Skip to content

Add security architecture slides to presentation deck #12051

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pelikhan merged 3 commits into from
Jan 27, 2026
Merged

Add security architecture slides to presentation deck #12051

pelikhan merged 3 commits into from
Jan 27, 2026

Conversation

Copy link
Contributor

Copilot AI commented Jan 27, 2026
edited
Loading

Adds 10 slides covering the multi-layered defense architecture to the Marp presentation deck.

Content Added

  • Architecture diagram: Mermaid flowchart visualizing sandboxed agent, MCP gateway, containerized tools, and proxy/firewall layers
  • Security layers breakdown: Agent sandbox, MCP gateway routing, tool isolation, service access controls
  • Operational guidance: Strict mode enforcement, manual approval gates, plan/check/act pattern

Technical Details

Each security layer is explained with specific controls:

  • Layer 1: Agent in isolated sandbox with read-only permissions, primary firewall
  • Layer 2: MCP Gateway (mcpg) validates tool invocations, enforces permission boundaries
  • Layer 3: Per-tool sandboxes with non-root UIDs, dropped capabilities, secondary firewalls
  • Layer 4: Multi-proxy defense before external service access

Content sourced from /docs/src/content/docs/guides/security.md and compiled via Marp to /docs/dist/slides/index.html (129KB).

Example Slide Content

---
strict: true
permissions:
  contents: read
network:
  allowed: [defaults, python]
safe-outputs:
  create-issue:
---

Strict mode enforces: no write permissions (use safe-outputs), secure network defaults, no wildcard domains, SHA-pinned actions.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • telemetry.astro.build
    • Triggering command: /opt/hostedtoolcache/node/24.13.0/x64/bin/node node /home/REDACTED/work/gh-aw/gh-aw/docs/node_modules/.bin/astro build (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

Add a slides on security architecture (see security architecture docs)

Custom agent used: technical-doc-writer
AI technical documentation writer for GitHub Actions library using GitHub Docs voice

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

This was referenced Jan 27, 2026
Closed
Closed
Merged
@pelikhan
Add security architecture slides with multi-layered defense visualiza…
889b2a3 
…tion

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Add slides on security architecture documentation Add security architecture slides to presentation deck Jan 27, 2026
Copilot AI requested a review from pelikhan January 27, 2026 17:03
@pelikhan pelikhan marked this pull request as ready for review January 27, 2026 17:05
@pelikhan pelikhan merged commit a5ea9be into main Jan 27, 2026
2 checks passed
@pelikhan pelikhan deleted the copilot/add-slides-security-architecture branch January 27, 2026 18:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan