From e3999ee598e2138178205fe9d8f015ed2ca002dc Mon Sep 17 00:00:00 2001 From: Prabhat Singh <109069787+prabhat-singh-kore@users.noreply.github.com> Date: Wed, 1 Jul 2026 19:56:58 +0530 Subject: [PATCH] remove security review notes --- .../sdk/sdk-end-to-end-auth-setup.mdx | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/agent-platform/sdk/sdk-end-to-end-auth-setup.mdx b/agent-platform/sdk/sdk-end-to-end-auth-setup.mdx index 198029a5..66a37eff 100644 --- a/agent-platform/sdk/sdk-end-to-end-auth-setup.mdx +++ b/agent-platform/sdk/sdk-end-to-end-auth-setup.mdx @@ -1309,19 +1309,4 @@ Minimum evidence for each selected production scenario: | WebSocket fails after init succeeds | Browser bundle is old or Redis/ticket store is unavailable. | Use SDK with `sdk-ticket` support and verify Redis Runtime config. | | `jwe_required` fails closed | Runtime JWE capability is unavailable. | Verify `ENCRYPTION_MASTER_KEY`, `AUTH_SDK_JWE_ENABLED`, and capability route readiness. | -## Security Review Notes - -- Public anonymous SDK is not a high-assurance flow. Treat any browser-provided - `userContext` as unverified. -- Runtime-signed Hosted Exchange sends secure attributes to Runtime during - `/api/v1/sdk/customer-sessions`. Use it only when that server-to-server API - call is approved. -- Customer-issued shared-secret JWE avoids the Runtime minting API call but uses - shared scoped secret material on both sides. -- Customer-issued public-key JWE avoids the Runtime minting API call, avoids a - shared encryption secret on the customer side, and provides explicit issuer - authentication through the inner JWS. -- In all Hosted Exchange modes, Runtime still issues the canonical SDK session - token after bootstrap. The customer-issued token is bootstrap-only. -- Do not store sensitive data in logs, URLs, local storage, WebSocket protocols, - or analytics metadata. +---