Currently, only the latest version of Aequor is receiving security updates.
| Version | Supported | Security Updates |
|---|---|---|
| Latest (demo branch) | ✅ Yes | ✅ Yes |
| < 1.0.0 | ❌ No | ❌ No |
Security Update Policy:
- Security updates are released for the latest version only
- When a security vulnerability is fixed, a new patch version is released immediately
- Users are strongly encouraged to keep their installations up-to-date
- Critical security vulnerabilities will trigger a security advisory within 24 hours
Private Disclosure Process:
We require responsible disclosure of security vulnerabilities. Please do NOT create public GitHub issues for security problems.
Reporting Methods:
-
Email (Preferred): Send an email to security@superinstance.dev
- Use PGP key fingerprint:
SHA256:Rj4d...(available on request) - Include
[SECURITY]in the subject line
- Use PGP key fingerprint:
-
GitHub Private Vulnerability Reporting:
- Use GitHub's Private Vulnerability Reporting feature
- This provides a secure, private channel for disclosure
Please provide as much of the following information as possible:
- Description: A clear description of the vulnerability
- Impact: The potential impact of the vulnerability (confidentiality, integrity, availability)
- Steps to Reproduce: Detailed steps to reproduce the issue, including:
- Configuration details
- Input data that triggers the vulnerability
- Expected vs. actual behavior
- Proof of Concept: Code snippets or test cases demonstrating the vulnerability
- Affected Versions: Which versions you believe are affected
- Suggested Fix (Optional): Any suggested mitigation or fix
We commit to the following Service Level Agreement for security reports:
| Response Type | Timeline |
|---|---|
| Initial Response | Within 48 hours (acknowledgment) |
| Triage | Within 7 days (severity assessment) |
| Resolution | Within 30 days (patch release for critical/high) |
| Disclosure | Coordinated disclosure after fix is available |
Severity Definitions:
- Critical: Remote code execution, full data exposure, total system compromise
- High: Privilege escalation, significant data leak, denial of service
- Medium: Limited data exposure, minor privilege escalation
- Low: Information disclosure, minor security inconvenience
- Confirmation: We'll acknowledge receipt within 48 hours
- Validation: We'll validate and triage the vulnerability within 7 days
- Fix Development: We'll develop a fix according to severity SLA
- Coordinated Release: We'll coordinate public disclosure with you
- Credit: We'll credit you in the security advisory (with your permission)
✅ DO:
- Store API keys in environment variables or secure vaults (e.g., HashiCorp Vault, AWS Secrets Manager)
- Rotate API keys regularly (at least every 90 days)
- Use separate API keys for development, staging, and production
- Monitor API key usage for anomalies
- Restrict API key permissions to minimum necessary scope
❌ DON'T:
- Commit API keys to version control
- Share API keys in plain text communication channels
- Use the same API key across multiple environments
- Log API keys in application logs
# Example: Secure environment variable configuration
export OPENAI_API_KEY="sk-..." # Never commit this
export ANTHROPIC_API_KEY="sk-ant-..."
export COHERE_API_KEY="..."
# Use a .env file with .gitignore
echo ".env" >> .gitignore
echo "node_modules/" >> .gitignore- Enable TLS/SSL: Always use HTTPS for API endpoints
- Firewall Configuration: Restrict access to SuperInstance ports (default: 3000)
- VPN Access: Require VPN for administrative access in production
- Network Segmentation: Separate SuperInstance from public-facing networks
// Example: TLS configuration
const server = https.createServer({
cert: fs.readFileSync('/path/to/cert.pem'),
key: fs.readFileSync('/path/to/key.pem')
}, app);- Strong Passwords: Use strong passwords for administrative interfaces
- Multi-Factor Authentication (MFA): Enable MFA where available
- Role-Based Access Control (RBAC): Implement least-privilege access
- Session Management: Use secure, httpOnly cookies with SameSite=strict
Enable comprehensive audit logging for security monitoring:
// Example: Audit logging configuration
const auditConfig = {
enabled: true,
events: [
'authentication',
'authorization',
'data_access',
'configuration_change',
'model_selection',
'cache_hit',
'cache_miss'
],
logLevel: 'info',
retention: '90d'
};Log Monitoring:
- Centralize logs using SIEM tools (e.g., Elasticsearch, Splunk)
- Set up alerts for suspicious activities
- Regularly review audit logs for security incidents
- Maintain immutable logs for forensic analysis
Docker Security:
