Identity
Supabase Auth verifies the account. Solana Web3 sign-in binds wallets to the dashboard account.
ICPX security
Secured from wallet to terminal.
ICPX is designed around verified accounts, wallet-owned transactions, locked-down server routes and revocable terminal sessions.
MFA
Terminal and SSH flows require a current TOTP assurance level before access is issued.
Wallet escrow
GPU jobs are created, funded and accepted through wallet-signed Solana transactions.
RPC relay
The browser never chooses arbitrary RPC URLs. Server routes restrict simulation, send and status checks.
SSRF defense
Outbound provider and RPC URLs are allowlisted, DNS-checked and blocked from private network ranges.
Terminal access
Gateway sessions use short-lived signed tokens, SSH key binding, heartbeat and revocation.
Realtime audit
Compute, security and terminal events are written into Supabase and streamed back to the user.
Rate limits
Sensitive routes have token-bucket limits and CSRF protection for browser-origin POST requests.
Browser
Same-origin checks, CSRF tokens, wallet signatures and no secret exposure.
API
Route guards, service tokens, strict body validation and no arbitrary RPC passthrough.
Data
Row-level security for users, service-role writes only for workers and append-only event logs.
Chain
Job PDA, escrow vault, provider acceptance, receipts, settlement and completion state.
Gateway
MFA, SSH key, running job check, token introspection, idle timeout and forced close.