a4a1dd2e38
Research conducted on modern AI coding assistants (Cursor, GitHub Copilot, Cline,
Aider, Windsurf, Replit Agent) to understand architecture patterns, context management,
code editing workflows, and tool use protocols.
Key Decision: Pivoted from building full CLI (40-50h) to validation-driven MCP-first
approach (10-15h). Build 5 core CODEX MCP tools that work with ANY coding assistant,
validate adoption over 2-4 weeks, then decide on full CLI if demand proven.
Files:
- research/ai-systems/modern-coding-assistants-architecture.md (comprehensive research)
- research/ai-systems/codex-coding-assistant-implementation-plan.md (original CLI plan, preserved)
- research/ai-systems/codex-mcp-tools-implementation-plan.md (approved MCP-first plan)
- ideas/registry.json (updated with approved MCP tools proposal)
Architech Validation: APPROVED with pivot to MCP-first approach
Human Decision: Approved (pragmatic validation-driven development)
Next: Begin Phase 1 implementation (10-15 hours, 5 core MCP tools)
🤖 Generated with CODEX Research System
Co-Authored-By: The Archivist <archivist@codex.svrnty.io>
Co-Authored-By: The Architech <architech@codex.svrnty.io>
Co-Authored-By: Mathias Beaulieu-Duncan <mat@svrnty.io>
102 lines
2.6 KiB
C#
102 lines
2.6 KiB
C#
namespace OpenHarbor.MCP.Gateway.Core.Configuration;
|
|
|
|
/// <summary>
|
|
/// Configuration for security features (authentication, authorization, rate limiting).
|
|
/// </summary>
|
|
public class SecurityConfig
|
|
{
|
|
/// <summary>
|
|
/// Whether to enable authentication.
|
|
/// </summary>
|
|
public bool EnableAuthentication { get; set; } = false;
|
|
|
|
/// <summary>
|
|
/// Authentication scheme: "ApiKey" or "JWT".
|
|
/// </summary>
|
|
public string? AuthenticationScheme { get; set; }
|
|
|
|
/// <summary>
|
|
/// List of valid API keys (for ApiKey authentication).
|
|
/// </summary>
|
|
public List<string>? ApiKeys { get; set; }
|
|
|
|
/// <summary>
|
|
/// JWT secret key (for JWT authentication).
|
|
/// </summary>
|
|
public string? JwtSecret { get; set; }
|
|
|
|
/// <summary>
|
|
/// JWT issuer (for JWT authentication).
|
|
/// </summary>
|
|
public string? JwtIssuer { get; set; }
|
|
|
|
/// <summary>
|
|
/// JWT audience (for JWT authentication).
|
|
/// </summary>
|
|
public string? JwtAudience { get; set; }
|
|
|
|
/// <summary>
|
|
/// Whether to enable authorization.
|
|
/// </summary>
|
|
public bool EnableAuthorization { get; set; } = false;
|
|
|
|
/// <summary>
|
|
/// Client permissions mapping (client ID -> list of allowed operations).
|
|
/// </summary>
|
|
public Dictionary<string, List<string>>? ClientPermissions { get; set; }
|
|
|
|
/// <summary>
|
|
/// Whether to enable rate limiting.
|
|
/// </summary>
|
|
public bool EnableRateLimiting { get; set; } = false;
|
|
|
|
/// <summary>
|
|
/// Maximum requests per minute per client.
|
|
/// </summary>
|
|
public int RequestsPerMinute { get; set; } = 60;
|
|
|
|
/// <summary>
|
|
/// Burst size for rate limiting.
|
|
/// </summary>
|
|
public int BurstSize { get; set; } = 10;
|
|
|
|
/// <summary>
|
|
/// Validates the security configuration.
|
|
/// </summary>
|
|
/// <returns>True if configuration is valid, false otherwise.</returns>
|
|
public bool Validate()
|
|
{
|
|
// If authentication is disabled, configuration is valid
|
|
if (!EnableAuthentication)
|
|
{
|
|
return true;
|
|
}
|
|
|
|
// If authentication is enabled, must have a scheme
|
|
if (string.IsNullOrEmpty(AuthenticationScheme))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
// Validate ApiKey scheme
|
|
if (AuthenticationScheme == "ApiKey")
|
|
{
|
|
if (ApiKeys == null || ApiKeys.Count == 0)
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// Validate JWT scheme
|
|
if (AuthenticationScheme == "JWT")
|
|
{
|
|
if (string.IsNullOrEmpty(JwtSecret))
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
}
|