This is an internal, air-gapped deployment. All versions in active production use are supported. Reach out to the platform team for your deployment's current version.
Do not open a public GitHub issue for security vulnerabilities.
Report security issues to the security team via your organization's internal secure channel (e.g., security@company.internal or the InfoSec ticketing system). Include:
- Description of the vulnerability
- Affected component (guardrails, auth, translation pipeline, infra, etc.)
- Steps to reproduce or proof-of-concept (sanitized — no real credentials)
- Potential impact assessment
Response SLA:
- Critical (RCE, auth bypass, credential leak): 24 hours acknowledgement, 72 hours patch
- High (guardrail bypass, privilege escalation): 48 hours acknowledgement, 1 week patch
- Medium/Low: Next sprint
| Control | Implementation | Location |
|---|---|---|
| Authentication | RS256 JWT / OIDC | src/core/auth.py |
| Authorization | RBAC role→permission | src/core/auth.py |
| Prompt injection defence | Regex guardrail | src/guardrails/input_guard.py |
| Credential leak prevention | Input + output regex redaction | src/guardrails/ |
| Network isolation | K8s NetworkPolicy (no internet egress) | infra/k8s/network-policy.yaml |
| Audit trail | Append-only JSONL, metadata only | src/core/logging.py |
| LLM determinism | temperature=0 enforced | src/core/llm_client.py |
| Hardened system prompt | Anti-override instructions | src/core/llm_client.py |
| Static code analysis | AST-based SAST pre-LLM | src/tools/python_analyzer.py |
- The LLM system prompt does not guarantee injection-proof behaviour against all novel attack vectors; the input guardrail is the primary defence.
- Translation output is a scaffold requiring human review — it must not be deployed to production without engineer validation.
- The regex-based secret detection may produce false positives on code that resembles credential patterns.