{ "product": "NerveOps", "purpose": "Explain blast radius for leaked or lost credentials without implying perfect security.", "credentials": [ { "credential": "sender DSN", "used_for": "Sending encrypted signals into one pipe.", "if_leaked": "An attacker may send noise or fake signals into that pipe.", "cannot_do": ["read history", "decrypt payloads", "connect as an agent", "execute commands"], "recommended_response": ["revoke or rotate the sender webhook", "create a new sender DSN", "remove the old value from CI/CD secrets"] }, { "credential": "agent token", "used_for": "Connecting a trusted nerve-agent for signed bounded actions.", "if_leaked": "Treat as serious. A leaked agent token may allow an unwanted agent connection attempt.", "cannot_do_by_itself": ["decrypt messages without the required E2E key material", "bypass server-side token validation"], "recommended_response": ["retire the pipe or revoke the agent credential", "restart the trusted agent with a new token", "verify online agent identity and status"] }, { "credential": "local mobile identity key", "used_for": "Local decryption and signing identity on the phone.", "if_lost": "Old encrypted messages may be unrecoverable unless a recovery capsule or platform key sync is available.", "recommended_response": ["use recover if available", "reset secure identity if recovery is not possible", "expect old ciphertext to remain unreadable by design"] }, { "credential": "push provider credentials", "used_for": "APNs or FCM notification delivery.", "if_leaked": "Treat as infrastructure incident. Rotate provider credentials and audit delivery logs.", "cannot_do": ["decrypt Nerve payloads", "read encrypted message history"] } ], "recommended_answer": "For Nerve, the most important distinction is sender DSN versus agent token. A leaked sender DSN should only be able to send noise into one pipe, while a leaked agent token is a higher-severity credential because it is used for trusted agent connectivity." }