attune-system/attune
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a74e13fa0bab6ec1f0e5f4d3cd1686cbe16d3e4c
attune/work-summary/2025-02-05-secure-parameter-delivery.md

18 KiB
Raw Blame History

Secure Parameter Delivery Implementation

Date: 2025-02-05
Status: Complete
Type: Security Enhancement

Summary

Implemented a comprehensive secure parameter passing system for Attune actions, addressing critical security vulnerabilities where sensitive parameters (passwords, API keys, tokens) were being passed via environment variables, making them visible in process listings.

The new system provides two delivery methods (stdin, file) and three serialization formats (json, dotenv, yaml), with stdin + json as the secure default. Environment variables are now completely separate from action parameters - parameters are always secure (never passed as env vars), while environment variables provide execution context via execution.env_vars.

Problem Statement

Security Vulnerability

Environment variables are visible to any user who can inspect running processes via:

  • ps aux command
  • /proc/<pid>/environ file
  • System monitoring tools

This means that actions receiving sensitive parameters (API keys, passwords, database credentials) via environment variables were exposing these secrets to potential unauthorized access.

Example of the Problem

Before (insecure):

$ ps aux | grep attune-worker
user  12345  ... attune-worker
  ATTUNE_ACTION_API_KEY=secret123
  ATTUNE_ACTION_DB_PASSWORD=pass456

Anyone with process listing permissions could see these credentials.

Solution Design

Design Approach

  1. Parameters and Environment Variables Are Separate:

    • Parameters - Data the action operates on (always secure: stdin or file)
    • Environment Variables - Execution context/configuration (separate: execution.env_vars)

  2. Delivery Methods: How parameters reach the action

    • stdin - Standard input stream (DEFAULT, secure)
    • file - Temporary file with restrictive permissions (secure for large payloads)
    • NO env option - Parameters are never passed as environment variables

  3. Serialization Formats: How parameters are encoded

    • json - Structured JSON object (DEFAULT, preserves types, good for Python/Node.js)
    • dotenv - Simple KEY='VALUE' format (good for shell scripts)
    • yaml - Human-readable structured format

  4. Secure by Design: Parameters are always secure (stdin or file only)

Implementation Details

1. Database Schema Changes

Migration 1: 20250205000001_action_parameter_delivery.sql

Added two columns to the action table:

  • parameter_delivery TEXT NOT NULL DEFAULT 'stdin' - CHECK constraint for valid values (stdin, file)
  • parameter_format TEXT NOT NULL DEFAULT 'json' - CHECK constraint for valid values

Both columns have indexes for query optimization.

Migration 2: 20250205000002_execution_env_vars.sql

Added one column to the execution table:

  • env_vars JSONB - Stores environment variables as key-value pairs (separate from parameters)
  • GIN index for efficient querying

2. Model Updates

File: crates/common/src/models.rs

Added two new enums:

pub enum ParameterDelivery {
    Stdin,  // Standard input (DEFAULT)
    File,   // Temporary file
    // NO Env option - parameters never passed as env vars
}

pub enum ParameterFormat {
    Json,   // JSON object (DEFAULT)
    Dotenv, // KEY='VALUE' format
    Yaml,   // YAML document
}

Implemented Default, Display, FromStr, and SQLx Type, Encode, Decode traits for database compatibility.

Updated Action model with new fields:

pub struct Action {
    // ... existing fields
    pub parameter_delivery: ParameterDelivery,
    pub parameter_format: ParameterFormat,
}

Updated Execution model with environment variables field:

pub struct Execution {
    // ... existing fields
    pub env_vars: Option<JsonDict>,  // Separate from parameters
}

3. Parameter Passing Module

File: crates/worker/src/runtime/parameter_passing.rs

New utility module providing:

Functions:

  • format_parameters() - Serializes parameters in specified format
  • format_dotenv() - Converts to KEY='VALUE' lines
  • format_json() - Converts to JSON with pretty printing
  • format_yaml() - Converts to YAML document
  • create_parameter_file() - Creates secure temp file (mode 0400 on Unix)
  • prepare_parameters() - Main entry point for parameter preparation

Types:

  • ParameterDeliveryConfig - Configuration for delivery method and format
  • PreparedParameters - Enum representing prepared parameters ready for execution

