Skip to content

WasmAgent Security Governance Pack

This pack answers the security questions enterprise evaluators ask before adopting an agentic coding system.

Contents

DocumentAnswers
threat-model.mdWhat can go wrong, what is blocked by design
capability-manifest-guide.mdHow to configure the permission boundary
owasp-agentic-map.mdOWASP Agentic Top 10 → WasmAgent controls
audit-events.mdWhat is logged and how to export it
deployment-checklist.mdProduction hardening checklist
pilot-script.md30-minute enterprise pilot walkthrough

How to use this pack

Security architects — start with threat-model.md for the attack surface and then owasp-agentic-map.md for the compliance mapping.

Developers deploying WasmAgentcapability-manifest-guide.md defines the permission boundary and deployment-checklist.md covers production hardening.

Enterprise evaluators running a pilot — follow pilot-script.md. All four scenarios produce evidence artifacts you can attach to a procurement review.

Compliance / auditaudit-events.md documents every event emitted, KV storage format, and OTel export bridge.

Scope

This pack covers the runtime security model of the WasmAgent kernel and agent framework. It does not cover:

  • Cloudflare Workers platform security (see Cloudflare Trust & Safety docs).
  • LLM provider safety (model-level content filtering is a provider concern).
  • Your organisation's identity and access management layer.

Released under the Apache-2.0 License.