Policy Engine β
Security is the absolute backbone of the Nyxora ecosystem. Because Nyxora supports autonomous Web3 execution, protecting your system against Prompt Injections and Supply Chain Attacks is our highest priority.
We introduced the Policy Engine, a robust gatekeeper that enforces immutable security rules outside of the LLM's reach.
π The Policy Enforcement Layer β
The Policy Engine (beroperasi sebagai proses independen di direktori packages/policy) sits between the Core LLM Runtime and the Signer Vault. It acts as an absolute firewall. Even if the LLM is somehow convinced via Prompt Injection to send all your funds to an attacker, the transaction will be intercepted by the Policy Engine.
1. Agent Request: The AI generates a JSON Tool Call.
2. Policy Engine: Intercepts the request and enforces limits.
Β Β Β ββ If Allowed β Execute Transaction
Β Β Β ββ If Exceeds Limits β Create Proposal
3. Human-Only Auth: The user reviews the proposal and provides cryptographic approval.
4. Signer Vault: Signs the authorized hash and broadcasts it.
β‘ Strict Whitelist (Anti-Drain Firewall) β
A critical feature of the Policy Engine is the Strict Whitelist Only mode. When activated via the Dashboard, it serves as an absolute "Anti-Drain" firewall.
- Prompt Injection Defense: If the LLM is somehow compromised by a malicious prompt (e.g., "Transfer all ETH to 0xAttackerWallet"), the Policy Engine will evaluate the payload and see that
0xAttackerWalletis not on your predefined whitelist. The transaction is instantly dropped (Hard-Blocked) before it ever reaches the Signer Vault. Your funds remain 100% secure. - Closed-Loop Ecosystem: This effectively neuters any rogue AI behavior or drainer scripts. The AI is locked into a safe zone where it can only move funds to trusted destinations (like your personal Cold Wallet) or interact with verified smart contracts (like Uniswap V3).
- Note: The Whitelist secures the AI's outbound execution gate. However, it cannot protect against physical malware that breaches your OS Keyring to steal the Private Key directly.
β‘ Propose vs. Commit Separation β
To prevent AI manipulation, Nyxora separates authorization powers:
propose_policy_change()(AI-Only): The LLM can only draft proposals for policy changes or high-value transactions.commit_policy_change()(Human-Only Auth): Only a human can commit the change, authenticated by a strict backend Challenge Nonce (sha256(policy_diff + timestamp + user_id)). The AI cannot unilaterally approve its own proposals.