# Roadmap

## High-Level Evolution Plan

1. Hardened read-only gateway baseline.
2. Policy-driven authorization and observability.
3. Controlled write-mode rollout.
4. Automation and event-driven workflows.
5. Continuous hardening and enterprise controls.

## Threat Model Updates

- Primary threats: credential theft, over-permissioned automation, prompt injection via repo data, policy bypass, audit tampering.
- Secondary threats: denial-of-service, misconfiguration drift, unsafe deployment defaults.

## Security Model

- API key authentication + auth failure throttling.
- Per-IP and per-token request rate limits.
- Secret detection and outbound sanitization.
- Tamper-evident audit logs with integrity verification.
- No production stack-trace disclosure.

## Policy Model

- YAML policy with global and per-repository allow/deny rules.
- Optional path restrictions for file-oriented tools.
- Default write deny.
- Write-mode repository whitelist enforcement.

## Capability Matrix Concept

- `Read` capabilities: enabled by default but policy-filtered.
- `Write` capabilities: disabled by default, policy + whitelist gated.
- `Automation` capabilities: disabled by default, policy-controlled.

## Audit Log Design

- JSON lines.
- `prev_hash` + `entry_hash` chain.
- Correlation/request IDs for traceability.
- Validation script for chain integrity.

## Write-Mode Architecture

- Separate write tool set with strict schemas.
- Global toggle (`WRITE_MODE`) + per-repo whitelist.
- Policy engine still authoritative.
- No merge, branch deletion, or force push endpoints.

## Deployment Architecture

- Non-root container runtime.
- Read-only filesystem where practical.
- Explicit opt-in for insecure bind.
- Separate dev and prod compose profiles.

## Observability Architecture

- Structured JSON logs with request correlation.
- Prometheus-compatible `/metrics` endpoint.
- Tool execution counters and duration aggregates.

## Risk Analysis

- Highest risk: write-mode misuse and policy misconfiguration.
- Mitigations: deny-by-default, whitelist, audit chain, tests, docs, reviews.

## Extensibility Notes

- Add new tools only through schema + policy + docs + tests path.
- Keep transport-agnostic execution core for webhook/scheduler integrations.