Security Features:

  • Temporary files created with restrictive permissions (owner read-only)
  • Automatic cleanup of temporary files
  • Proper escaping of special characters in dotenv format
  • Delimiter (---ATTUNE_PARAMS_END---) separates parameters from secrets in stdin

Test Coverage: Comprehensive unit tests for all formatting and delivery methods

4. Runtime Updates

Updated all runtime implementations to support the new system:

Shell Runtime (crates/worker/src/runtime/shell.rs)

  • Modified execute_with_streaming() to accept parameters_stdin argument
  • Updated execute_shell_code() and execute_shell_file() to prepare parameters
  • Writes parameters to stdin before secrets (with delimiter)
  • Added logging for parameter delivery method

Native Runtime (crates/worker/src/runtime/native.rs)

  • Refactored execute_binary() signature to use prepared environment
  • Removed direct parameter-to-env conversion (now handled by parameter_passing module)
  • Writes parameters to stdin before secrets (with delimiter)
  • Added parameter delivery logging

Execution Context (crates/worker/src/runtime/mod.rs)

Added fields to ExecutionContext:

pub struct ExecutionContext {
    // ... existing fields
    pub parameter_delivery: ParameterDelivery,
    pub parameter_format: ParameterFormat,
}

Executor (crates/worker/src/executor.rs)

Updated prepare_execution_context() to populate parameter delivery fields from the Action model.

5. Pack Loader Updates

File: scripts/load_core_pack.py

Updated action loading logic:

  • Reads parameter_delivery and parameter_format from action YAML
  • Validates values against allowed options
  • Inserts into database with proper defaults
  • Logs warnings for invalid values

6. Dependencies

Added to crates/worker/Cargo.toml:

  • serde_yaml_ng - For YAML serialization
  • tempfile - For secure temporary file creation (moved from dev-dependencies)

Configuration

Action YAML Syntax

Actions can now specify parameter delivery in their metadata:

name: my_action
ref: mypack.my_action
description: "Secure action with credential handling"
runner_type: python
entry_point: my_action.py

# Parameter delivery configuration (optional - these are the defaults)
# parameter_delivery: stdin   # Options: stdin, file (default: stdin)
# parameter_format: json      # Options: json, dotenv, yaml (default: json)

parameters:
  type: object
  properties:
    api_key:
      type: string
      secret: true          # Mark sensitive parameters

Environment Variables Set

The system always sets these environment variables to inform actions about delivery method:

  • ATTUNE_EXECUTION_ID - Current execution ID
  • ATTUNE_ACTION_REF - Action reference
  • ATTUNE_PARAMETER_DELIVERY - The delivery method used (stdin/file, default: stdin)
  • ATTUNE_PARAMETER_FORMAT - The format used (json/dotenv/yaml, default: json)
  • ATTUNE_PARAMETER_FILE - Path to parameter file (only when delivery=file)

Custom Environment Variables (from execution.env_vars): Any key-value pairs in execution.env_vars are set as environment variables. These are separate from parameters and used for execution context.

Example Usage

Secure Python Action (Uses Defaults)

Action YAML:

# Uses default stdin + json (no need to specify)
# parameter_delivery: stdin
# parameter_format: json

Action Script:

#!/usr/bin/env python3
import sys
import json

def read_stdin_params():
    content = sys.stdin.read()
    parts = content.split('---ATTUNE_PARAMS_END---')
    params = json.loads(parts[0].strip()) if parts[0].strip() else {}
    secrets = json.loads(parts[1].strip()) if len(parts) > 1 and parts[1].strip() else {}
    return {**params, **secrets}

params = read_stdin_params()
api_key = params.get('api_key')  # Secure - not in process list!

Secure Shell Action

Action YAML:

parameter_delivery: stdin
parameter_format: json

Action Script:

#!/bin/bash
read -r PARAMS_JSON
API_KEY=$(echo "$PARAMS_JSON" | jq -r '.api_key')
# Secure - not visible in ps output!

