vulnerabilities.
Hardening Rounds
8 mandatory hardening rounds for production: identity, audit, secrets, build integrity, data, integration, launch.
Responsible Disclosure
We welcome security researchers. Report vulnerabilities to security@midcore.dev for coordinated disclosure.
Compliance
Meeting the standards your organization requires.
SOC 2 Type II
In ProgressAudit currently underway. Expected completion Q2 2026.
GDPR
CompliantFull compliance with EU General Data Protection Regulation.
CCPA
CompliantFull compliance with California Consumer Privacy Act.
Data Processing Agreements
AvailableDPA available for enterprise customers upon request.
Responsible Disclosure
Found a vulnerability? We take security reports seriously and respond within 24 hours. We ask that you give us reasonable time to address issues before public disclosure.
Contact: security@midcore.dev · See also: Privacy Policy · Terms of Service