Add Heimdall authentication gateway: robust multi-method auth, validation, rate limiting, and audit logging#62
Open
cto-new[bot] wants to merge 1 commit into
Conversation
… and gateway integration Adds a robust authentication gateway called Heimdall, providing strong multi-method auth, schema validation, replay protection, rate limiting, and audit logging. This is needed to secure the gateway with modular backend integration, observability, and security controls. - Introduces Heimdall middleware supporting API key, JWT, and mTLS authentication - Adds request validation, replay protection with Redis, and strict JSON schema enforcement - Implements per-key/IP rate limiting and structured audit logging with secure truncation - Integrates Heimdall router with environment-based config and backward compatibility - Comprehensive unit/integration tests, documentation, and migration support Heimdall can be enabled in production with configuration and fully replaces legacy relay auth when enabled. BREAKING CHANGE: New Heimdall middleware replaces and deprecates legacy TokenAuth for relay routes if enabled; review migration steps and config.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR establishes a comprehensive Heimdall authentication gateway, securing the relay layer through advanced authentication, request validation, rate limiting, and structured audit logging. It modernizes the API's security architecture and observability.
Details
Warning: Task VM test is not passing, cto.new will perform much better if you fix the setup