Security

Documentation Map

• Overview

• Quick Start

• Installation

• Configuration

• Operations

• Troubleshooting

• Release Notes

• Compatibility

• Architecture

• API Reference

• Security

• Integrations

• Capabilities

• Data Model

• Roadmap

• Project Plan

• Contract Governance

• OSS Inventory

• OSS Version Truth

• Channel: stable

• Source repo: JaddaHelpifyr/helpifyr-fabric

Security

Auth Model

• Primary auth type: api_key
• OAuth required: false
• Current posture: internal and operator-safe control-plane access

OAuth would only become required when:

• external users interact directly
• multi-tenant user context is introduced
• access must work outside the trusted platform network

Sensitive Data

• auth tokens
• secret-source references
• rollout, approval, and residual-risk evidence
• product integration payloads
• persistence records with operator-facing audit data

Secret Model

• no secrets in Git
• host-local compose or environment injection only
• repository manifests are never a secret source

Surface Matrix

Health And Summary Surfaces

• Endpoint family: /health, /api/v1/platform/services, summary routes
• Auth: none or guarded internal reads depending on deployment mode
• Access type: read
• Risk: low
• Required guard: keep write actions separate from summary surfaces

Control-Plane API

• Endpoint family: /api/v1/*
• Auth: api_key
• Access type: read and guarded write
• Risk: medium
• Required guard: explicit auth, auditability, additive contract changes only

Gitea Webhook Intake

• Endpoint family: /api/v1/integrations/gitea/webhook
• Auth: internal webhook/header validation
• Access type: write-like intake
• Risk: high
• Required guard: reject unauthenticated or malformed webhook input

Rollout And Apply Pathways

• Endpoint family: rollout, signoff, recovery, guarded action families
• Auth: api_key
• Access type: guarded write/control
• Risk: high
• Required guard: review gates, evidence, no irreversible host mutation without checks

Persistence And Event Publication

• Endpoint family: persistence, events, capability registry
• Auth: internal runtime and guarded API access
• Access type: read and write
• Risk: high
• Required guard: migration control, durable publish evidence, no unaudited direct state edits

MCP Layer

• Endpoint family: MCP read and safe action tools
• Auth: API-backed guarded access
• Access type: read and guarded action
• Risk: medium
• Required guard: MCP must not bypass Fabric auth or policy

What Must Not Be Open

• unsafe mutation endpoints without auth
• secret-bearing config in Git
• unaudited live rollout or runtime apply flows
• direct product business actions outside Fabric ownership

What Fabric Must Not Automate Unconditionally

• production-destructive host actions
• irreversible runtime mutation without review gates
• secret provisioning from repository metadata
• product-owned business actions

Current Gaps

• no OAuth-based multi-tenant user auth path is in scope
• broader cross-repository auth conventions still need convergence across the Helpifyr tool set

License

• License: AGPLv3
• Project: https://helpifyr.com