RafaelRuiz
/
assistance-engine
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
assistance-engine/docs/SECURITY.md

4.6 KiB
Raw Blame History

Security Policy

Supported Versions

Version Security patches
1.5.x Active
1.4.x ⚠️ Critical fixes only
< 1.4 Not supported

Reporting a Vulnerability

Do not open a public GitHub Issue for security vulnerabilities.

Report security issues directly to the CTO via the private Slack channel #brunix-security or by email to the address on file. Include:

  1. A clear description of the vulnerability and its potential impact.
  2. Steps to reproduce (proof-of-concept if applicable).
  3. Affected component(s) and version(s).
  4. Suggested remediation, if known.

You will receive an acknowledgement within 48 hours and a resolution timeline within 7 business days for confirmed issues.

Security Model

Transport

The gRPC server currently runs with add_insecure_portthere is no TLS in the current dev configuration. This is intentional for the local development setup where all traffic flows through authenticated kubectl tunnels.

For any production or internet-exposed deployment, TLS must be enabled. See ADR-0003 for context.

Authentication & Authorization

The current version has no authentication layer on the gRPC API. Any client with network access to port 50052 can call any RPC method and access any session by session ID.

Acceptable risk boundaries for the current deployment:

  • Port 50052 must be accessible only to authorized developers via firewall rules or VPN.
  • Do not expose port 50052 on a public IP without an authenticating reverse proxy.

Secrets Management

All secrets (API keys, database credentials) are managed exclusively via environment variables. The following rules are enforced:

  • Never commit real secret values to any branch, including feature branches.
  • Use placeholder values (e.g., sk-ant-..., pk-lf-...) in documentation and examples.
  • The .env file is listed in .gitignore and must never be committed.
  • The kubernetes/kubeconfig.yaml file grants cluster-level access and must never be committed.
  • PRs containing secrets or committed .env / kubeconfig files will be immediately closed and the committer will be required to rotate all exposed credentials before resubmission.

Environment variables that contain secrets:

Variable Type
LANGFUSE_PUBLIC_KEY API key
LANGFUSE_SECRET_KEY API key
ANTHROPIC_API_KEY API key
ELASTICSEARCH_PASSWORD Credential
ELASTICSEARCH_API_KEY API key
HF_TOKEN API key

Container Security

  • The container runs as a non-root user (Python 3.11 slim base image default).
  • Using root as the container user is explicitly prohibited (see CONTRIBUTING.md §3).
  • The /workspace directory is deprecated. All application code runs from /app.
  • The .dockerignore ensures that development artifacts (.git, .env, tests/, docs/) are excluded from the production image.

Data Privacy

  • All LLM inference (text generation and embeddings) is performed within the private Devaron Kubernetes cluster on Vultr infrastructure. No user query data is sent to external third-party APIs during normal operation.
  • The exception is the EvaluateRAG endpoint, which sends golden dataset questions and generated answers to the Anthropic API (Claude) for evaluation scoring. No real user queries from production sessions are used in evaluation.
  • Conversation history is stored in-memory only and is never persisted to disk or an external database.

Dependency Security

  • Dependencies are pinned via uv.lock and exported to Docker/requirements.txt.
  • Dependency updates should be reviewed for security advisories before merging.
  • Run pip audit or safety check against Docker/requirements.txt before major releases.
pip install pip-audit
pip-audit -r Docker/requirements.txt

Known Security Limitations

These are acknowledged risks accepted for the current development phase. They must be addressed before any production internet-facing deployment.

ID Limitation Risk Mitigation required
SEC-001 No gRPC TLS Traffic interception Enable TLS with server certificate
SEC-002 No API authentication Unauthorized access Add JWT / mutual TLS authentication
SEC-003 Session IDs are guessable Session hijacking Enforce UUIDs; validate ownership
SEC-004 No rate limiting DoS / cost amplification Add gRPC interceptor rate limiter
SEC-005 In-memory session store Data loss on restart Acceptable for dev; requires Redis for prod
SEC-006 ELASTICSEARCH_USER/PASS optional Unauthenticated ES access Make auth required in prod; fail-fast if absent