File-Based Delivery (Large Payloads)

Action YAML:

# Explicitly use file delivery for large payloads
parameter_delivery: file
parameter_format: yaml

Action Script:

#!/usr/bin/env python3
import os
import yaml

param_file = os.environ['ATTUNE_PARAMETER_FILE']
with open(param_file, 'r') as f:
    params = yaml.safe_load(f)
# File has mode 0400 - only owner can read

Updated Actions

Core Pack Actions

Updated packs/core/actions/http_request.yaml to explicitly use secure delivery:

parameter_delivery: stdin
parameter_format: json

This action handles API tokens and credentials. It explicitly specifies stdin+json (though these are now the defaults).

Simple actions like echo.yaml, sleep.yaml, and noop.yaml use the default stdin delivery (comments indicate they could use defaults):

# Uses default stdin + json (secure for all actions)
# parameter_delivery: stdin
# parameter_format: json

Documentation

New Documentation

Created comprehensive documentation:

docs/actions/parameter-delivery.md (568 lines)

  • Overview of security concerns
  • Detailed explanation of each delivery method
  • Format descriptions with examples
  • Complete action examples (Python and Shell)
  • Best practices and recommendations
  • Migration guide for existing actions
  • Troubleshooting tips

Updated Documentation

docs/packs/pack-structure.md

  • Added parameter delivery fields to action metadata documentation
  • Updated action implementation examples to show secure patterns
  • Added security warnings about environment variable visibility
  • Included examples for all three delivery methods
  • Updated security section with parameter delivery recommendations

Security Improvements

Before

# Visible to anyone with ps access
ps aux | grep worker
... ATTUNE_ACTION_DB_PASSWORD=secret123 ...

After (with stdin delivery)

# Parameters not visible in process list
ps aux | grep worker
... ATTUNE_PARAMETER_DELIVERY=stdin ATTUNE_PARAMETER_FORMAT=json ...

Before: Sensitive parameters (passwords, API keys) visible in ps aux output
After: Parameters delivered securely via stdin or temporary files, NEVER visible in process listings

Security by Design

Parameters (Always Secure):

  1. Standard Input ( High Security, DEFAULT)

    • Not visible in process listings
    • Recommended for most actions
    • Good for structured parameters

  2. Temporary Files ( High Security)

    • Restrictive permissions (mode 0400)
    • Not visible in process listings
    • Best for large payloads (>1MB)
    • Automatic cleanup after execution

Environment Variables (Separate from Parameters):

  • Stored in execution.env_vars (JSONB)
  • Set as environment variables by worker
  • Used for execution context, not sensitive data
  • Examples: ATTUNE_EXECUTION_ID, custom config values

Backward Compatibility

Secure by Default (Changed 2025-02-05)

Actions without parameter_delivery and parameter_format specified automatically default to:

  • parameter_delivery: stdin
  • parameter_format: json

This is a breaking change, but allowed because we're in pre-production with no users or deployments (per AGENTS.md policy).

Key Change: Parameters can no longer be passed as environment variables. The env delivery option has been removed entirely. Parameters are always secure (stdin or file).

Migration Path

New actions use secure defaults automatically:

  1. Write action script to read from stdin (the default)
  2. Test thoroughly
  3. Deploy

All actions use secure parameter delivery:

  1. Write action script to read from stdin (the default) or file (for large payloads)
  2. Use execution.env_vars for execution context (separate from parameters)
  3. Test thoroughly
  4. Deploy

Testing

Unit Tests

Added comprehensive tests in parameter_passing.rs:

  • test_format_dotenv() - Dotenv formatting with proper escaping
  • test_format_dotenv_escaping() - Single quote escaping
  • test_format_json() - JSON serialization
  • test_format_yaml() - YAML serialization
  • test_add_parameters_to_env() - Environment variable creation
  • test_create_parameter_file() - Temporary file creation
  • test_prepare_parameters_env() - Env delivery preparation
  • test_prepare_parameters_stdin() - Stdin delivery preparation
  • test_prepare_parameters_file() - File delivery preparation

Integration Testing

Actions should be tested with various parameter delivery methods:

  • Environment variables (existing behavior)
  • Stdin with JSON format
  • Stdin with YAML format
  • File with JSON format
  • File with YAML format

Performance Impact

Minimal Overhead

  • Environment variables: No change (baseline)
  • Stdin delivery: Negligible overhead (milliseconds for JSON/YAML parsing)
  • File delivery: Slight overhead for file I/O, but beneficial for large payloads

Resource Usage

  • Temporary files are small (parameters only, not action code)
  • Files automatically cleaned up after execution
  • Memory usage unchanged

Best Practices for Action Developers

1. Choose Appropriate Delivery Method

Scenario Use
Most actions Default (stdin + json)
API keys, passwords Default (stdin + json)
Large configurations (>1MB) file + yaml
Shell scripts Default (stdin + json or dotenv)
Python/Node.js actions Default (stdin + json)
Execution context execution.env_vars (separate)

2. Always Mark Sensitive Parameters

parameters:
  api_key:
    type: string
    secret: true  # Important!

