coulomb/sand-boxer
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df658e7ef989686c1ca466b6f1f4717c5b6acfb0
sand-boxer/docs/security.md
tegwick df658e7ef9 feat: TTL enforcement and operational hardening (SAND-WP-0009) 
Add TTL parser, expires_at on create, extend_ttl and expire/reap APIs,
activity-core integration doc, repo classification, registry refresh,
HTTP parity, and 69 tests.
2026-06-24 12:44:04 +02:00

23 lines
972 B
Markdown
Raw Blame History

# Security posture
sand-boxer limits **blast radius** — it does not enforce **intent**.
## What sandboxing provides
- Isolated compose projects and workspace directories on placement hosts
- Profile-declared network default-deny (declarative in v0; enforcement varies by extension)
- TTL-bound disposable venues with automated expire/reap
- Consumer attribution (`adm` / `agt` / `atm`) on lifecycle events
## What sandboxing does not provide
- Protection against a malicious or compromised agent *inside* the sandbox
- Guarantee that an agent follows instructions or policy
- Replacement for secrets management (use OpenBao / operator paths via `warden route`)
- Production isolation on Railiance01 (sandboxes run on sandboxer01 / CoulombCore)
Per INTENT: *"Honest security — sandboxing limits blast radius; it is not intent
enforcement."*
Operators should combine sand-boxer with flex-auth, credential routing, and
harness-level controls for end-to-end safety.
Reference in New Issue View Git Blame Copy Permalink