61 lines
2.4 KiB
Markdown
61 lines
2.4 KiB
Markdown
---
|
|
phase: "05"
|
|
slug: per-project-instance-isolation
|
|
status: verified
|
|
threats_open: 0
|
|
asvs_level: 1
|
|
created: 2026-04-16
|
|
---
|
|
|
|
# Phase 05 — Security
|
|
|
|
> Per-phase security contract: threat register, accepted risks, and audit trail.
|
|
|
|
---
|
|
|
|
## Trust Boundaries
|
|
|
|
| Boundary | Description | Data Crossing |
|
|
|----------|-------------|---------------|
|
|
| Host → Sandbox | bwrap mount namespace | `~/.claude` config, per-project projects/ dir, history.jsonl, credentials |
|
|
| Sandbox → Host FS | Per-project instance dir | Conversation history, project state (scoped to hash dir) |
|
|
|
|
---
|
|
|
|
## Threat Register
|
|
|
|
| Threat ID | Category | Component | Disposition | Mitigation | Status |
|
|
|-----------|----------|-----------|-------------|------------|--------|
|
|
| T-05-01 | Tampering | Symlink resolution in `compute_canonical_root` | mitigate | `readlink -f` used to resolve symlinks before hashing; prevents symlink-based path manipulation | closed |
|
|
| T-05-02 | Tampering | bwrap overlay mount ordering | mitigate | Direct `~/.claude` bind applied first; per-project projects/ overlay applied after — last-mount-wins semantics correctly isolate per-project state | closed |
|
|
| T-05-03 | Injection | INSTANCE_HASH used in filesystem path | mitigate | Hash is hex-only (sha256sum output, `cut -c1-16`); no user-controlled input enters path construction | closed |
|
|
| T-05-04 | Information Disclosure | Cross-project Claude projects/ data | mitigate | Each project gets its own `~/.claudebox/projects/$INSTANCE_HASH/` mounted over `~/.claude/projects/`; project A data invisible in project B sandbox | closed |
|
|
| T-05-07 | Tampering | GC function path traversal | mitigate | `gc_instances()` scoped exclusively to `$HOME/.claudebox/projects/*/`; cannot escape to arbitrary filesystem paths | closed |
|
|
|
|
*Status: open · closed*
|
|
*Disposition: mitigate (implementation required) · accept (documented risk) · transfer (third-party)*
|
|
|
|
---
|
|
|
|
## Accepted Risks Log
|
|
|
|
No accepted risks.
|
|
|
|
---
|
|
|
|
## Security Audit Trail
|
|
|
|
| Audit Date | Threats Total | Closed | Open | Run By |
|
|
|------------|---------------|--------|------|--------|
|
|
| 2026-04-16 | 5 | 5 | 0 | gsd-secure-phase (from summaries) |
|
|
|
|
---
|
|
|
|
## Sign-Off
|
|
|
|
- [x] All threats have a disposition (mitigate / accept / transfer)
|
|
- [x] Accepted risks documented in Accepted Risks Log
|
|
- [x] `threats_open: 0` confirmed
|
|
- [x] `status: verified` set in frontmatter
|
|
|
|
**Approval:** verified 2026-04-16
|