Skip to content

Secure Caracal

Security in Caracal centers on pre-execution authority: STS issues scoped mandates, Gateway enforces protected-resource access, Coordinator tracks agent/delegation state, Audit preserves evidence, and Operations keeps storage, streams, secrets, and releases recoverable.

flowchart LR
  Operator[Operator] --> API[API and Console]
  Workload[Workload] --> STS[STS]
  Request[Protected request] --> Gateway[Gateway]
  Agent[Agent SDK] --> Coordinator[Coordinator]
  API --> Audit[Audit evidence]
  STS --> Audit
  Gateway --> Audit
  Coordinator --> Audit
  Audit --> Postgres[(Append-only audit)]
NeedPage
Understand assets, boundaries, threats, and mitigationsReview the Threat Model
Harden a production deploymentHarden Security Posture
Verify a release before installingVerify a Release
Demonstrate assurance to a reviewer or auditorGenerate an Evidence Pack
Report a vulnerability privatelyReport a Vulnerability
Operate a security incidentRespond to Incidents
Evaluate the project for enterprise adoptionEnterprise Security Readiness
  • STS must fail closed on policy, key, session, revocation, replay, step-up, and signing errors.
  • Gateway must never trust caller-supplied destinations and must deny before upstream dispatch when authority or routing is unsafe.
  • Redis stream messages require HMAC signing in published modes where configured.
  • Audit evidence must remain append-only, tamper-evident, and recoverable through replay/DLQ paths.
  • Secrets must come from secret files or platform secret managers in production.
  • The open-source product must not depend on enterprise-only code or controls.

Read Review the Threat Model before hardening a deployment.