Skip to content

Latest commit

 

History

History
52 lines (36 loc) · 1.4 KB

File metadata and controls

52 lines (36 loc) · 1.4 KB

Security Model

Vulnerability Daemon is designed as a local operator tool, not a hosted service.

Boundaries

  • The HTTP server must bind to 127.0.0.1.
  • Source folders are read from local disk.
  • Run artifacts are written to output_dir.
  • Agent CLIs are spawned as local child processes.
  • Review state is stored locally in reviews.json.

Trust Assumptions

The local user is trusted to read audit reports and source code. Other users on the same machine may be able to inspect process arguments or files depending on OS permissions.

The configured agent CLI is trusted to process prompts and source access according to its own model. Vulnerability Daemon does not sandbox the agent beyond passing read-only instructions and, for Codex, read-only sandbox flags.

Sensitive Outputs

The following files may contain sensitive data:

  • prompt.md
  • report.md
  • findings.json
  • results.sarif
  • agent.stdout.log
  • agent.stderr.log
  • reviews.json

Treat the full output_dir as confidential.

Webhooks

Webhook payloads include finding titles, target names, run metadata, and selected finding fields. Do not configure a webhook unless the destination is approved for vulnerability information.

Non-Goals For The MVP

  • Multi-user authentication
  • Cloud storage
  • Remote repository cloning
  • Hosted scheduling
  • Secret scanning guarantees

These may be added later behind explicit configuration.