Security Guide

Understanding permissions, isolation strategies, and best practices for secure OmniPalm deployment.

OmniPalm is a powerful tool. It can execute commands, access files, send emails, and interact with external services on your behalf. Understand the implications before granting permissions.

Security Overview

OmniPalm is designed with security in mind, but as an AI agent with real-world capabilities, it requires careful configuration. This guide covers:

  • Understanding the permission model
  • Isolation strategies for different environments
  • API key and credential management
  • Audit logging and monitoring
  • Responsible use guidelines

Threat Model

When deploying OmniPalm, consider the following potential risks:

What OmniPalm Can Access

Capability Default Risk Level Notes
File System Enabled Medium Limited to configured paths
Terminal/Shell Enabled High Can execute any command as your user
Network/APIs Enabled Medium Only configured integrations
Browser Disabled High Can interact with any website

Potential Attack Vectors

  • Prompt Injection: Malicious content in emails/documents could influence agent behavior
  • Credential Exposure: API keys could be logged or sent to LLM providers
  • Unintended Actions: Ambiguous commands could lead to unexpected operations
  • Data Exfiltration: Sensitive files could be sent to external services

Permission Management

Configuring Allowed Paths

Restrict file system access to specific directories:

~/.omnipalm/config.yaml 
security:
  allowed_paths:
    - ~/projects       # Your work directory
    - ~/Documents      # Documents folder
    - /tmp/omnipalm    # Temp workspace
  
  # Explicitly blocked (even if parent is allowed)
  blocked_paths:
    - ~/.ssh
    - ~/.aws
    - ~/.gnupg
    - ~/projects/secrets

Requiring Confirmation

Enable confirmation prompts for sensitive operations:

bash 
# Enable confirmation for all potentially destructive operations
omnipalm config set security.require_confirmation true

# Configure which operations require confirmation
omnipalm config set security.confirm_operations '["delete", "send_email", "execute_shell", "deploy"]'

With confirmation enabled, OmniPalm will ask before executing:

> Delete all .log files older than 30 days

⚠️  This will delete 47 files. Proceed?
    - /var/log/app/*.log (23 files)
    - ~/projects/logs/*.log (24 files)
    
    [Y]es / [N]o / [L]ist files:

Disabling Capabilities

Disable features you don't need:

bash 
# Disable browser automation
omnipalm config set integrations.browser.enabled false

# Disable terminal access (agent becomes read-only)
omnipalm config set integrations.terminal.enabled false

# Disable all write operations
omnipalm config set security.read_only true

Isolation Strategies

For production or sensitive environments, isolate OmniPalm from your main system.

Docker Isolation (Recommended)

Run OmniPalm in a container with limited access:

docker-compose.yml 
version: '3.8'
services:
  omnipalm:
    image: meta/omnipalm:latest
    container_name: omnipalm
    
    # Run as non-root user
    user: "1000:1000"
    
    # Limited capabilities
    cap_drop:
      - ALL
    cap_add:
      - NET_BIND_SERVICE
    
    # Read-only root filesystem
    read_only: true
    
    # Writable directories
    tmpfs:
      - /tmp
    
    volumes:
      # Config (read-only)
      - ~/.omnipalm/config.yaml:/home/omnipalm/.omnipalm/config.yaml:ro
      # Work directory (read-write)
      - ~/omnipalm-workspace:/workspace
    
    # Network isolation (optional)
    # network_mode: none
    
    environment:
      - OMNIPALM_LLM_API_KEY
    
    # Resource limits
    deploy:
      resources:
        limits:
          cpus: '2'
          memory: 4G

VM Isolation

For maximum isolation, run OmniPalm in a virtual machine:

  • Use a lightweight Linux VM (Ubuntu Server, Alpine)
  • Disable clipboard sharing
  • Use NAT networking with limited port forwarding
  • Take snapshots before major operations

Limited User Account

Create a dedicated user with restricted permissions:

bash 
# Create dedicated user
sudo useradd -m -s /bin/bash omnipalm-user

# Create workspace with limited access
sudo mkdir /opt/omnipalm-workspace
sudo chown omnipalm-user:omnipalm-user /opt/omnipalm-workspace

# Run OmniPalm as the limited user
sudo -u omnipalm-user omnipalm start

API Key Security

Best Practices

  • Use environment variables instead of config files for API keys
  • Rotate keys regularly, especially after suspected exposure
  • Use scoped tokens with minimal permissions
  • Never commit keys to version control

Environment Variables

bash 
# Store keys in environment (not in config files)
export OMNIPALM_LLM_API_KEY="sk-ant-api03-..."
export OMNIPALM_JIRA_TOKEN="jira_..."
export OMNIPALM_SLACK_TOKEN="xoxb-..."

# Or use a secrets manager
export OMNIPALM_LLM_API_KEY=$(aws secretsmanager get-secret-value \
  --secret-id omnipalm/llm-key --query SecretString --output text)

Warning: When using cloud LLM providers, your prompts (including file contents and commands) are sent to their servers. Use local models for sensitive data.

Audit Logging

Enable comprehensive logging to track all OmniPalm actions:

~/.omnipalm/config.yaml 
security:
  log_all_actions: true
  
logging:
  level: INFO
  file: ~/.omnipalm/logs/audit.log
  max_size: 100MB
  max_files: 10
  
  # What to log
  log_prompts: true        # Log user commands
  log_responses: true      # Log agent responses
  log_tool_calls: true     # Log all tool invocations
  log_api_calls: false     # Don't log raw API calls (may contain secrets)

Log Format

2024-01-15T10:23:45Z INFO  [user_command] "Send email to alice@example.com"
2024-01-15T10:23:46Z INFO  [tool_call] email.send recipient="alice@example.com" subject="..."
2024-01-15T10:23:47Z INFO  [tool_result] email.send status="success" message_id="abc123"
2024-01-15T10:23:47Z INFO  [agent_response] "Email sent successfully to alice@example.com"

Monitoring

Set up alerts for suspicious activity:

  • Multiple failed operations
  • Access to blocked paths
  • Unusual API call patterns
  • Commands containing sensitive keywords

Rate Limiting & Safeguards

Prevent runaway operations with built-in limits:

~/.omnipalm/config.yaml 
agent:
  max_iterations: 25        # Max steps per task
  timeout: 300              # 5 minute timeout
  
security:
  rate_limits:
    emails_per_hour: 20
    api_calls_per_minute: 60
    file_operations_per_minute: 100
    shell_commands_per_minute: 30
  
  # Automatic stop conditions
  stop_on_error_count: 3    # Stop after 3 consecutive errors
  stop_on_cost_limit: 10.00 # Stop if LLM costs exceed $10

Responsible Use Guidelines

Do

  • Start with minimal permissions and expand as needed
  • Test workflows in isolated environments first
  • Review audit logs regularly
  • Keep OmniPalm and dependencies updated
  • Use confirmation prompts for irreversible actions
  • Report security issues via responsible disclosure

Don't

  • Grant access to sensitive directories without need
  • Store API keys in configuration files
  • Disable security features in production
  • Run OmniPalm as root/administrator
  • Expose the REST API to untrusted networks
  • Process untrusted input without sandboxing

Security Reporting

If you discover a security vulnerability in OmniPalm:

Responsible Disclosure

Please report security issues privately to allow us to address them before public disclosure.

We aim to respond to security reports within 48 hours and will coordinate disclosure timelines with you.