fix: llm proxy hardening and behavior consistency h-batch-7-final by crivetimihai · Pull Request #3120 · IBM/mcp-context-forge

crivetimihai · 2026-02-23T11:35:19Z

Implements C-17 hardening for LLM proxy RBAC and scoped token enforcement.

Enforces RBAC on LLM proxy endpoints:
- POST {llm_api_prefix}/chat/completions -> llm.invoke
- GET {llm_api_prefix}/models -> llm.read
Adds llm.read and llm.invoke permissions to the RBAC permission set.
Updates default role grants for team_admin/developer/viewer/platform_viewer.
Adds token-scoping permission mapping for LLM proxy paths with configurable llm_api_prefix.
Adds idempotent Alembic backfill migration for existing role permission sets.
Adds regression unit tests for allow/deny behavior and token-scoping mapping.

Local validating commit: 7ce3fdd

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

crivetimihai · 2026-02-23T12:16:05Z

Follow-up fixes landed for Alembic compatibility and the additional hardening items.

New commits:

0e1bb987b fix: harden alembic sqlite migration compatibility
1c3b0a6e7 fix: tighten llm token scoping and update rbac docs

What changed:

Hardened multiple migrations to be idempotent and SQLite-safe on fresh upgrade chains (table/column existence guards, safe reflection, safe constraint/index ops):
- a706a3320c56_use_argon2id_for_encryption_key.py
- f3a3a3d901b8_remove_gateway_url_unique_constraint.py
- 191a2def08d7_resource_rename_template_to_uri_template.py
- n8h9i0j1k2l3_add_database_indexes.py
- 4f07c116f917_add_indexes_for_pagination.py
- a8f3b2c1d4e5_add_gateway_refresh_fields.py
- 43c07ed25a24_add_oauth_fields_to_servers.py
Tightened LLM token-scoping patterns to exact endpoint matches (optional trailing slash only):
- mcpgateway/middleware/token_scoping.py
Added token-scoping test cache hygiene and exact-path regression coverage:
- tests/unit/mcpgateway/middleware/test_token_scoping.py
Updated RBAC docs role table to include llm.read / llm.invoke role grants:
- docs/docs/manage/rbac.md

Verification run (local):

cd mcpgateway && alembic heads -> 9f5d93ced2b3 (head)
rm -f /tmp/c17_sqlite_alembic.db && cd mcpgateway && DATABASE_URL=sqlite:////tmp/c17_sqlite_alembic.db alembic upgrade head
cd mcpgateway && DATABASE_URL=sqlite:////tmp/c17_sqlite_alembic.db alembic current -> 9f5d93ced2b3 (head)
cd mcpgateway && DATABASE_URL=sqlite:////tmp/c17_sqlite_alembic.db alembic downgrade -1 && DATABASE_URL=sqlite:////tmp/c17_sqlite_alembic.db alembic upgrade head
uv run pytest tests/unit/mcpgateway/middleware/test_token_scoping.py -q
uv run pytest tests/unit/mcpgateway/routers/test_llm_proxy_router.py -q
uv run pytest tests/unit/mcpgateway/middleware/test_rbac_endpoint_coverage.py -q
uv run pytest tests/unit/mcpgateway/services/test_rbac_permission_matrix.py -q
make flake8

All commands above completed successfully.

…M#3120) * fix: llm proxy hardening and behavior consistency Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update AGENTS.md Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * chore: lint docstring hardening and behavior consistency Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix: harden alembic sqlite migration compatibility Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix: tighten llm token scoping and update rbac docs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Signed-off-by: cafalchio <mcafalchio@gmail.com>

) * fix: llm proxy hardening and behavior consistency Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update AGENTS.md Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * chore: lint docstring hardening and behavior consistency Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix: harden alembic sqlite migration compatibility Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix: tighten llm token scoping and update rbac docs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

crivetimihai added 2 commits February 23, 2026 11:13

fix: llm proxy hardening and behavior consistency

7ce3fdd

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

Update AGENTS.md

3ad9592

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

crivetimihai requested review from kevalmahajan and madhav165 as code owners February 23, 2026 11:35

crivetimihai self-assigned this Feb 23, 2026

crivetimihai changed the title ~~fix: llm proxy hardening and behavior consistency~~ fix: llm proxy hardening and behavior consistency h-batch-7-final Feb 23, 2026

crivetimihai added security Improves security revisit Revisit this PR at a later date to address further issues, or if problems arise. labels Feb 23, 2026

crivetimihai added 3 commits February 23, 2026 11:38

chore: lint docstring hardening and behavior consistency

5a8ea54

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

fix: harden alembic sqlite migration compatibility

0e1bb98

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

fix: tighten llm token scoping and update rbac docs

1c3b0a6

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

crivetimihai merged commit 897ccaa into main Feb 23, 2026
55 checks passed

crivetimihai deleted the llm-gateway-rbac branch February 23, 2026 12:32

crivetimihai added this to the Release 1.0.0-GA milestone Feb 23, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: llm proxy hardening and behavior consistency h-batch-7-final#3120

fix: llm proxy hardening and behavior consistency h-batch-7-final#3120
crivetimihai merged 5 commits intomainfrom
llm-gateway-rbac

crivetimihai commented Feb 23, 2026

Uh oh!

crivetimihai commented Feb 23, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

crivetimihai commented Feb 23, 2026

Uh oh!

crivetimihai commented Feb 23, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant