AVP Security Considerations

April 3, 2026 · View on GitHub

Transport Security

Minimum: TLS 1.2
Recommended: TLS 1.3
Required: HTTPS (never HTTP)

Authentication

Recommended approaches:

API Keys (service-to-service)
OAuth 2.0 (user-delegated)
mTLS (high-security)

Data Privacy

Hidden states and KV-cache payloads may contain sensitive information derived from model inputs.

DO log:

Metadata (timestamps, agent IDs, sizes, payload types)
Headers

DO NOT log:

Raw tensor payloads (hidden states, KV-cache)
Binary data

DoS Protection

Limit message size (10MB max recommended)
Rate limiting per agent
Validate headers before reading payload
Set decompression timeouts
Enforce session TTL and cleanup expired sessions