# Use minimal base image
FROM node:20-alpine
# Run as non-root user
RUN addgroup -g 1001 -S nodejs && \
adduser -S nextjs -u 1001
USER nextjs
# Read-only root filesystem
READONLY_ROOT_FILESYSTEM=true
# Drop all capabilities except...
CAP_DROP=ALL
CAP_ADD=NET_BIND_SERVICEKubernetes Security:
# Security context for pods
securityContext:
runAsNonRoot: true
runAsUser: 1001
fsGroup: 1001
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALLAequor is designed with privacy as a first-class concern. Here's how we protect your data:
What it is: Mathematical guarantee that individual records cannot be distinguished from aggregated data.
Implementation:
// Intent encoding with ε-DP
const epsilon = 0.1; // Privacy budget (lower = more private)
const intentVector = await intentEncoder.encode(query, {
differentialPrivacy: {
enabled: true,
epsilon: epsilon,
delta: 1e-5
}
});Guarantee:
- No individual query can be reverse-engineered from the intent vector
- Statistical utility is preserved for routing decisions
- Formal privacy guarantee: ε-differential privacy with ε ≤ 1.0
What it is: Queries are transformed into 768-dimensional vectors before transmission to cloud models.
Benefits:
- Semantic meaning preserved for routing
- Sensitive information obfuscated
- Reduced attack surface for adversarial extraction
Example:
Original Query: "My credit card number is 4532-1234-5678-9010, is it safe?"
Intent Vector: [0.23, -0.15, 0.67, ..., 0.45] // 768 floats
↓ No PII, only semantic intent
What it is: Functional privacy that redacts sensitive data locally, sends structural queries to cloud, and re-hydrates responses.
Workflow:
// 1. Redact locally
const redacted = await redactionProtocol.redact(query);
// Original: "My email is john@example.com"
// Redacted: "My email is <EMAIL:hash=abc123>"
// 2. Send structural query to cloud
const response = await cloudModel.query(redacted.query);
// 3. Re-hydrate response
const final = await redactionProtocol.rehydrate(response, redacted.metadata);Guarantee:
- PII never leaves your infrastructure
- Cloud models see only structural representations
- Response quality maintained through intelligent re-hydratation
Architecture:
┌─────────────────────────────────────────────────────────────┐
│ Your Infrastructure │
│ ┌──────────────────────────────────────────────────────┐ │
│ │ Local Processing (80% of queries) │ │
│ │ - ContextPlane: Semantic search in local vectors │ │
│ │ - IntentionPlane: Local inference when possible │ │
│ │ - SemanticCache: High hit-rate caching │ │
│ └──────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ (Only when necessary) │
│ ┌──────────────────────────────────────────────────────┐ │
│ │ Privacy Layer (Before Cloud) │ │
│ │ - IntentEncoder: ε-DP vectors │ │
│ │ - RedactionProtocol: PII removal │ │
│ │ - PrivacyClassifier: Sensitivity detection │ │
│ └──────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ Cloud Models (Ollama/OpenAI/etc) │
└─────────────────────────────────────────────────────────────┘
Guarantee:
- 80%+ of queries processed locally
- Cloud queries only for complex/rare cases
- Full telemetry on what data goes where
Risk: When Aequor routes queries to cloud models (OpenAI, Anthropic, Cohere), those providers receive:
- Potentially sensitive queries (if privacy layer disabled)
- Metadata about query patterns
- API authentication tokens
Mitigation:
- ✅ Enable privacy layer by default (
privacy.enabled: true) - ✅ Use intent encoding for cloud queries
- ✅ Monitor cloud provider compliance certifications (SOC2, ISO27001)
- ✅ Implement data loss prevention (DLP) for sensitive keywords
- ✅ Use separate API keys per environment
Configuration:
// Enable privacy layer
const config = {
privacy: {
enabled: true,
intentEncoding: {
enabled: true,
epsilon: 0.1
},
redaction: {
enabled: true,
patterns: ['EMAIL', 'CREDIT_CARD', 'SSN', 'API_KEY']
}
}
};Risk: Adversarial inputs could pollute the semantic cache with malicious results.
