generated from coulomb/repo-seed
feat: TTL enforcement and operational hardening (SAND-WP-0009)
Add TTL parser, expires_at on create, extend_ttl and expire/reap APIs, activity-core integration doc, repo classification, registry refresh, HTTP parity, and 69 tests.
This commit is contained in:
23
docs/security.md
Normal file
23
docs/security.md
Normal file
@@ -0,0 +1,23 @@
|
||||
# Security posture
|
||||
|
||||
sand-boxer limits **blast radius** — it does not enforce **intent**.
|
||||
|
||||
## What sandboxing provides
|
||||
|
||||
- Isolated compose projects and workspace directories on placement hosts
|
||||
- Profile-declared network default-deny (declarative in v0; enforcement varies by extension)
|
||||
- TTL-bound disposable venues with automated expire/reap
|
||||
- Consumer attribution (`adm` / `agt` / `atm`) on lifecycle events
|
||||
|
||||
## What sandboxing does not provide
|
||||
|
||||
- Protection against a malicious or compromised agent *inside* the sandbox
|
||||
- Guarantee that an agent follows instructions or policy
|
||||
- Replacement for secrets management (use OpenBao / operator paths via `warden route`)
|
||||
- Production isolation on Railiance01 (sandboxes run on sandboxer01 / CoulombCore)
|
||||
|
||||
Per INTENT: *"Honest security — sandboxing limits blast radius; it is not intent
|
||||
enforcement."*
|
||||
|
||||
Operators should combine sand-boxer with flex-auth, credential routing, and
|
||||
harness-level controls for end-to-end safety.
|
||||
Reference in New Issue
Block a user