generated from coulomb/repo-seed
tegwick
df658e7ef9
Add TTL parser, expires_at on create, extend_ttl and expire/reap APIs, activity-core integration doc, repo classification, registry refresh, HTTP parity, and 69 tests.
23 lines
972 B
Markdown
23 lines
972 B
Markdown
# Security posture
|
|
|
|
sand-boxer limits **blast radius** — it does not enforce **intent**.
|
|
|
|
## What sandboxing provides
|
|
|
|
- Isolated compose projects and workspace directories on placement hosts
|
|
- Profile-declared network default-deny (declarative in v0; enforcement varies by extension)
|
|
- TTL-bound disposable venues with automated expire/reap
|
|
- Consumer attribution (`adm` / `agt` / `atm`) on lifecycle events
|
|
|
|
## What sandboxing does not provide
|
|
|
|
- Protection against a malicious or compromised agent *inside* the sandbox
|
|
- Guarantee that an agent follows instructions or policy
|
|
- Replacement for secrets management (use OpenBao / operator paths via `warden route`)
|
|
- Production isolation on Railiance01 (sandboxes run on sandboxer01 / CoulombCore)
|
|
|
|
Per INTENT: *"Honest security — sandboxing limits blast radius; it is not intent
|
|
enforcement."*
|
|
|
|
Operators should combine sand-boxer with flex-auth, credential routing, and
|
|
harness-level controls for end-to-end safety. |