Security
SKIA Forge applies layered controls across every surface — request, governance, and execution
Security Model
Request Validation
All inputs validated against strict request and schema contracts before execution.
Governance Enforcement
Strict, adaptive, and autonomous governance modes control what agents can do.
Safety Gates
High-risk actions pass through safety gates with preview and policy-based blocking.
Execution Previews
Every destructive or irreversible action is previewed before it runs.
Key Security Components
Security analysis — runs scan and save-time checks on code and agent output before persistence.
Governance layer — enforces strict / adaptive / autonomous control based on user-defined policy. All mode transitions are logged.
Route & Action Modules — per-route and per-action safety constraints that cannot be bypassed at the API layer.
Audit Trail — all orchestration runs produce a structured audit trail. Reviewed after major agent operations.
Operational Security Practices
01
Keep secrets out of repositories and logs. Store all secrets using your secrets manager or hosting provider's secrets injection — never in plaintext config files.
02
Validate all external integration responses. Never trust third-party data without schema assertion.
03
Treat policy blocks as first-class security events. Every block is logged, reviewable, and feeds governance tuning.
04
Record and monitor remediation outcomes. Fixes without follow-up validation are not considered complete.
Hardening Checklist
Run lint, typecheck, and tests before every release
Keep all dependencies current — patch within 48 hours of CVE
Validate integration probe endpoints regularly
Review audit trails after major orchestration runs
Rotate JWT_SECRET and API keys on a scheduled cadence
Never commit secrets — use environment variable injection