Skip to content
Junior

Security Hardening

Runtime boundaries

Section titled “Runtime boundaries”
  • User-influenced command execution runs in sandboxed environments.
  • Harness/runtime resolves target context, not model-selected destinations.
  • Credential issuing and sandbox command execution are separate trust boundaries.

Credential handling

Section titled “Credential handling”
  • Use short-lived scoped credentials.
  • Issue credentials only with explicit capability checks.
  • Inject scoped auth at host boundary instead of exposing raw tokens.

OAuth handling

Section titled “OAuth handling”
  • Deliver auth links privately to requesting users.
  • Keep token exchange server-side.
  • Store tokens per user/provider scope.

Incident checklist

Section titled “Incident checklist”
  1. Confirm no token values in logs/traces/output.
  2. Confirm OAuth links were not publicly posted.
  3. Confirm credential issuance failures map to expected events.
  4. Confirm sandbox session never received raw auth secrets.

Next step

Section titled “Next step”

Continue with Config & Environment to validate deployment defaults, then use Reliability Runbooks for incident response.