73 lines
2.2 KiB
Markdown
73 lines
2.2 KiB
Markdown
# Roadmap
|
|
|
|
## High-Level Evolution Plan
|
|
|
|
1. Hardened read-only gateway baseline.
|
|
2. Policy-driven authorization and observability.
|
|
3. Controlled write-mode rollout.
|
|
4. Automation and event-driven workflows.
|
|
5. Continuous hardening and enterprise controls.
|
|
|
|
## Threat Model Updates
|
|
|
|
- Primary threats: credential theft, over-permissioned automation, prompt injection via repo data, policy bypass, audit tampering.
|
|
- Secondary threats: denial-of-service, misconfiguration drift, unsafe deployment defaults.
|
|
|
|
## Security Model
|
|
|
|
- API key authentication + auth failure throttling.
|
|
- Per-IP and per-token request rate limits.
|
|
- Secret detection and outbound sanitization.
|
|
- Tamper-evident audit logs with integrity verification.
|
|
- No production stack-trace disclosure.
|
|
|
|
## Policy Model
|
|
|
|
- YAML policy with global and per-repository allow/deny rules.
|
|
- Optional path restrictions for file-oriented tools.
|
|
- Default write deny.
|
|
- Write-mode repository whitelist enforcement.
|
|
|
|
## Capability Matrix Concept
|
|
|
|
- `Read` capabilities: enabled by default but policy-filtered.
|
|
- `Write` capabilities: disabled by default, policy + whitelist gated.
|
|
- `Automation` capabilities: disabled by default, policy-controlled.
|
|
|
|
## Audit Log Design
|
|
|
|
- JSON lines.
|
|
- `prev_hash` + `entry_hash` chain.
|
|
- Correlation/request IDs for traceability.
|
|
- Validation script for chain integrity.
|
|
|
|
## Write-Mode Architecture
|
|
|
|
- Separate write tool set with strict schemas.
|
|
- Global toggle (`WRITE_MODE`) + per-repo whitelist.
|
|
- Policy engine still authoritative.
|
|
- No merge, branch deletion, or force push endpoints.
|
|
|
|
## Deployment Architecture
|
|
|
|
- Non-root container runtime.
|
|
- Read-only filesystem where practical.
|
|
- Explicit opt-in for insecure bind.
|
|
- Separate dev and prod compose profiles.
|
|
|
|
## Observability Architecture
|
|
|
|
- Structured JSON logs with request correlation.
|
|
- Prometheus-compatible `/metrics` endpoint.
|
|
- Tool execution counters and duration aggregates.
|
|
|
|
## Risk Analysis
|
|
|
|
- Highest risk: write-mode misuse and policy misconfiguration.
|
|
- Mitigations: deny-by-default, whitelist, audit chain, tests, docs, reviews.
|
|
|
|
## Extensibility Notes
|
|
|
|
- Add new tools only through schema + policy + docs + tests path.
|
|
- Keep transport-agnostic execution core for webhook/scheduler integrations.
|