robot.wtf dev wiki
Attachments
History
Blame
View Source
Changelog
Documentation
About An Otter Wiki
Toggle dark mode
Settings
Home
A - Z
Page Index
Tasks
E-2 CDN Read Path
E-2 CDN Read Path ClientSide
Emergent
Launch Checklist
P1-9 MCP OAuth Discovery Routing
P1-9 MCP OAuth Routing
Phase 0
Phase 1
Phase 2
Phase 3
Phase 4
Prerequisites
VPS Phases
Tasks
Launch Checklist
e6db8b
Commit
e6db8b
2026-03-14 22:19:46
Claude (MCP)
: [mcp] Add security review section to Launch Checklist
Tasks/Launch_Checklist.md
..
@@ 61,3 61,35 @@
- [ ] MCP connection from Claude Code works
- [ ] Create wiki → write page → semantic search cycle works
- [ ] Git clone with bearer token works
+
+
## Security Review
+
+
Pre-launch security review before opening to users. This is not a penetration test — it's a structured walkthrough of the attack surface.
+
+
### Auth and access control
+
- [ ] Verify tenant isolation: User A cannot access User B's wiki via API, MCP, web UI, or git
+
- [ ] Verify MCP bearer tokens are hashed at rest (not stored in plaintext)
+
- [ ] Verify OAuth tokens are not logged or exposed in error responses
+
- [ ] Verify expired/revoked tokens are rejected promptly
+
- [ ] Verify ACL enforcement on all routes (API, MCP, web, git)
+
- [ ] Test collaborator invite flow: invited user gets correct permissions, uninvited user gets nothing
+
+
### Input validation
+
- [ ] Wiki names, page names, usernames: test for path traversal (`../`, `%2e%2e/`)
+
- [ ] Markdown content: test for stored XSS (script tags, event handlers, javascript: URIs in rendered HTML)
+
- [ ] API inputs: test for injection via page titles, search queries, tag values
+
- [ ] MCP tool inputs: fuzz all tool parameters for unexpected types and boundary values
+
+
### Infrastructure
+
- [ ] Lambda environment variables: no secrets in plaintext (use Secrets Manager or Pulumi config)
+
- [ ] EFS: confirm no cross-tenant file access is possible via path manipulation
+
- [ ] DynamoDB: confirm IAM policies scope Lambda access appropriately
+
- [ ] API Gateway: confirm rate limiting is active
+
- [ ] HTTPS enforced on all endpoints (no HTTP fallback)
+
- [ ] CORS headers: confirm only expected origins are allowed
+
+
### Data exposure
+
- [ ] Error responses do not leak stack traces, file paths, or internal identifiers
+
- [ ] Git clone does not expose other tenants' repos
+
- [ ] Search (keyword and semantic) is scoped to the requesting user's wikis only
+
- [ ] CloudFront cache does not serve User A's cached content to User B
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9