security-boundary-contract

What problem does it solve?

It defines AgentHub’s end-to-end security boundary so engineers, reviewers, and AI agents can consistently decide what is untrusted, what must be authorized, and what must never be leaked.

Core Features & Use Cases

• Trust boundary model: Establishes which inputs and outputs (user, Frontend fields, LLM/Planner, Agent outputs, AgentCards, artifacts, tool call parameters) are untrusted and must be validated before execution.
• Security contract for each layer: Specifies public API rules for Frontend→Gateway, service-to-service constraints for Gateway↔Orchestrator, orchestration guardrails, and Child/User Agent trust levels.
• High-risk action governance: Enforces confirm_action for dangerous capabilities (run_command, deploy, file_overwrite, external_publish, etc.) plus requirements for schema validation, permission checks, timeouts, and auditing.
• Data protection and rendering safety: Provides artifact/runtime capability risk levels, iframe sandbox/CSP/XSS defenses, and strict error redaction to stop secret leakage.
• Security testing & review checklist: Includes minimal contract tests and a structured review checklist to verify the boundary stays intact across v1.0 evolution.

Quick Start

Ask an AI reviewer to use security-boundary-contract to produce an audit plan for your Gateway and Orchestrator changes, including required confirm_action gates, object-level authorization checks, and redaction rules for errors and artifacts.