Hiddenden/AegisGitea-MCP
3
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3bd09d02b22039a4c1377068800d3e504ce9b065
AegisGitea-MCP/docs/roadmap.md

2.2 KiB
Raw Blame History

Roadmap

High-Level Evolution Plan

  1. Hardened read-only gateway baseline.
  2. Policy-driven authorization and observability.
  3. Controlled write-mode rollout.
  4. Automation and event-driven workflows.
  5. Continuous hardening and enterprise controls.

Threat Model Updates

  • Primary threats: credential theft, over-permissioned automation, prompt injection via repo data, policy bypass, audit tampering.
  • Secondary threats: denial-of-service, misconfiguration drift, unsafe deployment defaults.

Security Model

  • API key authentication + auth failure throttling.
  • Per-IP and per-token request rate limits.
  • Secret detection and outbound sanitization.
  • Tamper-evident audit logs with integrity verification.
  • No production stack-trace disclosure.

Policy Model

  • YAML policy with global and per-repository allow/deny rules.
  • Optional path restrictions for file-oriented tools.
  • Default write deny.
  • Write-mode repository whitelist enforcement.

Capability Matrix Concept

  • Read capabilities: enabled by default but policy-filtered.
  • Write capabilities: disabled by default, policy + whitelist gated.
  • Automation capabilities: disabled by default, policy-controlled.

Audit Log Design

  • JSON lines.
  • prev_hash + entry_hash chain.
  • Correlation/request IDs for traceability.
  • Validation script for chain integrity.

Write-Mode Architecture

  • Separate write tool set with strict schemas.
  • Global toggle (WRITE_MODE) + per-repo whitelist.
  • Policy engine still authoritative.
  • No merge, branch deletion, or force push endpoints.

Deployment Architecture

  • Non-root container runtime.
  • Read-only filesystem where practical.
  • Explicit opt-in for insecure bind.
  • Separate dev and prod compose profiles.

Observability Architecture

  • Structured JSON logs with request correlation.
  • Prometheus-compatible /metrics endpoint.
  • Tool execution counters and duration aggregates.

Risk Analysis

  • Highest risk: write-mode misuse and policy misconfiguration.
  • Mitigations: deny-by-default, whitelist, audit chain, tests, docs, reviews.

Extensibility Notes

  • Add new tools only through schema + policy + docs + tests path.
  • Keep transport-agnostic execution core for webhook/scheduler integrations.
Reference in New Issue View Git Blame Copy Permalink