Use Strong Tokens
Generate secure tokens: openssl rand -hex 32
Security Guide
Resonix is designed with security-first principles. This guide covers best practices for secure deployment.
Security Philosophy: Strong defaults without killing capability. Make risky paths explicit and operator-controlled.
Authentication
Secure your gateway with authentication:
{
"gateway": {
"auth": {
"token": "your-secure-token-here",
"mode": "token"
}
}
}Network Binding
| Mode | Use Case |
|---|---|
loopback | Local only (default, most secure) |
lan | Local network access |
0.0.0.0 | Public (requires auth) |
Best Practices
Environment Variables
Store secrets in environment, not in config files.
Network Binding
Start with loopback. Open to LAN only when needed.
Channel Allowlists
Configure sender allowlists to limit message sources.
Channel Security
Configure channel-level security controls:
{
"channels": {
"telegram": {
"allowedUsers": ["user-id-1", "user-id-2"],
"allowedChats": ["chat-id-1"]
}
}
}Execution Controls
Control what Resonix can execute:
commands.allowlist- Only run whitelisted commandscommands.blocklist- Block specific dangerous commandscommands.requireApproval- Require approval for certain operations
Important: Review SECURITY.md in the repository for the full security policy and vulnerability reporting guidelines.