Slipstream/anything_app
3
0
Fork 0
Code Issues 46 Pull requests Projects Releases Packages Activity Actions

ARCH-4: Document LLM/code-generation threat boundaries #4

New issue
Closed
opened 2026-05-06 21:14:39 -07:00 by jwilger · 0 comments
jwilger commented 2026-05-06 21:14:39 -07:00
Owner
Copy link

Roadmap key: ARCH-4

Depends on: ARCH-1

Acceptance criteria

  • Identifies untrusted LLM output, prompt/vector memory sensitivity, event payload PII, generated code artifacts, hot-load, external API calls, command authorization, and validation/test/compile gates.
  • Documents Phoenix baseline trust boundaries introduced by BASE-1, including signed cookie sessions, CSRF, LiveView socket session handling, dev-only dashboard/mailbox routes, runtime secret loading, and local Postgres access.
  • Records production-hardening decisions or follow-up work for secure session cookies, host/header assumptions around SSL redirects and health-check exclusions, and Postgres TLS requirements for remote production databases.

Source

Created from .kilo/plans/1778116681638-nimble-star.md.

Roadmap key: `ARCH-4` Depends on: [ARCH-1](https://git.johnwilger.com/jwilger/anything_app/issues/1) ## Acceptance criteria - Identifies untrusted LLM output, prompt/vector memory sensitivity, event payload PII, generated code artifacts, hot-load, external API calls, command authorization, and validation/test/compile gates. - Documents Phoenix baseline trust boundaries introduced by BASE-1, including signed cookie sessions, CSRF, LiveView socket session handling, dev-only dashboard/mailbox routes, runtime secret loading, and local Postgres access. - Records production-hardening decisions or follow-up work for secure session cookies, host/header assumptions around SSL redirects and health-check exclusions, and Postgres TLS requirements for remote production databases. ## Source Created from `.kilo/plans/1778116681638-nimble-star.md`.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
issue-6-single-aggregate-command-contract
issue-5-llm-integration-architecture
No results found.
Labels
Clear labels   
bug
Something is not working

  
duplicate
This issue or pull request already exists

  
enhancement
New feature

  
help wanted
Need some help

  
invalid
Something is wrong

  
question
More information is needed

  
wontfix
This won't be fixed

  
bug
Something is not working

  
duplicate
This issue or pull request already exists

  
enhancement
New feature

  
help wanted
Need some help

  
invalid
Something is wrong

  
question
More information is needed

  
wontfix
This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Blocks
#5 ARCH-5: Define LLM integration architecture
Slipstream/anything_app
#14 LLM-2: Implement provider policy registry without secrets
Slipstream/anything_app
Depends on
#1 ARCH-1: Create target architecture document
Slipstream/anything_app
Reference
Slipstream/anything_app#4
No description provided.