This page exists for the security review your team will run before greenlighting a production agent. No marketing. Every claim here has a corresponding code path or control.
The agent runs as a dedicated Kubernetes ServiceAccount created in its own namespace (byteport-agent).
Every action the agent can take is gated by a runbook-declared scope — a runbook must explicitly
declare which Kubernetes resources it needs before those permissions are granted.
If no runbook claims a resource, the agent has no access to it.
| Resource | API Group | Verbs | Purpose | Runbook guard |
|---|---|---|---|---|
pods, nodes, events |
"" (core) |
get, list, watch |
Signal collection — read-only metrics and event stream | All runbooks (signal phase) |
deployments, replicasets |
apps |
get, list, watch |
Runbook matching — read desired vs. actual state | All runbooks (diagnose phase) |
deployments |
apps |
patch |
Rollback action — applies previous revision via annotated rollback only | FailedDeployAutoRollbackRunbook only; allowlisted deployments; dry_run gate |
pods/exec |
"" (core) |
create |
Diagnostics only — runs df -h, free -m, du -sh. Output stays in cluster. |
DiskSpaceAutoReclaimRunbook, MemoryPressureRunbook |
pods/log |
"" (core) |
get |
Pod log tail — last 50 lines for crash classification only; never forwarded to BytePort API | PodCrashloopRunbook |
horizontalpodautoscalers |
autoscaling |
get, patch |
Scale deployment up under load; patch guarded by runbook allowlist and HPA min/max bounds | MemoryPressureRunbook, CpuSpikeRunbook only |
| Provider | Scope / Role | Purpose | What is never requested |
|---|---|---|---|
| AWS |
cloudwatch:GetMetricDatacloudwatch:ListMetricsec2:DescribeInstances (read-only)
|
CloudWatch adapter — pull CPU/disk/memory metrics | IAM writes, S3 object reads, RDS data access, EC2 mutations |
| GCP |
roles/monitoring.viewerroles/logging.viewer (optional)
|
GCP Monitoring adapter — pull metric series | IAM Admin, Storage Object Viewer, any data-plane role |
| Azure |
Monitoring Reader (built-in role)
|
Azure Monitor adapter — pull metric data | Contributor, Owner, any write role |
byteport.io/enabled: "true" are never inspected by the agent.
You control which namespaces the agent can see — details in docs/runbooks/rbac.md.
In auto mode, the agent acts without human approval only on the left column below.
Everything in the right column triggers immediate escalation to your ops channel — the agent stops and waits.
In the default dry_run mode, nothing in either column executes without explicit approval.
kubectl delete pod)docker system prune -f on the node via execbyteport.io/enabled: "true"The classification logic is open source: github.com/Polsia-Inc/byteport-agent/src/runbooks. Read the code, not the marketing.
Every agent decision — whether it acts, escalates, or does nothing — produces an immutable audit record.
Records are written to the agent_actions table (in your BytePort account) and optionally streamed
to your own storage.
| Field | Type | Description |
|---|---|---|
id | UUID | Immutable record identifier |
timestamp | ISO 8601 UTC | Millisecond-precision event time |
actor | string | Always "byteport-agent" — agent identity is fixed, not impersonatable |
cluster | string | Cluster name from config (BYTEPORT_CLUSTER_NAME) |
signal_type | string | e.g. disk_pressure, pod_crashloop |
signal_value | float | Measured value that triggered the runbook |
runbook | string | Runbook class name that matched, e.g. DiskSpaceAutoReclaimRunbook |
decision | enum | acted | escalated | dry_run_planned | skipped |
command | string | Exact command executed or planned (never contains secrets or data) |
result | enum | success | failure | pending_approval |
mttr_seconds | int | Seconds from signal to verified resolution (null if escalated) |
hash | SHA-256 | SHA-256 of the serialized record — tamper evidence; verify with byteport verify-log <id> |
{
"id": "01HXZ8K2P3Q4R5S6T7U8V9W0X1",
"timestamp": "2026-05-30T06:14:22.341Z",
"actor": "byteport-agent",
"cluster": "prod-us-east-1",
"signal_type": "disk_pressure",
"signal_value": 91.5,
"runbook": "DiskSpaceAutoReclaimRunbook",
"decision": "acted",
"command": "kubectl exec -n app node-3 -- docker system prune -f",
"result": "success",
"mttr_seconds": 187,
"postmortem_url": "https://github.com/acme/ops/issues/214",
"hash": "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
}Default retention: 90 days in the BytePort-managed store. Export is available to:
| Target | Method | Format |
|---|---|---|
| AWS S3 | Hourly batch export via IAM role | newline-delimited JSON |
| GCS | Hourly batch export via service account | newline-delimited JSON |
| Syslog (RFC 5424) | TLS stream — any syslog receiver | Structured key=value |
| Splunk HEC | HTTP Event Collector, batched | Splunk event JSON |
| HTTP webhook | Per-record POST to your endpoint | JSON (same schema above) |
Export is available on Growth and Scale tiers. Configure via helm upgrade --set audit.export.target=s3.
