Security

The toolkit's security architecture addresses both traditional infrastructure threats (supply chain attacks, credential leakage) and AI/agent-specific threats (prompt injection, hallucination, tool misuse). Security requirements are constitutionally mandated under Principle I: Security-First.

Constitutional Security Requirements

All toolkit work is bound by these requirements from Principle I:

• No secrets in code (enforced by secret-scanner hook)
• Input validation on all external data
• OWASP compliance for server-side code
• Security lint on every file write
• Quality gates must not be skipped
• MCP packages must be version-pinned and integrity-verified
• Open Brain capture_thought calls must sanitize content
• Intake pipeline must validate YAML and sanitize slugs

Section Contents

• Security Overview — Threat model, attack surface map, defense layers, controls matrix, and residual risks
• AI & Agent Security — Prompt injection defense, agent tool misuse prevention, hallucination risks, and safe patterns for untrusted content
• Hardening Guide — 8-step deployment hardening checklist for new toolkit installations
• Incident Response — Response procedures for 5 incident types (compromised package, leaked secret, injected proposal, hook mismatch, unauthorized MCP server)

Related

• Security Governance (in Guides) — Day-to-day enforcement: deny rules, hook scripts, configuration drift audit, external repo evaluation
• Agent Architecture Patterns (in Concepts) — Hook hierarchy, policy islands, portable governance, privilege cascade