Skip to content
Stavily Docs

Agent Security

Stavily agents are designed with a strong focus on security and isolation to protect customer infrastructure and data. The core principles guiding agent security include least privilege, tenant isolation, sandboxed execution, and secure communication.

Security Principles

Section titled “Security Principles”

Least Privilege

Agents run with minimal necessary permissions, reducing attack surface and potential damage from compromise.

Tenant Isolation

Strict separation of data and execution environments for different tenants prevents cross-tenant attacks.

Sandboxed Execution

All plugin code runs within isolated environments to prevent unauthorized access or malicious activity.

Secure Communication

All agent-orchestrator communication is encrypted and authenticated using industry-standard protocols.

Agent-Specific Security Measures

Section titled “Agent-Specific Security Measures”

Action Agent Security

Section titled “Action Agent Security”

Action Agents implement comprehensive security controls:

  • Non-root Execution: Runs as a non-privileged user in all deployment models
  • Token Authentication: Uses installation_token for API authentication
  • Tenant Scoping: Enforces strict team isolation and instruction scoping
  • Sandboxed Plugins: All plugin code executes in isolated environments
  • API Restrictions: No access to Private API endpoints

Sensor Agent Security

Section titled “Sensor Agent Security”

Sensor Agents follow similar security patterns with additional monitoring-focused controls:

  • Non-root Execution: Runs as a non-privileged user in all deployment models
  • mTLS Authentication: Uses mutual TLS for all API communication
  • Event Scoping: Enforces strict tenant ID scoping in all outbound events
  • Sandboxed Plugins: Any plugin code executes in isolated environments

Authentication & Authorization

Section titled “Authentication & Authorization”

The Stavily platform employs a multi-modal authentication strategy, with agents specifically utilizing mTLS for primary authentication.

Authentication Methods

Section titled “Authentication Methods”

Mutual Transport Layer Security ensures both agent and orchestrator verify each other’s identity using client certificates.

authentication_methods:
  agents:
    primary: "mTLS with client certificates"
    secondary: "Basic auth for initial registration"
    certificate_rotation: "Automatic 90-day rotation"
  • Bidirectional Verification: Both parties validate certificates
  • Strong Authentication: Certificate-based identity verification
  • Automatic Rotation: 90-day certificate lifecycle management

API Security Configuration

Section titled “API Security Configuration”

The orchestrator’s API security configuration includes specific settings for agent authentication:

security:
  agent_auth:
    require_tls: true
    validate_hostname: true
    max_failed_attempts: 5
  • require_tls: All agent communication must use TLS
  • validate_hostname: Certificate hostname verification
  • max_failed_attempts: Brute-force protection

Plugin Security (Sandbox Configuration)

Section titled “Plugin Security (Sandbox Configuration)”

All plugins executed by agents operate within secure sandbox environments to mitigate risks associated with untrusted code execution.

Sandbox Limits

Section titled “Sandbox Limits”
sandbox:
  memory_limit: 256MB
  cpu_limit: 0.5
  network_access: restricted
  filesystem_access:
    - /tmp
    - /var/log/stavily
  allowed_syscalls:
    - read
    - write
    - open
    - close
    - stat
  blocked_syscalls:
    - exec
    - fork
    - socket
    - bind

Security Controls

Section titled “Security Controls”
  • Resource Limits: Memory and CPU usage strictly controlled to prevent exhaustion attacks
  • Network Access: Restricted based on plugin requirements and security policies
  • Filesystem Access: Only explicitly allowed directories accessible
  • System Call Filtering: Whitelist approach prevents dangerous operations

Data Protection for Agent Communication

Section titled “Data Protection for Agent Communication”

Encryption in Transit

Section titled “Encryption in Transit”

Agent communication with the orchestrator is secured using robust encryption protocols:

encryption_in_transit:
  agent_communication:
    protocol: "mTLS with client certificates"
    validation: "Certificate pinning and validation"
    fallback: "No fallback to unencrypted communication"
  • mTLS with Client Certificates: Mutual authentication and encryption
  • Certificate Pinning: Validates orchestrator certificates against known good values
  • No Unencrypted Fallback: Secure channels required or communication fails

