docs(isolation): frame strategies as user-protection security boundary#511
Merged
Conversation
Reframe IIsolationStrategy and the four built-in strategies (in-process, sandbox, container, remote) to lead with their security purpose: bounding what an agent can reach and leak when prompt-injected, executing hostile tool output, or simply mistaken. Changes (doc-comment / markdown only — no behaviour change): - IIsolationStrategy: rewrite XML summary + remarks; present strategies on a fastest-to-most-isolated spectrum; describe sandbox as separate process + IPC + OS confinement (not stale "AppDomain"); note hardened-container runtimes (gVisor / Firecracker / Kata) as a future extension. - Per-strategy stubs (Sandbox/Container/Remote): lead each summary with the user-protection framing it provides. - InProcessIsolationStrategy: spell out that there is no security boundary and point at sandbox/container/remote for untrusted or sensitive workloads. - docs/architecture/domain-model.md: rename "Agent Execution Strategies" section to "Agent Isolation Strategies" with the security framing. - docs/architecture/principles.md (ADR-005): explicit security framing, list the planned strategies as the spectrum. - docs/architecture/overview.md, src/gateway/README.md and src/gateway/BotNexus.Gateway[.Abstractions]/README.md: align table / inline descriptions with the security-boundary framing. Closes #510 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This was referenced May 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #510
What
Reframes
IIsolationStrategyand the four built-in strategies (in-process,sandbox,container,remote) to lead with their security purpose: bounding what an agent can reach and what it can leak when prompt-injected, executing hostile tool output, or simply mistaken.Isolation is the platform's primary defense against agent actions the user did not sanction; documentation should help operators choose the right strategy for their threat model rather than picking based only on speed.
Why
Existing wording described isolation as
execution environment(the how), not as a user-protection boundary (the why). It also contained stale terminology —restricted AppDomainno longer applies on the .NET runtime BotNexus targets.Changes (doc-comment / markdown only — no behaviour change)
IIsolationStrategy: rewrite XML summary + remarks; present strategies on a fastest → most-isolated spectrum; describesandboxas separate process + IPC + OS-level confinement; note hardened-container runtimes (gVisor / Firecracker / Kata) as a future extension.Sandbox/Container/Remote): each summary now leads with the user-protection framing it provides.InProcessIsolationStrategy: spells out that there is no security boundary, and points at sandbox / container / remote for untrusted or sensitive workloads.docs/architecture/domain-model.md: renamed Agent Execution Strategies → Agent Isolation Strategies with the security framing.docs/architecture/principles.md(ADR-005): explicit security framing; lists the planned strategies as the spectrum.docs/architecture/overview.md,src/gateway/README.mdandsrc/gateway/BotNexus.Gateway[.Abstractions]/README.md: aligned table / inline descriptions with the security-boundary framing.Verification
dotnet build BotNexus.slnx --nologo --tl:off— Build succeeded. 0 Warning(s) 0 Error(s).No tests run — changes are XML doc-comment and markdown only; no behaviour changes.