Version: 0.1.0 · Project: AgentFlow MLflow Dashboard
This is an internal demo project. Report security issues to the repository maintainer through your organization's standard channel. Do not open public issues with exploit details or live credentials.
| In scope | Out of scope (v1) |
|---|---|
| Chat API input validation, CORS, rate limiting | User authentication (planned v2) |
| Secret handling in repo, bundles, and logs | Penetration testing of production infra without authorization |
| LiteLLM proxy boundary (no provider keys in Node/frontend) | Upstream Ollama/OpenAI provider security |
| MLflow artifact redaction | Managed cloud MLflow tenancy |
Full policy lives in:
.cursor/AGENTS.md— harness, MITRE ATLAS, secrets, logging.cursor/constitution.md— stack Always Do / Never Dodocs/governance.md— enforcement layers and verification commandsmitre-atlas-composer-guard.mdc— Cursor Composer zero-trust rule
- Never commit
.env,.env.local, or production credentials. - Use committed templates only:
.env.example,backend/.env.example,frontend/.env.example, and*.production.example. - Generate local dev secrets:
scripts/generate-local-secrets.ps1 - Scan frontend bundles:
scripts/verify-no-secrets.ps1(afternpm run buildinfrontend/)
Per AGENTS.md MITRE policy, production infrastructure changes (managed Postgres, MLflow, LiteLLM URLs, DNS, TLS) require explicit human authorization before apply. See docs/deployment.md.