This document describes DevIt's security architecture as designed and the current implementation status.
⚠️ WARNING: Version 0.1.0 is a preview release with incomplete security implementation. Many features described here are partially implemented or planned. DO NOT use in production or with sensitive code.
DevIt's security model is designed around defense-in-depth, but current implementation is incomplete:
- Shared secret + HMAC authentication
- Five-tier approval system
- Sandbox isolation
- Path canonicalization (C4-compliant)
- Cryptographic audit trail
- Bearer token authentication
- ✅ Basic path validation
⚠️ HMAC fields present but not validated⚠️ Approval system designed but not enforced⚠️ Journal uses simple hashing (not cryptographic)⚠️ Token fields present but optional- ❌ Replay protection not implemented
- ❌ Sandbox isolation incomplete
All CLI-daemon communication should be authenticated using HMAC-SHA256 with replay protection.
Partially Implemented:
// Wire format includes authentication fields:
struct Msg {
msg_id: String,
nonce: String, // Generated but not validated
hmac: String, // Present but not enforced
timestamp: u64, // Included but not checked
payload: Value,
}Issues:
- HMAC field exists but validation is not enforced
- Nonces are generated but never checked for reuse
- Timestamps present but no expiration logic
- Secret hardcoded as
b"test-secret"in code
Planned Fix (0.2.0):
- Implement actual HMAC-SHA256 validation
- Add nonce deduplication cache
- Enforce 5-minute timestamp window
- Load secret from environment variable
Five-tier system to control operation permissions:
- Untrusted - Everything requires confirmation
- Ask - Simple ops auto-approved
- Moderate - Balanced automation (default)
- Trusted - Most ops auto-approved
- Privileged - Full control with path restrictions
Partially Implemented:
- ✅ PolicyEngine struct exists with approval levels
- ✅ Approval evaluation logic written
⚠️ Not consistently enforced across all operations⚠️ Downgrades designed but not fully tested- ❌ Protected paths hardcoded, not configurable
Known Gaps:
- Some operations bypass approval checks
- Binary file detection incomplete
- .gitmodules/.env blocking not enforced
- User confirmation prompts not implemented
Tamper-evident journal with HMAC-SHA256 signatures for each operation.
Basic Implementation:
// Current journal implementation
pub struct Journal {
path: PathBuf, // Hardcoded to .devit/journal.log
secret: Vec<u8>, // Hardcoded b"test-secret"
entries: VecDeque<Value>, // In-memory only
}
// Uses DefaultHasher, not HMAC-SHA256
fn compute_hmac(&self, entry: &Value) -> String {
let mut hasher = DefaultHasher::new();
serde_json::to_vec(entry).hash(&mut hasher);
self.secret.hash(&mut hasher);
format!("{:016x}", hasher.finish())
}Issues:
- Uses Rust's DefaultHasher (not cryptographic)
- Journal not persisted to disk
- No signature verification on read
- Secret hardcoded in source
- No rotation mechanism
Planned Fix (0.2.0):
- Implement proper HMAC-SHA256
- Persist journal to disk atomically
- Add verification command
- Load secret from environment
C4-compliant canonicalization to prevent directory traversal.
Mostly Implemented:
- ✅ Basic canonicalization works
- ✅ Symlink detection functional
- ✅ Parent directory traversal blocked
⚠️ Some edge cases not handled⚠️ Windows path handling incomplete
Working Examples:
../../../etc/passwd → BLOCKED
./src/../../../secret → BLOCKED
safe_link -> ../lib/ok → ALLOWED (if in workspace)
Authenticated HTTP transport with bearer tokens and TLS.
Basic Implementation:
- ✅ HTTP server runs
- ✅ MCP protocol works over HTTP
⚠️ Bearer token field present but not required⚠️ CORS headers configurable but permissive by default- ❌ No HTTPS/TLS support
- ❌ No rate limiting
Current Behavior:
# Works without authentication (dev mode)
curl http://localhost:3001/message -d '{...}'
# Token accepted but not validated
curl -H "Authorization: Bearer anything" http://localhost:3001/messageStrict and Permissive profiles for operation isolation.
Minimal Implementation:
- ✅ Profile enums defined
⚠️ Basic workspace boundary checks- ❌ No actual sandboxing (bwrap/Job Objects)
- ❌ Network isolation not implemented
- ❌ Resource limits not enforced
- No Authentication Enforcement - HMAC validation skipped
- Hardcoded Secrets -
b"test-secret"in source code - No Replay Protection - Nonces not validated
- Journal Not Cryptographic - Uses non-crypto hash
- No Sandbox Isolation - Processes run unrestricted
- Bearer Tokens Optional - HTTP accepts any request
- Approval Bypass - Some operations skip policy engine
- No Rate Limiting - DoS possible on HTTP endpoint
- CORS Too Permissive - Accepts all origins by default
- Incomplete Error Handling - Many unwrap() calls
- No Audit Log Backup - Journal only in memory
- Windows Paths - Some validation gaps
- ❌ Production environments
- ❌ Sensitive codebases
- ❌ Multi-user systems
- ❌ Internet-exposed services
- ❌ CI/CD pipelines
- ❌ Customer data processing
- ✅ Local development (isolated)
- ✅ Architecture evaluation
- ✅ Feature exploration
- ✅ Contributing to development
- Implement HMAC-SHA256 validation
- Add replay protection
- Persist journal to disk
- Environment-based secrets
- Fix approval enforcement
- Add bwrap/Job Objects sandboxing
- Require bearer token validation
- Implement rate limiting
- Add timestamp checks
- Complete Windows support
- Full security audit
- Penetration testing
- TLS/HTTPS support
- Key rotation mechanism
- Compliance documentation
For this preview release, report issues publicly on GitHub.
Once we reach 0.3.0, security issues should be reported to: contact@getdevit.com
Until security is complete, use these practices:
- Run only on localhost - Never expose ports
- Use test data only - No sensitive code
- Isolated environment - VM or container recommended
- Monitor processes - Check for unexpected behavior
- Regular updates - Security fixes coming rapidly
- Design Inspiration: OWASP guidelines, C4 model
- Future Implementation: HMAC (RFC 2104), seccomp/bwrap (Linux), Job Objects (Windows)
- Current State: Basic architecture demonstration only