The secrets boundary is Layer 02 of the Codokey Protocol. It defines the code-key boundary: which credential classes must never enter an AI agent's read context, and which repository trust boundaries must exclude them by default.
codokey / security /secrets-boundary.diffCRITICAL REFERENCE
+8 categories defined−8 assumptions removed
@@
@@ class: API_KEY — severity: CRITICAL — exposure vector: hardcoded config, test fixtures @@
1
+
type APIKey = { pattern: "X-API-KEY | Authorization: Bearer", risk: "full service authority if leaked" }
@@
@@ class: ACCESS_TOKEN — severity: CRITICAL — live attack surface during validity window @@
2
+
type AccessToken = { variants: ["OAuth","JWT","Bearer","Session"], agentVector: "open files in IDE agent sessions" }
@@
@@ class: SSH_KEY — severity: CRITICAL — persistent access until key pair rotated @@
3
+
type SSHKey = { location: "~/.ssh/id_rsa | ed25519", agentVector: "broad filesystem scope exposes key directories" }
@@
@@ class: SIGNING_KEY — severity: CRITICAL — supply chain attack vector @@
4
+
type SigningKey = { types: ["GPG","CodeSigning","TLS"], risk: "attacker can produce artifacts appearing legitimate" }
@@
@@ class: ENV_VARIABLE — severity: HIGH — most common developer oversight @@
5
−
// "the agent won't read .env files" — this assumption is the gap
5
+
type EnvVariable = { pattern: ".env | process.env", governance: "MUST be excluded from agent read scope. Always." }
@@
@@ class: CLOUD_CREDENTIAL — severity: HIGH — entire infrastructure exposure @@
6
+
type CloudCredential = { providers: ["AWS_ACCESS_KEY","GCP_KEY","AZURE_CLIENT"], agentNote: "~/.aws/credentials within broad-scope agent filesystem" }
@@
@@ class: DATABASE_CREDENTIAL — severity: HIGH — bulk data exfiltration risk @@
7
+
type DatabaseCredential = { pattern: "DB_USER | DB_PASS | CONNECTION_STRING", foundIn: "ORM config, migration scripts, legacy strings" }
@@
@@ class: GIT_TOKEN — severity: HIGH — repository access, CI/CD triggers, deployment keys @@
8
+
type GitToken = { variants: ["GITHUB_TOKEN","GH_PAT","Deploy Keys"], note: "broad-scope PATs are high-value targets for supply-chain attacks" }
@@
@@ GOVERNANCE RULE — applies to all secret classes without exception @@
9
+
const rule = "Secret scanning, scope restrictions, and audit logging must be in place BEFORE agent sessions begin."
10
+
// Governance cannot be retroactive. Define the boundary before the agent enters the codebase.