docs: add initial threat model#2192
Draft
EItanya wants to merge 3 commits into
Draft
Conversation
Add a first-pass THREAT_MODEL.md aimed at maintainers triaging inbound security reports. It establishes the Kubernetes namespace as kagent's core trust boundary, enumerates in-scope vs. out-of-scope actors and trust boundaries, documents the intended insecure-by-default posture, and provides a triage rubric with worked examples for deciding whether a report rises to the level of a real threat. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
Author
|
@dimetron mentioned:
|
Cover the skills subsystem (git/OCI fetch via the argv-based skills-init init container, same-namespace credentials) and both sandbox mechanisms (the spec.sandbox default-deny egress allowlist, and SandboxAgent on the external Agent Substrate). Add a §2.1/§2.2 framing, trust boundaries TB-10..TB-12, insecure-default entries, and deprioritized cases, keeping in-namespace skill/sandbox use classified as Deployment-equivalent. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a first-pass
THREAT_MODEL.mdat the repo root, aimed at maintainers triaging inbound security reports. Its primary purpose is to make in-scope vs. out-of-scope decisions fast, consistent, and defensible — so genuine privilege-boundary violations get fixed quickly and reports that merely restate a documented, intended default can be closed with a clear, reusable rationale.What's in this draft
go/adk+ Pythonkagent-adk), PostgreSQL-only storage, all-ClusterIP defaults.Agentis a workload-creating resource equivalent to aDeployment.unsecureauth,NoopAuthorizer, cluster-wide RBAC, no NetworkPolicy, bundled DB,kagent-tools).kagent-toolsRCE;skills-initinjection) showing why neither rises to a CVE.Scope decisions baked in
Agentcreator = not a threat (equivalent toDeploymentsemantics).risk_accepted/ roadmap [FEATURE] Support for OAuth2/OpenID Connect Integration (Azure Entra ID, Keycloak, etc.) in Webchat #476.Status
Draft — §8 (in-scope threats) and §9 (mitigations) are stubbed and will be expanded in follow-ups. Feedback on the framing and triage rubric is especially welcome.