diff --git a/AGENTS.md b/AGENTS.md index 0b7bcd6a..0a16f615 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -27,7 +27,6 @@ Quick reference for AI agents working with MCP Gateway (Go-based MCP proxy serve - `internal/server/` - HTTP server (routed/unified modes) - `internal/mcp/` - MCP protocol types with enhanced error logging - `internal/launcher/` - Backend process management -- `internal/difc/` - Security labels (not enabled) - `internal/guard/` - Security guards (NoopGuard active) - `internal/auth/` - Authentication header parsing and middleware - `internal/logger/` - Debug logging framework (micro logger) @@ -355,11 +354,9 @@ DEBUG_COLORS=0 DEBUG=* ./awmg --config config.toml - **Auth**: `Authorization: ` header (plain API key per spec 7.1, NOT Bearer scheme) - **Sessions**: Session ID extracted from Authorization header value -- **DIFC**: Implemented but disabled (NoopGuard active) - **Stdio servers**: Containerized execution only (no direct command support) ## Resources - [README.md](./README.md) - Full documentation -- [DIFC Proposal](./docs/DIFC_INTEGRATION_PROPOSAL.md) - Security design - [MCP Protocol](https://github.com/modelcontextprotocol) - Specification diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 2bc1aac4..17c100dc 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -216,7 +216,6 @@ awmg/ ├── launcher/ # Backend server management ├── mcp/ # MCP protocol types & connection ├── server/ # HTTP server (routed/unified modes) - ├── difc/ # Security labels (not enabled) ├── guard/ # Security guards (NoopGuard active) ├── logger/ # Debug logging framework ├── timeutil/ # Time formatting utilities @@ -230,7 +229,6 @@ awmg/ - **`internal/server/`** - HTTP server with routed and unified modes - **`internal/mcp/`** - MCP protocol types and JSON-RPC handling - **`internal/launcher/`** - Backend process management (Docker, stdio) -- **`internal/difc/`** - DIFC security infrastructure (not yet enabled) - **`internal/guard/`** - Guard framework for resource labeling - **`internal/logger/`** - Micro logger for debug output @@ -481,12 +479,6 @@ When you push a release tag, the automated release workflow: - Unified mode: All backends at `/mcp` - Basic request/response proxying -### DIFC Integration (Not Yet Enabled) - -The codebase includes a complete **Decentralized Information Flow Control (DIFC)** implementation that is not yet enabled by default. See [`docs/DIFC_INTEGRATION_PROPOSAL.md`](docs/DIFC_INTEGRATION_PROPOSAL.md) for full design details. - -**Current Status**: All DIFC infrastructure is implemented and tested, but only the `NoopGuard` is active (which returns empty labels, effectively disabling enforcement). - ## Questions or Issues? - Check existing [issues](https://github.com/githubnext/gh-aw-mcpg/issues) diff --git a/README.md b/README.md index a42b1a98..69455174 100644 --- a/README.md +++ b/README.md @@ -194,7 +194,6 @@ Usage: Flags: -c, --config string Path to config file (default "config.toml") --config-stdin Read MCP server configuration from stdin (JSON format). When enabled, overrides --config - --enable-difc Enable DIFC enforcement and session requirement (requires sys___init call before tool access) --env string Path to .env file to load environment variables -h, --help help for awmg -l, --listen string HTTP server listen address (default "127.0.0.1:3000") @@ -448,54 +447,6 @@ This Go port focuses on core MCP proxy functionality with optional security feat - ✅ Basic request/response proxying - ✅ Enhanced error debugging and troubleshooting -### DIFC Integration (Not Yet Enabled) - -MCPG includes a complete implementation of **Decentralized Information Flow Control (DIFC)** for information security, but it is **not yet enabled by default**. The DIFC system provides: - -- **Label-based Security**: Track information flow with secrecy and integrity labels -- **Reference Monitor**: Centralized policy enforcement for all MCP operations -- **Guard Framework**: Domain-specific resource labeling (e.g., GitHub repos, files) -- **Agent Tracking**: Per-agent taint tracking across requests -- **Fine-grained Control**: Collection filtering for partial access to resources - -#### DIFC Components (Implemented) - -``` -internal/difc/ -├── labels.go # Secrecy/integrity labels with flow semantics -├── resource.go # Resource labeling (coarse & fine-grained) -├── evaluator.go # DIFC policy evaluation & enforcement -├── agent.go # Per-agent label tracking (taint tracking) -└── capabilities.go # Global tag registry - -internal/guard/ -├── guard.go # Guard interface definition -├── noop.go # NoopGuard (default, allows all operations) -├── registry.go # Guard registration & lookup -└── context.go # Agent ID extraction utilities -``` - -#### How DIFC Works (When Enabled) - -1. **Resource Labeling**: Guards label resources based on domain knowledge (e.g., "repo:owner/name", "visibility:private") -2. **Agent Tracking**: Each agent has secrecy/integrity labels that accumulate through reads (taint tracking) -3. **Policy Enforcement**: Reference Monitor checks if operations violate label flow semantics: - - **Read**: Resource secrecy must flow to agent secrecy (resource ⊆ agent) - - **Write**: Agent integrity must flow to resource integrity (agent ⊆ resource) -4. **Fine-grained Filtering**: Collections (e.g., search results) automatically filtered to allowed items - -#### Enabling DIFC (Future) - -To enable DIFC enforcement, you'll need to: - -1. **Implement domain-specific guards** (e.g., GitHub, filesystem) -2. **Configure agent labels** in `config.toml` -3. **Register guards** in server initialization - -See [`docs/DIFC_INTEGRATION_PROPOSAL.md`](docs/DIFC_INTEGRATION_PROPOSAL.md) for full design details. - -**Current Status**: All DIFC infrastructure is implemented and tested, but only the `NoopGuard` is active (which returns empty labels, effectively disabling enforcement). Custom guards for specific backends (GitHub, filesystem, etc.) are not yet implemented. - ## MCP Server Compatibility **Not all MCP servers work the same way through the HTTP gateway.** The key difference is **architecture** (stateless vs stateful), not transport.