Advanced Security
Beyond the security hardening checklist, Open Astra provides additional security features for IP restriction, intrusion detection, session replay auditing, and watermark detection.
IP allowlist
Restrict API access to specific IP ranges. Requires owner role to modify. Enabled by default when configured.
# Get IP allowlist config
curl http://localhost:3000/security/ip-allowlist \
-H "Authorization: Bearer ${JWT_TOKEN}"
# Set IP allowlist (owner only)
curl -X PUT http://localhost:3000/security/ip-allowlist \
-H "Authorization: Bearer ${JWT_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"enabled": true,
"allowedCidrs": ["10.0.0.0/8", "192.168.1.0/24", "203.0.113.42/32"]
}'Intrusion detection
Open Astra monitors for threat patterns using a sliding-window detector. When a threshold is breached for a category/IP combination within 10 minutes, an alert is fired.
| Category | Threshold | Severity |
|---|---|---|
sandbox_escape | 1 | Critical |
ssrf | 5 | Critical |
sqli | 3 | Critical |
auth_failure | 10 | High |
pii_exfil | 3 | High |
path_traversal | 5 | Medium |
rate_limit | 20 | Medium |
When a threshold is breached, a security.intrusion_detected event is emitted and a webhook is fired to SECURITY_WEBHOOK_URL (5-second timeout).
Session replay auditing
Session replay lets authorized users view past conversations with full audit logging. Every replay request is logged for compliance, and transcripts are redacted.
# Audit a session replay (logs the request for compliance)
curl "http://localhost:3000/security/session-replay/sess_abc123?reason=Investigating+support+ticket+4821" \
-H "Authorization: Bearer ${JWT_TOKEN}"
# Response
{
"sessionId": "sess_abc123",
"messages": [...], // redacted transcript
"count": 24
}
# View replay audit log (owner only)
curl "http://localhost:3000/security/session-replay/log?limit=50" \
-H "Authorization: Bearer ${JWT_TOKEN}"Watermark detection
Detect which workspace generated a piece of agent output by checking for embedded watermarks.
# Detect workspace watermark in text
curl -X POST http://localhost:3000/security/watermark/detect \
-H "Content-Type: application/json" \
-d '{ "text": "This is a response from the agent..." }'
# Response
{ "workspaceId": "ws_abc123" }