-
Notifications
You must be signed in to change notification settings - Fork 4
Security Model
Alessio Rocchi edited this page Jan 27, 2026
·
1 revision
Security practices, threat model, and controls.
- API Keys (Critical)
- Memory Content (High)
- Configuration (Medium)
- Embeddings (Medium)
- Task Data (Medium)
- Malicious Plugins
- Prompt Injection
- Local Attacker
- Network Attacker
- Environment variable interpolation
- Never commit to version control
- Rotate keys periodically
- Use scoped keys
- Embedded SQLite (no network)
- Parameterized queries
- File permissions (chmod 600)
- Manual installation required
- Code review recommended
- No sandboxing (trust required)
- Plugin validation on load
- stdio transport (no network)
- Input validation (Zod schemas)
- Process-level isolation
# Secure config file
chmod 600 aistack.config.json
# Secure database
chmod 600 ./data/aistack.db
# Use environment variables
export ANTHROPIC_API_KEY="sk-..."Related:
Getting Started
Core Concepts
Agent Guides
- Overview
- Coder
- Researcher
- Tester
- Reviewer
- Adversarial
- Architect
- Coordinator
- Analyst
- DevOps
- Documentation
- Security Auditor
MCP Tools
- Overview
- Agent Tools
- Memory Tools
- Task Tools
- Session Tools
- System Tools
- GitHub Tools
- Review Loop Tools
- Identity Tools
Recipes
- Index
- Code Review
- Doc Sync
- Multi-Agent
- Adversarial Testing
- Full-Stack Feature
- Memory Patterns
- GitHub Integration
Advanced
- Plugin Development
- Custom Agent Types
- Workflow Engine
- Vector Search Setup
- Web Dashboard
- Programmatic API
- Resource Monitoring
Reference