Torobari

Security

Current safeguards and limits

Torobari is built with workspace-scoped Brand Gate checks, scoped server-to-server access, redaction paths, and governance visibility. This page describes the current safeguards without claiming certifications that are not in place yet.

Workspace boundaries

Brand Gate checks, saved results, API keys, webhooks, and audit records are scoped to the current workspace.

Scoped API keys

Workspace API keys are shown once, stored as versioned hashes, scoped by permission, and revocable by Owners/Admins.

Signed webhooks

Webhook signing secrets are generated server-side, shown once, encrypted at rest, and used for HMAC-SHA256 signatures.

Safe external access

The external API is server-to-server only, requires scoped API keys, and returns safe persisted Brand Gate fields.

MCP-compatible foundation

The JSON-RPC boundary exposes only Brand Gate create, get, and list tools today, with per-tool API-key scopes.

Extension beta boundary

The Chrome extension beta uses same-session auth, a strict origin allowlist, and no API keys inside the extension.

Retention and redaction

Content retention state is tracked, raw content can be redacted, and a scheduled redaction service handles due records.

Audit visibility

The audit shell is Owner/Admin-only and renders allowlisted, redacted governance metadata.

Data exposure boundaries

Torobari does not show users raw AI request or response bodies, model interaction details, issue evidence, webhook secrets, API key hashes, or internal service/customer IDs in the current product surfaces. Public scan copy remains preview-only, and V1 does not include publishing automation.

Current limitations

  • No SOC 2 certification yet.
  • No full enterprise compliance certification yet.
  • The MCP boundary is an MCP-compatible JSON-RPC foundation, not marketplace-ready MCP.
  • The extension beta is not the final production extension login experience.
  • Webhook delivery currently supports only content_check.completed.
  • No webhook dashboard or manual resend flow yet.
  • No publishing automation in V1.
  • No retention configuration UI yet.