Nox
PartialThe Wealth Engine
AI-native management software that replaces human middle management. 120+ pages, 83 API routes. The capitalist engine that funds liberation.
24
Live
7
Partial
0
Stub
0
Missing
95/120
Pages
83/83
APIs
83%
Security
Features (31)
Core8/8 live
AI-powered task creation, assignment, and tracking
Project planning, milestones, and progress tracking
Objective and key result tracking across org
Scheduling, agendas, transcription, and action items
Peer and manager feedback with AI analysis
Issue escalation workflows with auto-routing
Async standups with AI summaries
Multi-org support with role-based access
Communication3/4 live
Real-time chat with AI-powered assistant
Push and in-app notifications across all modules
Direct and group messaging system
Voice calls and audio features — partial implementation
Intelligence2/5 live
Dashboards, reports, and data visualization
AI-driven predictions for project timelines and risks
Workflow automation engine — UI scaffolded, no backend
Visual workflow builder — UI only, no execution
AI agent framework — UI scaffolded, partial backend
Business3/3 live
Stripe-based subscription management with tiers
Admin and employee onboarding wizards
Nox-to-Nox encrypted inter-org communication
HR5/7 live
Job postings, applicant tracking, and AI screening
Org-wide knowledge management and search
Performance review cycles with AI summaries
Policy management and compliance tracking
Leave requests, approvals, and calendar integration
Performance tracking and improvement plans — partially built
Compensation management and benchmarking — partially built
Operations3/4 live
Standardized process playbooks for teams
Budget tracking, expense management, and invoicing
Work journal and reflection system
Third-party integrations (Slack, GitHub, Linear) — scaffold only
Security
Security Checklist
4/6 passing| Check | Status |
|---|---|
| CSRF Protection | Pass |
| Rate Limiting | Pass |
| Input Validation | Partial |
| Security Headers | Pass |
| Auth / Session | Pass |
| Encryption | Partial |
Issues(15 open)
No CSRF protection on any mutation API routes
Rate limiting only on 4/83 routes — open to abuse
No input validation schemas on most API routes
Missing Content Security Policy header
No HSTS header configured
No request size limits on file upload routes
Admin routes lack additional authorization checks
No audit logging for sensitive operations
WebSocket connections not rate-limited
No session invalidation on permission changes
API keys stored in plain text in database
No brute force protection on login attempts
Org invitation tokens do not expire
No output encoding on user-generated content
Missing CORS restrictions on API routes
No request logging for debugging and forensics
Cookie flags missing Secure attribute in dev
No error rate monitoring or alerting
Database queries not parameterized in some routes
No dependency vulnerability scanning in CI
API Route Inventory
83
Total Routes
83
Rate Limited
120
Total Pages
95
Live Pages