coulomb/sand-boxer
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
774bc5ae0aae02910e95806322b2024b35c45e29
sand-boxer/docs/security.md
tegwick df658e7ef9 feat: TTL enforcement and operational hardening (SAND-WP-0009) 
Add TTL parser, expires_at on create, extend_ttl and expire/reap APIs,
activity-core integration doc, repo classification, registry refresh,
HTTP parity, and 69 tests.
2026-06-24 12:44:04 +02:00

972 B
Raw Blame History

Security posture

sand-boxer limits blast radius — it does not enforce intent.

What sandboxing provides

  • Isolated compose projects and workspace directories on placement hosts
  • Profile-declared network default-deny (declarative in v0; enforcement varies by extension)
  • TTL-bound disposable venues with automated expire/reap
  • Consumer attribution (adm / agt / atm) on lifecycle events

What sandboxing does not provide

  • Protection against a malicious or compromised agent inside the sandbox
  • Guarantee that an agent follows instructions or policy
  • Replacement for secrets management (use OpenBao / operator paths via warden route)
  • Production isolation on Railiance01 (sandboxes run on sandboxer01 / CoulombCore)

Per INTENT: "Honest security — sandboxing limits blast radius; it is not intent enforcement."

Operators should combine sand-boxer with flex-auth, credential routing, and harness-level controls for end-to-end safety.

Reference in New Issue View Git Blame Copy Permalink