The agent never persists secrets. It reads credentials from the customer's secret manager at runtime, uses them for the duration of a single runbook execution, and discards them from memory when the runbook exits. No credential is written to disk, included in audit logs, or transmitted to the BytePort API.
command field is sanitized before logging — any argument matching --password,
--token, or a known secret pattern is replaced with [REDACTED] before the record is written.
Supported secret managers (pull-at-runtime):
Configure via BYTEPORT_SECRET_BACKEND=vault (or aws-sm, gcp-sm, k8s, doppler, 1password).
Each backend is documented in /quickstart.
The agent runs inside your cluster. Most data never leaves. Here is the exact boundary:
kubectl exec output (diagnostics run locally; output not forwarded)BYTEPORT_API_URL at your own deployment.
Contact sales to discuss air-gapped deployment.
Signal metadata sent to the BytePort API is stored in Neon PostgreSQL hosted in AWS us-east-1. Data is encrypted at rest (AES-256) and in transit (TLS 1.3 minimum). Customer data is logically isolated — no cross-tenant data sharing. Retention: 90 days default; deletion on request within 72 hours.
We treat the agent's build pipeline as a security surface.
| Control | Status | Detail |
|---|---|---|
| SBOM | ✓ Available |
Generated with syft on every release.
SPDX 2.3 format. Download from the GitHub release assets or:
docker sbom ghcr.io/polsia-inc/byteport-agent:latest
|
| Signed releases | ✓ Active |
Container images and Helm chart digests signed with cosign (keyless, Sigstore transparency log).
Verify: cosign verify ghcr.io/polsia-inc/byteport-agent:v0.1.27
|
| Reproducible builds | In progress | Hermetic builds via GitHub Actions with pinned runner images. Full bit-for-bit reproducibility is on the roadmap for v0.2. |
| Dependency pinning | ✓ Active | All npm and Helm dependencies locked to exact versions. Dependabot PRs auto-opened on CVE alerts; CI blocks merge on critical CVSS ≥ 9.0. |
| CI security scan | ✓ Active | GitHub Actions workflow runs npm audit --audit-level=high and trivy image on every PR. Workflow definition: byteport-agent-ci.yml. |
| Source code | ✓ Public | Agent source is MIT-licensed and open source. Read the code at github.com/Polsia-Inc/byteport-agent. The control plane (BytePort API) is proprietary but auditable under NDA for Scale customers. |
If you discover a security vulnerability in BytePort, please report it before disclosing publicly. We take coordinated disclosure seriously.
| Channel | Use for | Response SLA |
|---|---|---|
| security@byteport.polsia.app | Vulnerability disclosures, suspected breaches, access anomalies | 24 hours — acknowledgment; triage within 72 hours |
| byteport@polsia.app | General security questions, compliance documentation requests | 2 business days |
What is already in place:
| Control | Status | Notes |
|---|---|---|
| Encryption at rest | ✓ Active | AES-256 via Neon PostgreSQL + provider-level encryption |
| Encryption in transit | ✓ Active | TLS 1.3 minimum; HSTS enforced |
| Access control | ✓ Active | Principle of least privilege throughout; Kubernetes RBAC as documented above |
| Audit logging | ✓ Active | Immutable, hash-chained audit records for every agent decision |
| Logical data isolation | ✓ Active | No cross-tenant data access; per-customer row-level scoping in PostgreSQL |
| Dependency CVE scanning | ✓ Active | Dependabot + npm audit + Trivy on every PR |
| Signed container images | ✓ Active | cosign + Sigstore transparency log |
| SOC 2 Type II | Roadmap Q4 2026 | Audit engagement in planning. Interim security review materials available on request. |
| GDPR / data processor agreement | Available on request | DPA available for Growth and Scale customers. Email us. |
| HIPAA | Not applicable | BytePort does not process or store protected health information. Do not use for HIPAA-covered workloads without a BAA. |
| PCI-DSS | Not yet | Avoid deploying in cardholder data environments until PCI assessment is complete. |
Need security documentation for a procurement review? Email byteport@polsia.app — we can provide a completed security questionnaire and a scoped call with our team within 2 business days.