Security
Security is a foundational concern in PRX. As an autonomous agent framework, PRX must carefully control what actions agents can take, what data they can access, and how they interact with external systems.
Security Layers
PRX implements defense in depth through multiple security layers:
| Layer | Component | Purpose |
|---|---|---|
| Policy | Policy Engine | Declarative rules for tool access and data flow |
| Isolation | Sandbox | Process/container isolation for tool execution |
| Authentication | Pairing | Device pairing and identity verification |
| Secrets | Secrets Management | Secure storage for API keys and credentials |
Configuration
toml
[security]
sandbox_backend = "bubblewrap" # "docker" | "firejail" | "bubblewrap" | "landlock" | "none"
require_tool_approval = true
max_tool_calls_per_turn = 10
[security.policy]
default_action = "deny"Threat Model
PRX's threat model considers adversarial inputs, prompt injection, tool abuse, and data exfiltration as primary threat vectors.