Secure and Govern
Use this page when you need the public-safe security and governance posture for a Helpifyr environment before enabling integrations, operator access, or guarded automation.
When to use this page
- You need to understand auth, risk, and access boundaries.
- You need to review which surfaces are read-only versus guarded-write.
- You need a public-safe overview before deeper internal or operator-only runbooks.
Prerequisites
- You can read the public docs and product security pages.
- You know whether your concern is identity, API access, webhook intake, rollout control, or MCP behavior.
- You can keep public-safe posture separate from secrets or internal-only operational detail.
Governance model
Helpifyr security and governance are shaped by explicit boundary rules:
- no secrets in Git
- no uncontrolled write paths
- no auth bypass through MCP
- additive contract evolution instead of hidden behavior drift
- read-first runtime verification before destructive action
Architecture / Flow
Step-by-step procedure
1. Start with the security and trust pages
Read:
These tell you:
- the current auth model
- which surfaces are sensitive
- what must never be publicly open
- what Fabric must not automate unconditionally
2. Classify the surface you care about
From the Fabric security matrix, important classes are:
- health and summary surfaces
/api/v1/*control-plane API- webhook intake
- rollout and apply pathways
- persistence and event publication
- MCP read and safe-action tools
Do not treat all of these with the same risk model.
3. Verify the current posture
Illustrative readback:
GET /api/v1/security/readiness
GET /api/v1/signoff/readiness
GET /api/v1/platform/services
When docs and governance posture matter directly, also read:
GET /api/v1/docs/platform
GET /api/v1/docs/readiness
4. Enforce public-safe example rules
Public docs should reflect these rules:
- no secret values in Git
- no repository manifests as secret stores
- no unauthenticated mutation routes
- no irreversible host mutation without review gates and evidence
5. Check whether the planned action belongs to Helpifyr at all
Some actions are outside Fabric ownership and must remain so:
- direct product business actions outside Fabric ownership
- uncontrolled host-destructive actions
- secret provisioning from repository metadata
If your desired workflow depends on one of those, the correct answer is not “work around security.” The correct answer is “use the owning repo or owning runtime lane.”
Example security posture readback
curl -s <fabric-base-url>/api/v1/security/readiness
curl -s <fabric-base-url>/api/v1/signoff/readiness
curl -s <fabric-base-url>/api/v1/docs/platform
curl -s <fabric-base-url>/api/v1/docs/readiness
Verification
Security and governance posture is acceptable for the next step when:
- the relevant surface class is identified
- auth posture is explicit
- public-safe and operator-only boundaries are not blurred
- security and signoff readiness do not expose an unresolved blocker
- the intended action does not violate the documented “must not be open” or “must not automate unconditionally” rules
Common failure modes
Treating internal operator read paths as public anonymous APIs
Problem:
- risk posture is understated.
Better path:
- classify the surface before integrating or publishing examples
Using repository metadata as a secret source
Problem:
- governance boundaries collapse into unsafe configuration behavior.
Better path:
- keep secrets host-local or environment-injected only
Letting MCP bypass normal auth and policy
Problem:
- a safe-action lane turns into an undocumented mutation path.
Better path:
- keep MCP bound to Fabric auth and policy rules
Owner Handoff
- security and governance truth owner:
JaddaHelpifyr/helpifyr-fabric - live docs publisher owner:
JaddaHelpifyr/jhf-web - public-safe materialized docs owner:
JaddaHelpifyr/jhf-docs