Security Overview
Contop follows a defense-in-depth approach with multiple security layers. The system assumes zero trust between components and implements security at every boundary.
Security Philosophy
- Defense-in-depth — Multiple independent security layers, so a failure in one doesn't compromise the system
- Zero trust — Every command is classified before execution, regardless of source
- Local-first — Data stays on your devices; no cloud intermediary for execution
- Transparent — Every action is logged and visible to the user in real time
Trust Boundaries
Security Layers
| Layer | Purpose | Documentation |
|---|---|---|
| Transport Encryption | DTLS data channels + SRTP video | Pairing & Encryption |
| Command Classification | Every command evaluated before execution | Dual-Tool Evaluator |
| Sandbox Isolation | Dangerous commands run in hardened Docker containers | Docker Sandbox |
| Audit Trail | Every tool call logged with timestamps and outcomes | Audit Logging |
| Physical Access Protection | Away Mode locks the desktop when unattended | Away Mode Security |
Threat Model Summary
| Threat | Mitigation |
|---|---|
| Unauthorized device access | QR code pairing + biometric auth + token expiration |
| Man-in-the-middle | DTLS/SRTP encryption + certificate fingerprint in QR |
| Malicious AI commands | Dual-Tool Evaluator classifies every command |
| Destructive actions | User confirmation required + Docker sandboxing |
| Credential exposure | Environment isolation in sandbox |
| Physical access when away | Away Mode overlay + keyboard hook + PIN protection |
| LLM prompt injection | Security-focused system prompt, tool classification independent of LLM output |
Related: Dual-Tool Evaluator · Docker Sandbox · Pairing & Encryption · Audit Logging