Mitigation:
- ✅ Cache key integrity checks (hash-based validation)
- ✅ TTL-based expiration (default: 24 hours)
- ✅ Cache entry validation before serving
- ✅ Rate limiting on cache writes
- ✅ Separate cache namespaces per tenant
Configuration:
const cacheConfig = {
semanticCache: {
enabled: true,
ttl: 86400, // 24 hours
maxSize: 10000,
validateBeforeServe: true,
namespacePerTenant: true
}
};Risk: In multi-tenant deployments, data leakage between tenants.
Mitigation:
- ✅ Separate vector databases per tenant (or namespace isolation)
- ✅ Tenant-scoped cache keys
- ✅ Separate API keys per tenant
- ✅ Network-level isolation (VPC segmentation)
- ✅ Audit logging with tenant attribution
Configuration:
const multiTenantConfig = {
isolation: {
level: 'strict', // 'strict' | 'shared'
vectorDatabase: {
mode: 'namespace', // 'namespace' | 'separate'
prefix: 'tenant_'
},
cache: {
namespacePerTenant: true
}
}
};Risk: Malicious dependencies could compromise the application.
Mitigation:
- ✅ Automated dependency scanning (Dependabot, Snyk)
- ✅ Lockfile integrity checks (npm ci)
- ✅ Minimal dependency footprint
- ✅ Regular security audits
- ✅ SBOM (Software Bill of Materials) generation
Current Dependencies (Major):
- TypeScript compiler
- Vitest (testing)
- Zod (validation)
- OpenAI SDK
- Ollama SDK
Automated Security Scanning:
- Dependabot: Automated security alerts and PRs for vulnerable dependencies
- npm audit: Runs on every CI/CD pipeline
- Snyk: Integrated for continuous vulnerability monitoring
# Manual security audit
npm audit
npm audit fix
# Generate lockfile
npm shrinkwrapDependency Policy:
- All dependencies must pass security audit before merge
- Critical vulnerabilities must be patched within 7 days
- Non-essential dependencies are prohibited
- Development dependencies are excluded from production builds
SBOM Generation:
# Generate Software Bill of Materials
npm sbom
# Verify package integrity
npm ci --prefer-offline --no-auditProvenance:
- npm packages are signed with provenance attestations
- Build artifacts are reproducible
- Git commits are signed (GPG)
Internal Testing:
- Automated security scans on every commit
- Manual penetration testing before major releases
- Ad-hoc testing by security team
External Testing:
- Annual third-party penetration test (planned for v1.0)
- Bug bounty program (planned for post-v1.0)
Security Review Checklist:
- Input validation and sanitization
- Output encoding and escaping
- Authentication and authorization
- Sensitive data handling
- Error handling and logging
- Dependency security
- API security (rate limiting, CORS)
- Cryptographic practices
Review Process:
- Peer review required for all code changes
- Security review for sensitive modules (privacy, routing)
- Automated security tests must pass
- Manual security test plan for critical features
Pipeline:
# .github/workflows/security.yml
security:
runs-on: ubuntu-latest
steps:
- name: Dependency audit
run: npm audit --audit-level=moderate
- name: Run security tests
run: npm run test:security
- name: Static analysis
run: npm run lint:security
- name: Container scan
run: trivy image superinstance:latestSecurity Tests:
- Input validation tests
- Authentication tests
- Authorization tests
- Privacy layer tests
- Cache poisoning tests
- Injection attack tests
The software is provided "as is", without warranty of any kind.
