feat: harden gateway with policy engine, secure tools, and governance docs

2026-02-14 16:05:56 +01:00
parent e17d34e6d7
commit 5969892af3
55 changed files with 4711 additions and 1587 deletions
--- a/scripts/validate_audit_log.py
+++ b/scripts/validate_audit_log.py
@@ -0,0 +1,41 @@
+#!/usr/bin/env python3
+"""Validate tamper-evident Aegis audit log integrity."""
+
+from __future__ import annotations
+
+import argparse
+import sys
+from pathlib import Path
+
+from aegis_gitea_mcp.audit import validate_audit_log_integrity
+
+
+def parse_args() -> argparse.Namespace:
+    """Parse command line arguments."""
+    parser = argparse.ArgumentParser(description="Validate Aegis audit log hash chain")
+    parser.add_argument(
+        "--path",
+        type=Path,
+        default=Path("/var/log/aegis-mcp/audit.log"),
+        help="Path to audit log file",
+    )
+    return parser.parse_args()
+
+
+def main() -> int:
+    """Validate audit chain and return process exit code."""
+    args = parse_args()
+    is_valid, errors = validate_audit_log_integrity(args.path)
+
+    if is_valid:
+        print(f"Audit log integrity OK: {args.path}")
+        return 0
+
+    print(f"Audit log integrity FAILED: {args.path}")
+    for error in errors:
+        print(f"- {error}")
+    return 1
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())