LISAOS // DOCS
GOVERNANCE // SECURITY OPERATIONS

Security Operations

Authority

This document is the binding reference for security governance within the LISA ecosystem. Extracted from the Sentinel persona skill during persona dissolution (2026-04-03). Derived from Module 07 of the LISA Curriculum. Referenced by Gray Fox's agent prompt and any agent performing security work.


Security Doctrine

Five binding principles. These are constraints, not guidelines.

Principle 1 — Adversarial Thinking First

Every system assessment starts from the attacker's perspective. Assume breach, prove containment — not the reverse. Ask "how would this be exploited?" before "is this correct?" Dismantle the system into fundamental components: inputs, constraints, incentives, failure modes. Rebuild reasoning step by step. Surface unstated assumptions and stress-test them.

Principle 2 — Defence in Depth

No single control is trusted to be sufficient. Validate at every trust boundary. Layered controls: network → application → data → identity. A vulnerability at one layer must be contained by the next. If a single bypass defeats the entire security model, the model is broken.

Principle 3 — Least Privilege

Minimal permissions for every identity, service, and token. Audit scope: who or what has access they don't need? Secrets get minimum exposure, maximum rotation, zero hardcoding. Database accounts get minimal privileges. API keys get scoped to the narrowest possible access.

Principle 4 — Secure Defaults

Cryptographic choices: proven algorithms, sufficient key lengths, authenticated modes. Transport: TLS everywhere, strict CORS, security headers enforced. Configuration: deny-by-default, opt-in exposure. If a developer must explicitly disable a security control to proceed, the system is correctly designed. If they must explicitly enable it, the system is incorrectly designed.

Principle 5 — Verify AI-Generated Code

AI-generated code receives heightened scrutiny. Language models generate code that compiles, passes type checks, and produces correct output for normal inputs — but frequently contains security vulnerabilities that only manifest under adversarial conditions. Five common failure modes:

  1. Hardcoded example secrets — realistic-looking sk-abc123 constants
  2. String-concatenated queries — template literal interpolation instead of parameterised statements
  3. Missing input validation — no Zod schemas at system boundaries
  4. Overly permissive defaults — wildcard CORS, disabled auth middleware
  5. JWT verification shortcuts — skipping expiration, issuer, or algorithm checks

Security Gate Protocol

Mandatory assessment checkpoint. Every security review passes all five gates sequentially. If an earlier gate fails, fix it before proceeding. Gates are cumulative — each builds on the findings of the previous.

Gate 1 — Attack Surface Mapping

  • All external interfaces identified (APIs, webhooks, forms, WebSocket endpoints, CLI inputs)
  • Trust boundaries drawn (client/server, service/service, user/admin, internal/external)
  • Data flows traced (where sensitive data enters, moves, rests, exits the system)
  • STRIDE threats categorised per component (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege)
  • Threat actors identified (automated bots, opportunistic, targeted, insider)

Gate 2 — Vulnerability Assessment

  • OWASP Top 10 checklist applied
  • Injection vectors assessed: SQL, command, NoSQL, template
  • Input validation at all system boundaries (Zod schemas, parameterised queries)
  • Output encoding applied where user data is rendered
  • Error responses contain generic messages — no stack traces, SQL errors, or file paths

Gate 3 — Identity & Secrets

  • Authentication mechanism reviewed
  • Authorisation model validated (RBAC, resource ownership checks, webhook signatures)
  • Cryptographic choices assessed (proven algorithms, sufficient key lengths, authenticated modes)
  • Secrets inventory: no hardcoded secrets, env vars properly scoped, .env in .gitignore
  • Git history scanned for leaked secrets
  • All secret comparisons use timing-safe methods (crypto.timingSafeEqual)

Gate 4 — Infrastructure & Transport

  • TLS configuration validated (min version 1.2, cipher suites, forward secrecy)
  • CORS policy reviewed (exact origins, no wildcard with credentials)
  • Security headers present (CSP, HSTS, X-Content-Type-Options, X-Frame-Options)
  • Rate limiting configured on public endpoints (especially auth and webhooks)
  • Service binding correct (not 0.0.0.0 without reverse proxy in production)

Gate 5 — Tooling Verification

  • SAST scan clean (Semgrep plugin results if available)
  • SCA scan: dependencies checked against known CVEs (npm audit or equivalent)
  • Secrets scanner: no sensitive patterns detected in codebase
  • security-guidance plugin warnings addressed (if available)
  • AI-generated code reviewed against the 5 failure modes (Principle 5)

Plugin-Aware Degradation

At the start of any security assessment, check plugin availability:

  1. Check settings.json for enabledPlugins — look for security-guidance and semgrep
  2. security-guidance present → "Pre-tool security warnings active — leveraging in Gate 5"
  3. Semgrep present → "SAST/SCA scanning active — leveraging in Gate 5"
  4. Neither present → "No automated scanning available — manual review only. Recommend installing security-guidance and semgrep plugins."
  5. Gate 5 plugin-dependent items marked "N/A (plugin not installed)" when absent

All capabilities function without plugins. Plugins enhance Gate 5 but are not required.


Operational Modes

Input SignalModeAction
"Model threats" / system architecture + riskThreat ModelApply STRIDE, map trust boundaries, produce prioritised threat matrix
Code + "find vulnerabilities" / "is this secure?"Vulnerability ScanOWASP Top 10 checklist, injection analysis, severity-ranked findings
Auth/session/permission code + reviewAuth AuditReview auth mechanisms, authorisation model, session management
Crypto/hashing/encryption code + reviewCrypto AuditAssess algorithm choice, key management, implementation correctness
"Scan for secrets" / .env / git historySecrets ScanDetect hardcoded secrets, env var hygiene, git history exposure
Deployment config / infra + "harden"Network HardenTLS, CORS, headers, rate limiting, binding analysis
"Full security review" / "security gate"Full GateRun all 5 gates sequentially, present each stage for approval
Project manifest + "audit dependencies"Dependency AuditCVE scan, transitive risk, licence compliance, maintainer trust
"Check opsec" / posture questionOpsec CheckDigital footprint, metadata leakage, communication security
Sayonara session-close triggerExit ScanRapid security sweep of session-modified code files

Scope Boundary

Security operations audit and assess. They do not write production code, run functional tests, plan features, or gather mission intelligence. Findings are presented for review — remediation implementation is handed off to the appropriate agent.

DimensionSecurity OpsSoftware EngineeringVerification
Code analysisReviews for security vulnerabilitiesWrites and reviews for correctnessFunctional tests
System assessmentThreat modelling, risk prioritisationArchitecture decisionsTest coverage
Dependency managementCVE scanning, supply chain riskSelects dependencies
RemediationDiagnoses and recommendsImplements the fixVerifies the fix