Rockachopa/Timmy-time-dashboard
1
0
Fork 2
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d4e5a5d29342db0bbcdd13cb72dd9908ccc50ca7
Timmy-time-dashboard/docs/SECURITY.md
Alexander Whitestone 39f2eb418a Remove stale references from documentation across 9 files (#139)
2026-03-07 07:28:14 -05:00

49 lines
2.9 KiB
Markdown
Raw Blame History

# Security Policy & Audit Report
This document outlines the security architecture, threat model, and recent audit findings for Timmy Time Mission Control.
## Sovereignty-First Security
Timmy Time is built on the principle of **AI Sovereignty**. Security is not just about preventing unauthorized access, but about ensuring the user maintains full control over their data and AI models.
1. **Local-First Execution:** All primary AI inference (Ollama/AirLLM) runs on localhost. No data is sent to third-party cloud providers unless explicitly configured (e.g., Grok).
2. **Air-Gapped Ready:** The system is designed to run without an internet connection once dependencies and models are cached.
3. **Secret Management:** Secrets are never hard-coded. They are managed via Pydantic-settings from `.env` or environment variables.
## Threat Model
| Threat | Mitigation |
| :--- | :--- |
| **Command Injection** | Use of `asyncio.create_subprocess_exec` with explicit argument lists instead of shell strings where possible. |
| **XSS** | Jinja2 auto-escaping is enabled. Manual `innerHTML` usage in templates is combined with `DOMPurify` and `marked`. |
| **Unauthorized Access** | L402 Lightning-gated API server (`timmy-serve`) provides cryptographic access control. |
| **Malicious Self-Modify** | Self-modification is disabled by default (`SELF_MODIFY_ENABLED=false`). It requires manual approval in the dashboard and runs on isolated git branches. |
## Audit Findings (Feb 2026)
A manual audit of the codebase identified the following security-sensitive areas:
### 1. Self-Modification Loop *(planned, not yet implemented)*
- **Observation:** When implemented, the self-modify loop will use `subprocess.run` for git and test commands.
- **Risk:** Potential for command injection if user-provided instructions are improperly handled.
- **Mitigation:** Input should be restricted to git operations and pytest. Future versions should sandbox these executions.
### 2. Model Registration (`src/dashboard/routes/models.py`)
- **Observation:** Allows registering models from arbitrary local paths.
- **Risk:** Path traversal if an attacker can call this API.
- **Mitigation:** API is intended for local use. In production, ensure this endpoint is firewalled or authenticated.
### 3. XSS in Chat (`src/dashboard/templates/partials/chat_message.html`)
- **Observation:** Uses `innerHTML` for rendering Markdown.
- **Mitigation:** Already uses `DOMPurify.sanitize()` to prevent XSS from LLM-generated content.
## Security Recommendations
1. **Enable L402:** For any deployment exposed to the internet, ensure `timmy-serve` is used with a real Lightning backend.
2. **Audit `self_edit`:** The `SelfEditTool` has significant power. Keep `SELF_MODIFY_ENABLED=false` unless actively developing the agent's self-coding capabilities.
3. **Production Secrets:** Always generate unique `L402_HMAC_SECRET` and `L402_MACAROON_SECRET` for production deployments.
---
*Last Updated: Feb 28, 2026*
Reference in New Issue View Git Blame Copy Permalink