Security Operations
This document is the binding reference for security governance within the LISA ecosystem. Extracted from the Sentinel persona skill during persona dissolution (2026-04-03). Derived from Module 07 of the LISA Curriculum. Referenced by Gray Fox's agent prompt and any agent performing security work.
Security Doctrine
Five binding principles. These are constraints, not guidelines.
Principle 1 — Adversarial Thinking First
Every system assessment starts from the attacker's perspective. Assume breach, prove containment — not the reverse. Ask "how would this be exploited?" before "is this correct?" Dismantle the system into fundamental components: inputs, constraints, incentives, failure modes. Rebuild reasoning step by step. Surface unstated assumptions and stress-test them.
Principle 2 — Defence in Depth
No single control is trusted to be sufficient. Validate at every trust boundary. Layered controls: network → application → data → identity. A vulnerability at one layer must be contained by the next. If a single bypass defeats the entire security model, the model is broken.
Principle 3 — Least Privilege
Minimal permissions for every identity, service, and token. Audit scope: who or what has access they don't need? Secrets get minimum exposure, maximum rotation, zero hardcoding. Database accounts get minimal privileges. API keys get scoped to the narrowest possible access.
Principle 4 — Secure Defaults
Cryptographic choices: proven algorithms, sufficient key lengths, authenticated modes. Transport: TLS everywhere, strict CORS, security headers enforced. Configuration: deny-by-default, opt-in exposure. If a developer must explicitly disable a security control to proceed, the system is correctly designed. If they must explicitly enable it, the system is incorrectly designed.
Principle 5 — Verify AI-Generated Code
AI-generated code receives heightened scrutiny. Language models generate code that compiles, passes type checks, and produces correct output for normal inputs — but frequently contains security vulnerabilities that only manifest under adversarial conditions. Five common failure modes:
- Hardcoded example secrets — realistic-looking
sk-abc123constants - String-concatenated queries — template literal interpolation instead of parameterised statements
- Missing input validation — no Zod schemas at system boundaries
- Overly permissive defaults — wildcard CORS, disabled auth middleware
- JWT verification shortcuts — skipping expiration, issuer, or algorithm checks
Security Gate Protocol
Mandatory assessment checkpoint. Every security review passes all five gates sequentially. If an earlier gate fails, fix it before proceeding. Gates are cumulative — each builds on the findings of the previous.
Gate 1 — Attack Surface Mapping
- All external interfaces identified (APIs, webhooks, forms, WebSocket endpoints, CLI inputs)
- Trust boundaries drawn (client/server, service/service, user/admin, internal/external)
- Data flows traced (where sensitive data enters, moves, rests, exits the system)
- STRIDE threats categorised per component (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege)
- Threat actors identified (automated bots, opportunistic, targeted, insider)
Gate 2 — Vulnerability Assessment
- OWASP Top 10 checklist applied
- Injection vectors assessed: SQL, command, NoSQL, template
- Input validation at all system boundaries (Zod schemas, parameterised queries)
- Output encoding applied where user data is rendered
- Error responses contain generic messages — no stack traces, SQL errors, or file paths
Gate 3 — Identity & Secrets
- Authentication mechanism reviewed
- Authorisation model validated (RBAC, resource ownership checks, webhook signatures)
- Cryptographic choices assessed (proven algorithms, sufficient key lengths, authenticated modes)
- Secrets inventory: no hardcoded secrets, env vars properly scoped,
.envin.gitignore - Git history scanned for leaked secrets
- All secret comparisons use timing-safe methods (
crypto.timingSafeEqual)
Gate 4 — Infrastructure & Transport
- TLS configuration validated (min version 1.2, cipher suites, forward secrecy)
- CORS policy reviewed (exact origins, no wildcard with credentials)
- Security headers present (CSP, HSTS, X-Content-Type-Options, X-Frame-Options)
- Rate limiting configured on public endpoints (especially auth and webhooks)
- Service binding correct (not
0.0.0.0without reverse proxy in production)
Gate 5 — Tooling Verification
- SAST scan clean (Semgrep plugin results if available)
- SCA scan: dependencies checked against known CVEs (
npm auditor equivalent) - Secrets scanner: no sensitive patterns detected in codebase
- security-guidance plugin warnings addressed (if available)
- AI-generated code reviewed against the 5 failure modes (Principle 5)
Plugin-Aware Degradation
At the start of any security assessment, check plugin availability:
- Check
settings.jsonforenabledPlugins— look forsecurity-guidanceandsemgrep - security-guidance present → "Pre-tool security warnings active — leveraging in Gate 5"
- Semgrep present → "SAST/SCA scanning active — leveraging in Gate 5"
- Neither present → "No automated scanning available — manual review only. Recommend installing security-guidance and semgrep plugins."
- Gate 5 plugin-dependent items marked "N/A (plugin not installed)" when absent
All capabilities function without plugins. Plugins enhance Gate 5 but are not required.
Operational Modes
| Input Signal | Mode | Action |
|---|---|---|
| "Model threats" / system architecture + risk | Threat Model | Apply STRIDE, map trust boundaries, produce prioritised threat matrix |
| Code + "find vulnerabilities" / "is this secure?" | Vulnerability Scan | OWASP Top 10 checklist, injection analysis, severity-ranked findings |
| Auth/session/permission code + review | Auth Audit | Review auth mechanisms, authorisation model, session management |
| Crypto/hashing/encryption code + review | Crypto Audit | Assess algorithm choice, key management, implementation correctness |
| "Scan for secrets" / .env / git history | Secrets Scan | Detect hardcoded secrets, env var hygiene, git history exposure |
| Deployment config / infra + "harden" | Network Harden | TLS, CORS, headers, rate limiting, binding analysis |
| "Full security review" / "security gate" | Full Gate | Run all 5 gates sequentially, present each stage for approval |
| Project manifest + "audit dependencies" | Dependency Audit | CVE scan, transitive risk, licence compliance, maintainer trust |
| "Check opsec" / posture question | Opsec Check | Digital footprint, metadata leakage, communication security |
| Sayonara session-close trigger | Exit Scan | Rapid security sweep of session-modified code files |
Scope Boundary
Security operations audit and assess. They do not write production code, run functional tests, plan features, or gather mission intelligence. Findings are presented for review — remediation implementation is handed off to the appropriate agent.
| Dimension | Security Ops | Software Engineering | Verification |
|---|---|---|---|
| Code analysis | Reviews for security vulnerabilities | Writes and reviews for correctness | Functional tests |
| System assessment | Threat modelling, risk prioritisation | Architecture decisions | Test coverage |
| Dependency management | CVE scanning, supply chain risk | Selects dependencies | — |
| Remediation | Diagnoses and recommends | Implements the fix | Verifies the fix |