Transport
TLS 1.3 with public-key pinning between the plugin and our API. No plaintext transport is exposed.
Security
Every layer is designed to fail closed. These are the controls in place today. The full threat model lives in our docs.
Plugin execution
The production build removes the arbitrary Python-execution endpoint entirely. Tool calls route only through a hardcoded module allowlist that is verified at plugin startup.
Model providers
Anthropic is the sole model provider. API keys are held in a managed secret store and reached via an egress-restricted gateway. Your prompts are covered by a Zero-Data-Retention contract.
Approvals
Every mutating tool call requires explicit approval in your editor unless you opt into per-run or session-scoped auto-approval.
Billing
Double-entry, append-only credit ledger, reconciled nightly against Stripe. No in-place balance mutation.
Release integrity
Plugin binaries are Authenticode-signed on Windows, notarized on macOS, and every release manifest is Ed25519-signed with keys held in an HSM.
Responsible disclosure
Report vulnerabilities to security@blueprintproai.app. We acknowledge within 24 hours.