Data Protection Principles

Section titled “Data Protection Principles”
  • End-to-End Encryption: All data encrypted from agent to orchestrator
  • Perfect Forward Secrecy: Session keys not compromised if long-term keys are
  • Certificate Validation: Full certificate chain validation
  • Secure Key Exchange: Ephemeral key exchange for each session

Infrastructure Security Integration

Section titled “Infrastructure Security Integration”

Multi-Layer Security Model

Section titled “Multi-Layer Security Model”

Agents integrate with Stavily’s comprehensive security architecture:

graph TB
    subgraph "Layer 1: Network Security"
        FW[Firewall & WAF]
        VPN[VPN Access]
        NP[Network Policies]
    end

    subgraph "Layer 2: Infrastructure Security"
        K8S[Kubernetes Security]
        HSM[Hardware Security Modules]
        SCAN[Container Scanning]
    end

    subgraph "Layer 3: Application Security"
        AUTH[Authentication]
        AUTHZ[Authorization]
        VALID[Input Validation]
    end

    subgraph "Layer 4: Data Security"
        REST[Encryption at Rest]
        TRANSIT[Encryption in Transit]
        KEY[Key Management]
    end

    FW --> K8S
    K8S --> AUTH
    AUTH --> REST

Container Security

Section titled “Container Security”

When deployed as containers, agents benefit from additional security layers:

  • Image Scanning: Automated vulnerability scanning during build
  • Signature Verification: Cryptographic image signing and verification
  • Runtime Security: Container runtime protection and monitoring
  • Supply Chain Security: Secure base images and dependency management

Security Monitoring & Threat Detection

Section titled “Security Monitoring & Threat Detection”

Agent Security Events

Section titled “Agent Security Events”

Agents generate security-relevant events for monitoring:

  • Authentication Events: Login attempts, certificate validations
  • Plugin Events: Sandbox violations, resource limit exceedances
  • Communication Events: TLS handshake failures, certificate issues
  • Integrity Events: File integrity violations, configuration tampering

Threat Detection Rules

Section titled “Threat Detection Rules”
detection_rules:
  authentication_anomalies:
    - "Multiple failed authentication attempts"
    - "Certificate validation failures"
    - "Unusual connection patterns"


  sandbox_violations:
    - "Resource limit exceedances"
    - "Blocked system call attempts"
    - "Unauthorized filesystem access"


  communication_anomalies:
    - "TLS handshake failures"
    - "Certificate expiry warnings"
    - "Connection timeout patterns"

Compliance & Audit

Section titled “Compliance & Audit”

GDPR Compliance

Section titled “GDPR Compliance”

Agent security measures support GDPR compliance:

  • Data Minimization: Only operational data collected
  • Purpose Limitation: Data used solely for service operation
  • Storage Limitation: Automatic data retention policies
  • Security Measures: Comprehensive protection controls

Audit Trail

Section titled “Audit Trail”

All agent security events are logged and auditable:

{
  "timestamp": "2025-01-15T10:30:00Z",
  "level": "WARN",
  "component": "action-agent",
  "agent_id": "action-001",
  "event": "certificate_expiring",
  "details": {
    "days_remaining": 7,
    "certificate_id": "cert-123"
  }
}

Security Operations

Section titled “Security Operations”

Certificate Management

Section titled “Certificate Management”

Automated certificate lifecycle management:

  • Issuance: Automatic certificate generation during agent registration
  • Rotation: 90-day automatic rotation with overlap periods
  • Revocation: Immediate revocation on compromise detection
  • Distribution: Secure certificate delivery to agents

Incident Response

Section titled “Incident Response”

Agent-specific incident response procedures:

  1. Detection: Security monitoring alerts on anomalous behavior
  2. Isolation: Immediate agent quarantine and communication blocking
  3. Investigation: Forensic analysis of agent logs and communications
  4. Remediation: Certificate revocation, agent reconfiguration, or replacement
  5. Recovery: Gradual reintroduction with enhanced monitoring
  6. Lessons Learned: Security control updates and process improvements