Disclaimer:
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
What This Means:
- No warranty for security, fitness, or reliability
- Users are responsible for security assessment
- No liability for security breaches or data loss
- Use at your own risk in production environments
Community Support:
- Security issues are addressed on a best-effort basis
- No guaranteed response time for non-critical issues
- Community contributions are welcome
Enterprise Support:
- Paid enterprise support may be available in the future
- SLAs for security patching
- Dedicated security contact
- Custom security assessments
- Architecture Decisions - ADR-003: Intent Vectors for Privacy
- Privacy Protocol - Redaction-Addition Protocol specification
- Deployment Guide - Security hardening for production
- Differential Privacy - Microsoft's privacy research
- Intent-based Privacy - Academic research on intent encoding
- Semantic Security - Cryptographic foundations
- GitHub Security Advisories
- OWASP Vulnerability Disclosure
- CVE Request - For CVE assignment
| Date | Version | Description |
|---|---|---|
| 2025-12-28 | 0.1.0 | Initial security policy |
| TBD | TBD | First security audit |
Security Team: security@superinstance.dev PGP Key: Available on request GitHub: https://github.com/lsi-oss/superinstance/security
Last Updated: 2025-12-28 Version: 1.0 Next Review: 2026-01-28
// config/production.ts
export const securityConfig = {
// Privacy layer (REQUIRED for production)
privacy: {
enabled: true,
intentEncoding: {
enabled: true,
epsilon: 0.1,
delta: 1e-5
},
redaction: {
enabled: true,
patterns: [
'EMAIL',
'CREDIT_CARD',
'SSN',
'PHONE',
'API_KEY',
'PASSWORD',
'TOKEN'
],
strictMode: true
}
},
// API security
api: {
rateLimiting: {
enabled: true,
maxRequests: 100,
windowMs: 60000 // 1 minute
},
cors: {
enabled: true,
origins: ['https://yourdomain.com'],
credentials: true
},
authentication: {
enabled: true,
method: 'jwt',
secret: process.env.JWT_SECRET,
expiresIn: '1h'
}
},
// Logging
logging: {
level: 'info',
audit: {
enabled: true,
events: ['all'],
retention: '90d'
}
},
// Cache security
cache: {
validateBeforeServe: true,
namespacePerTenant: true,
ttl: 86400
}
};# Dockerfile with security hardening
FROM node:20-alpine AS builder
# Security: Non-root build
WORKDIR /app
# Security: Install only production dependencies
COPY package*.json ./
RUN npm ci --only=production && \
npm cache clean --force
# Security: Minimal runtime image
FROM node:20-alpine
# Security: Create non-root user
RUN addgroup -g 1001 -S nodejs && \
adduser -S nextjs -u 1001
# Security: Set ownership
WORKDIR /app
COPY --from=builder --chown=nextjs:nodejs /app/node_modules ./node_modules
COPY --from=builder --chown=nextjs:nodejs /app/package*.json ./
# Security: Run as non-root
USER nextjs
# Security: Read-only root filesystem
ENV NODE_ENV=production
EXPOSE 3000
CMD ["node", "index.js"]apiVersion: v1
kind: Pod
metadata:
name: superinstance
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1001
fsGroup: 1001
seccompProfile:
type: RuntimeDefault
containers:
- name: superinstance
image: superinstance:latest
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
runAsUser: 1001
volumeMounts:
- name: tmp
mountPath: /tmp
- name: cache
mountPath: /app/cache
volumes:
- name: tmp
emptyDir: {}
- name: cache
emptyDir: {}This security policy is a living document and will be updated as the project evolves.