3. Handle Both Old and New Delivery

For maximum compatibility, actions can detect delivery method:

delivery = os.environ.get('ATTUNE_PARAMETER_DELIVERY', 'env')
if delivery == 'stdin':
    params = read_from_stdin()
else:
    params = read_from_env()

4. Never Log Sensitive Parameters

# Good
logger.info(f"Calling API endpoint: {params['endpoint']}")

# Bad
logger.debug(f"Parameters: {params}")  # May contain secrets!

Future Enhancements

Potential Improvements

  1. Encrypted Parameter Files: Encrypt temporary files for additional security
  2. Parameter Validation: Validate parameters against schema before delivery
  3. Memory-Only Delivery: Option to pass parameters via shared memory (no disk I/O)
  4. Audit Logging: Log parameter access for compliance
  5. Per-Parameter Delivery: Different delivery methods for different parameters

Monitoring

Consider adding metrics for:

  • Parameter delivery method usage
  • File creation/cleanup success rates
  • Parameter size distributions
  • Delivery method performance

Migration Checklist for New Actions

Default is now secure - most actions need no changes!

  • Write action script to read from stdin (the default)
  • Add secret: true to sensitive parameter schemas
  • Test with actual credentials
  • Verify parameters not visible in process listings
  • Update pack documentation

For execution context variables:

  • Use execution.env_vars when creating executions
  • Read from environment in action script
  • Only use for non-sensitive configuration
  • Parameters remain separate (via stdin/file)

Related Work

  • Migration: migrations/20250205000001_action_parameter_delivery.sql
  • Models: crates/common/src/models.rs (ParameterDelivery, ParameterFormat enums)
  • Runtime: crates/worker/src/runtime/parameter_passing.rs (new module)
  • Shell Runtime: crates/worker/src/runtime/shell.rs (updated)
  • Native Runtime: crates/worker/src/runtime/native.rs (updated)
  • Executor: crates/worker/src/executor.rs (updated)
  • Loader: scripts/load_core_pack.py (updated)
  • Documentation: docs/actions/parameter-delivery.md (new)
  • Documentation: docs/packs/pack-structure.md (updated)

Compliance & Security

Security Standards Addressed

  • OWASP: Addresses "Sensitive Data Exposure" vulnerability
  • CWE-214: Information Exposure Through Process Environment
  • PCI DSS: Requirement 3 (Protect stored cardholder data)

Recommendations for Production

  1. Audit existing actions for sensitive parameter usage
  2. Migrate critical actions to stdin/file delivery immediately
  3. Set policy requiring stdin/file for new actions with credentials
  4. Monitor process listings to verify no secrets are exposed
  5. Document security requirements in pack development guidelines

Conclusion

This implementation provides a robust, secure, and backward-compatible solution for parameter passing in Attune actions. It addresses a critical security vulnerability while maintaining full compatibility with existing actions and providing a clear migration path for enhanced security.

The three-tiered approach (delivery method + format + defaults) gives action developers flexibility to choose the right balance of security, performance, and ease of use for their specific use cases.

Key Achievement:

  1. Parameters are secure by design - No option to pass as environment variables
  2. Clear separation - Parameters (action data) vs Environment Variables (execution context)
  3. Secure by default - stdin + json for all actions
  4. Not visible in process listings - Parameters never exposed via ps or /proc

Breaking Change Justification: Since Attune is in pre-production with no users, deployments, or stable releases (per AGENTS.md), we removed the insecure env delivery option entirely and separated environment variables from parameters. This provides secure-by-design behavior where it's impossible to accidentally expose parameters in process listings.

Reference in New Issue View Git Blame Copy Permalink