fastapi-gsap

tking/fastapi-gsap

SHA256

Fork 0

Commit graph

Author	SHA256	Message	Date
Tyler J King	782f5654ac	fix: shared bearer auth, delegation depth, SQLite permissions C-4: MCP endpoint requires verified bearer token. Unauthenticated requests rejected. _extract_principal() replaced by verified AuthResult from middleware. C-8: All delegation endpoints require verified bearer token. X-Delegator-DID header removed — identity from token only. delegator_ac_id validated to belong to authenticated principal. Only delegators can revoke. Only delegator/delegate can view. H-6: SQLite file permissions restricted to 0o600 (owner-only). Umask set before creation. WAL/SHM files also restricted. H-7: Delegation depth tracked and enforced against max_delegation_depth. Sub-delegations increment depth. Exceeded depth → 403. Shared TokenAuthenticator auto-detects identity driver from JWT issuer claim (Keycloak or Entra). verify_bearer FastAPI dependency for all protected endpoints. Health endpoint remains public. ALL 10 critical findings CLOSED. ALL 10 high findings CLOSED. Signed-off-by: Tyler King <tking@guildhouse.dev>	2026-04-14 17:31:46 -04:00
Tyler J King	e24a87db6f	feat(mcp): add Intune device management tools MCP tools for list_devices, get_device_compliance, sync_device, remote_lock. All route through governed IntuneConnector invocation with Chronicle audit. Signed-off-by: Tyler King <tking@guildhouse.dev>	2026-04-14 05:25:08 -04:00
Tyler King	3ed75169c7	feat: MCP endpoint — governance primitives as MCP tools POST /mcp — Streamable HTTP JSON-RPC 2.0 (MCP spec 2024-11-05) 11 governance tools for consortia builders: request_ac — AC issuance (wraps /governance/authorize/) validate_ac — AC validation (wraps /governance/authorize/{token}/) post_cr — CR posting (wraps /governance/complete/) query_accord — AccordTemplate lookup request_delegation — proxy to LLM Principal Broker revoke_delegation — proxy to LLM Principal Broker get_delegation — proxy to LLM Principal Broker list_agents — proxy to LLM Principal Broker get_posture — DEFCON level and restrictions (30s cache) check_operation — dry-run operation check against posture session_info — current session context Tool handlers call existing broker internals — no logic duplication. Delegation tools proxy to LLM Principal Broker via HTTP. Every tool call recorded in Chronicle (MCP_TOOL_CALL 0x3020). Any MCP-compatible agent can discover and use governance operations through standard protocol — no Capstone, no Django required. All 7 smoke tests pass (init, list, posture, check_op, session, accord, error). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-04 18:42:29 -04:00

Author

SHA256

Message

Date

Tyler J King

782f5654ac

fix: shared bearer auth, delegation depth, SQLite permissions

C-4: MCP endpoint requires verified bearer token. Unauthenticated
     requests rejected. _extract_principal() replaced by verified
     AuthResult from middleware.
C-8: All delegation endpoints require verified bearer token.
     X-Delegator-DID header removed — identity from token only.
     delegator_ac_id validated to belong to authenticated principal.
     Only delegators can revoke. Only delegator/delegate can view.
H-6: SQLite file permissions restricted to 0o600 (owner-only).
     Umask set before creation. WAL/SHM files also restricted.
H-7: Delegation depth tracked and enforced against max_delegation_depth.
     Sub-delegations increment depth. Exceeded depth → 403.

Shared TokenAuthenticator auto-detects identity driver from JWT
issuer claim (Keycloak or Entra). verify_bearer FastAPI dependency
for all protected endpoints. Health endpoint remains public.

ALL 10 critical findings CLOSED. ALL 10 high findings CLOSED.

Signed-off-by: Tyler King <tking@guildhouse.dev>

2026-04-14 17:31:46 -04:00

Tyler J King

e24a87db6f

feat(mcp): add Intune device management tools

MCP tools for list_devices, get_device_compliance, sync_device,
remote_lock. All route through governed IntuneConnector
invocation with Chronicle audit.

Signed-off-by: Tyler King <tking@guildhouse.dev>

2026-04-14 05:25:08 -04:00

Tyler King

3ed75169c7

feat: MCP endpoint — governance primitives as MCP tools

POST /mcp — Streamable HTTP JSON-RPC 2.0 (MCP spec 2024-11-05)

11 governance tools for consortia builders:
  request_ac          — AC issuance (wraps /governance/authorize/)
  validate_ac         — AC validation (wraps /governance/authorize/{token}/)
  post_cr             — CR posting (wraps /governance/complete/)
  query_accord        — AccordTemplate lookup
  request_delegation  — proxy to LLM Principal Broker
  revoke_delegation   — proxy to LLM Principal Broker
  get_delegation      — proxy to LLM Principal Broker
  list_agents         — proxy to LLM Principal Broker
  get_posture         — DEFCON level and restrictions (30s cache)
  check_operation     — dry-run operation check against posture
  session_info        — current session context

Tool handlers call existing broker internals — no logic duplication.
Delegation tools proxy to LLM Principal Broker via HTTP.
Every tool call recorded in Chronicle (MCP_TOOL_CALL 0x3020).

Any MCP-compatible agent can discover and use governance operations
through standard protocol — no Capstone, no Django required.

All 7 smoke tests pass (init, list, posture, check_op, session, accord, error).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-04 18:42:29 -04:00

3 commits