Code-completion proxy
The Guardian sits between the code-completion model and the IDE.
What it does
- A model (GPT-4o, Claude, internal) returns a code suggestion.
- The Guardian checks the suggestion for: live secrets, IMDS curls, license-incompatible patterns, prompt-injection in comments, dependency typosquats.
- Passed suggestions reach the IDE unchanged. Corrected suggestions are patched (e.g. obvious secrets stripped). Blocked suggestions never appear in the editor.
Where Trinitite plugs in
| Surface | What governs it |
|---|---|
| Every code-completion call | A code-suggestion-safety Guardian. |
| Per-developer attribution | A nhi_dev_<username> identity tag on every call. |
| Forensic ledger | Every suggestion (passed, corrected, blocked) writes a receipt — including which IDE. |
| Secret leak alerts | A secrets-detected rule on the security stream → PagerDuty. |
| IMDS exfil | L6 IMDS Shield catches it regardless of how the curl is constructed. |
Concrete failure modes governed
- Live API key in suggestion — see T-OUT-002.
curl 169.254.169.254in a suggestion that gets accepted — see T-CLI-002.- License-incompatible verbatim copy — caught by a code-license-classifier sub-Guardian.
What's next
→ Skill Vault — provenance for the tools the agent uses.
→ Cookbook: SIEM export — wire the secret-detection events into your SIEM.