📄️ Overview
Security philosophy, threat model, and defense in depth
📄️ Principle of Least Privilege
Tool access, MCP restrictions, and environment isolation
📄️ Secret Handling
Secret injection, redaction, and environment variables
📄️ Docker Security
Two-user model, container isolation, and volume mounts
📄️ Script Sandboxing
Starlark restrictions, execution limits, and output sanitization