Security & Privacy Architecture

The Zero-Transit Architecture Policy

Traditional cloud explorers act as middle-tier servers: they receive your access keys, connect to your cloud infrastructure, and parse your payloads on their own hardware. This introduces a major security risk, creating a single point of failure where a database leak or server compromise exposes your enterprise connections.

Bussin is different. We enforce an absolute Zero-Transit policy:

• No server relays: There are no backend application servers, databases, or API proxies in the Bussin pipeline. The application is distributed as a set of static files (HTML, CSS, WebAssembly) served directly to your browser via a Content Delivery Network (CDN).
• Direct-to-Broker Data Path: All network traffic—including management calls and AMQP message streams—travels strictly between your local browser process and Microsoft's Azure endpoints. Your data never touches any third-party infrastructure.
• No Data Telemetry: To prevent accidental data leaks, Bussin does not employ third-party analytics platforms, tracking cookies, or diagnostic payload log collection engines. Active logins are logged transparently solely for adoption tracking (see below).

Credential & Access Token Isolation

Bussin utilizes the official Microsoft Authentication Library (MSAL.js) to manage identity flows with Entra ID (Azure Active Directory):

1. Authentication Scopes & JWTs

When you log in, the Entra ID authorization server returns an ephemeral OAuth 2.0 JSON Web Token (JWT) directly to the browser. The token is assigned delegated scopes for https://servicebus.azure.net/user_impersonation and https://management.azure.com/user_impersonation.

2. Volatile Memory Caching

Bussin stores active access tokens strictly within volatile browser memory (session state). Tokens are never written to disk or sent across the internet to anything other than standard Microsoft Azure API gateways.

Transparent User Authentication Auditing

Bussin is built with complete transparency regarding network traffic and analytics. To track active adoption and tool usage, we maintain a lightweight, open-source serverless database:

• Adoption Metrics: Upon successful Microsoft Entra ID authentication, the client logs a basic profile entry (consisting of the user's ID, email address, display name, and login timestamp) to our serverless backend. This is used solely to evaluate usage and guide our roadmap.
• Complete Payload Sandbox: Absolutely zero Service Bus resource data, connection strings, entity names, namespace configurations, or message payload bytes are ever captured, logged, or transmitted outside of your browser.
• Self-Hostable and Open-Source: The entire backend tracking infrastructure—including the Bicep IaC script and the .NET 10.0 Native AOT C# source code—is fully open-source and included in the codebase. Enterprise organizations can easily self-host this auditable backend within their own secure Azure boundaries to monitor active logins.

Browser Sandbox Boundaries

By executing inside a modern browser engine (such as V8 or WebKit), Bussin inherits robust, industry-standard security boundaries enforced by the operating system:

Enterprise Compliance Alignment

Because Bussin does not capture, store, or process any customer data, utilizing this tool does not expand your organizational data boundaries or introduce new compliance liabilities. It integrates cleanly with standard SOC 2, ISO 27001, and HIPAA compliance policies, acting as a secure diagnostic lens for your existing Azure infrastructure.