Security

How Anvil handles your devices, your code, and your users' data

Anvil runs against real devices and real binaries — which means the product surface has to be defensive by design. This page summarizes how, and links to the machine-readable artifacts your security team will want.

Attestations

SBOM (CycloneDX 1.5)npm provenance macOS signed + notarized security.txt (RFC 9116)Sentry SOC 2 Type II Anvil SOC 2 Type II — H2 2026

Green dots are live and self-serve. Amber are in flight — email security@koydo.app for status. Blue are vendor attestations we inherit transitively.

Reporting a vulnerability

Email security@koydo.app. PGP key at /security-pgp.asc.
We acknowledge new reports within 48 hours, give a severity assessment within 5 business days, and target patch shipped within 90 days for P0/P1 (often faster).
Safe-harbor: good-faith research that doesn't access customer data, doesn't degrade the service, and gives us reasonable time to fix is exempt from legal action under our disclosure policy.
We credit reporters in the hall of fame below (opt-in). No paid bug bounty yet — we'll add one once SOC 2 Type II completes.

Data boundary

Every row in every anvil_* table carries an org_id. Postgres row-level security enforces that authenticated requests only see rows matching the session's org — the policy is re-verified in CI on every schema change.
The orchestrator never stores your source code. Replays, screenshots, accessibility trees, and traces are stored in isolated S3-compatible buckets per org.
Artifact retention defaults to 30 days on Starter and Team, 1 year on Enterprise. Purges are signed and auditable.

Device-level identity

Every driver process (KID / KAD / KVD / KMD / KWD) mints a short-lived JWT on install, signed by a hardware-rooted key (DeviceCheck / AppAttest on iOS, SafetyNet / Play Integrity on Android). Tokens are rotated every 45 minutes.
Revocation is immediate — an orchestrator API call invalidates the token across the entire fleet within 90s.
Device binaries are signed by Koydo cosign. The macOS anvil-capture binary ships notarized by Apple (Developer ID + hardened runtime). Verify with codesign -dv --verbose=4 anvil-capture on every release; customers can also pin to a specific SHA for air-gapped deployments.

Supply chain

SBOM: a CycloneDX 1.5 software bill of materials is regenerated from package-lock.json on every release and published at /sbom.json. Cross-checked against OSV.dev before deploy.
npm provenance: @koydo/anvil-cli publishes with --provenance, attaching a Sigstore attestation that ties the tarball to the GitHub Actions run that built it.
VEX: when a transitive CVE is flagged but unreachable in Anvil's call paths, we publish a Vulnerability Exploitability eXchange statement at wiki/security/vex.md with technical rationale and a re-evaluation trigger.

Vendor & audit posture

Supabase (EU region) for Postgres, Auth, storage.
Vercel (Enterprise) for the web plane. Secrets live in Vercel + Infisical mirrored; never in Git.
Sentry for application observability — they hold SOC 2 Type II, ISO 27001, ISO 27018, GDPR, HIPAA. We inherit those guarantees transitively for telemetry data.
Anvil SOC 2 Type II audit in progress (target H2 2026); GDPR compliance backed by an executed DPA available on request.Request the security questionnaire.

Hall of fame

We credit security researchers who responsibly disclose vulnerabilities to us. Be the first.

Reporting a vulnerability

Email security@koydo.app. PGP key at /security-pgp.asc.

We acknowledge new reports within 48 hours, give a severity assessment within 5 business days, and target patch shipped within 90 days for P0/P1 (often faster).

Safe-harbor: good-faith research that doesn't access customer data, doesn't degrade the service, and gives us reasonable time to fix is exempt from legal action under our disclosure policy.

We credit reporters in the hall of fame below (opt-in). No paid bug bounty yet — we'll add one once SOC 2 Type II completes.

Data boundary

Every row in every anvil_* table carries an org_id. Postgres row-level security enforces that authenticated requests only see rows matching the session's org — the policy is re-verified in CI on every schema change.

The orchestrator never stores your source code. Replays, screenshots, accessibility trees, and traces are stored in isolated S3-compatible buckets per org.

Artifact retention defaults to 30 days on Starter and Team, 1 year on Enterprise. Purges are signed and auditable.

Device-level identity

Every driver process (KID / KAD / KVD / KMD / KWD) mints a short-lived JWT on install, signed by a hardware-rooted key (DeviceCheck / AppAttest on iOS, SafetyNet / Play Integrity on Android). Tokens are rotated every 45 minutes.

Revocation is immediate — an orchestrator API call invalidates the token across the entire fleet within 90s.

Device binaries are signed by Koydo cosign. The macOS anvil-capture binary ships notarized by Apple (Developer ID + hardened runtime). Verify with codesign -dv --verbose=4 anvil-capture on every release; customers can also pin to a specific SHA for air-gapped deployments.

Supply chain

SBOM: a CycloneDX 1.5 software bill of materials is regenerated from package-lock.json on every release and published at /sbom.json. Cross-checked against OSV.dev before deploy.

npm provenance: @koydo/anvil-cli publishes with --provenance, attaching a Sigstore attestation that ties the tarball to the GitHub Actions run that built it.

VEX: when a transitive CVE is flagged but unreachable in Anvil's call paths, we publish a Vulnerability Exploitability eXchange statement at wiki/security/vex.md with technical rationale and a re-evaluation trigger.

Vendor & audit posture

Supabase (EU region) for Postgres, Auth, storage.

Vercel (Enterprise) for the web plane. Secrets live in Vercel + Infisical mirrored; never in Git.

Sentry for application observability — they hold SOC 2 Type II, ISO 27001, ISO 27018, GDPR, HIPAA. We inherit those guarantees transitively for telemetry data.

Anvil SOC 2 Type II audit in progress (target H2 2026); GDPR compliance backed by an executed DPA available on request.Request the security questionnaire.