DollhouseMCP

# Cloud API Security Architecture - Revised ## Critical Issue Identified **Problem**: Current architecture performs all security validation on the client side (local MCP server), which can be bypassed by malicious actors modifying their local installation. **Solution**: Implement mandatory server-side validation through a cloud API gateway that acts as the security enforcement point. ## Revised Architecture with Server-Side Validation ```mermaid graph TB subgraph "Client Side (Untrusted)" C1[MCP Server Local] C2[Local Validation] C3[Local Content] C1 --> C2 C2 --> C3 style C1 fill:#ffcccc style C2 fill:#ffcccc style C3 fill:#ffcccc end subgraph "Cloud API Gateway (Trust Boundary)" subgraph "Authentication Layer" A1[API Key Validation] A2[Rate Limiting] A3[Request Signing] end subgraph "Validation Layer" V1[Schema Validation] V2[Content Security Scan] V3[Token Validation] V4[Malicious Pattern Detection] V5[Size & Complexity Checks] end subgraph "Risk Assessment" R1[Risk Scoring Engine] R2[User Reputation Check] R3[Anomaly Detection] R4[Decision Engine] end subgraph "Quarantine" Q1[Suspicious Content Hold] Q2[Manual Review Queue] Q3[Automated Analysis] end end subgraph "Trusted Backend" B1[GitHub API] B2[Database] B3[Storage] B4[Analytics] end subgraph "Security Infrastructure" S1[WAF/DDoS Protection] S2[Security Monitoring] S3[Audit Logs] S4[Alert System] end C1 ==>|HTTPS + Auth| A1 A1 --> A2 A2 --> A3 A3 --> V1 V1 --> V2 V2 --> V3 V3 --> V4 V4 --> V5 V5 --> R1 R1 --> R2 R2 --> R3 R3 --> R4 R4 -->|Low Risk| B1 R4 -->|Medium Risk| Q1 R4 -->|High Risk| S4 Q1 --> Q2 Q2 --> Q3 Q3 -->|Approved| B1 Q3 -->|Rejected| S4 B1 --> B2 B2 --> B3 V1 --> S3 V2 --> S3 R4 --> S3 S3 --> S2 S2 --> S4 C1 -.->|Can be modified| C1 C2 -.->|Can be bypassed| C2 style A1 fill:#99ff99 style V1 fill:#99ff99 style V2 fill:#99ff99 style V3 fill:#99ff99 style V4 fill:#99ff99 style V5 fill:#99ff99 style R1 fill:#99ff99 style R4 fill:#99ff99 style S1 fill:#9999ff style S2 fill:#9999ff style S3 fill:#9999ff style S4 fill:#9999ff ``` ## Cloud API Endpoints with Mandatory Validation ### 1. Content Submission API ```mermaid sequenceDiagram participant Client as Local MCP Server participant Gateway as API Gateway participant Validator as Validation Service participant Risk as Risk Engine participant Backend as GitHub Backend participant Monitor as Security Monitor Client->>Gateway: POST /api/v1/submit-persona Note over Client: Can be compromised Gateway->>Gateway: Verify API Key Gateway->>Gateway: Check Rate Limit Gateway->>Gateway: Validate Request Signature alt Invalid Auth Gateway-->>Client: 401 Unauthorized end Gateway->>Validator: Full Content Validation Note over Validator: Server-side validation<br/>Cannot be bypassed Validator->>Validator: Schema Check Validator->>Validator: Security Scan Validator->>Validator: Token Detection Validator->>Validator: Pattern Analysis alt Validation Failed Validator-->>Gateway: Validation Errors Gateway-->>Client: 400 Bad Request Gateway->>Monitor: Log Suspicious Activity end Validator->>Risk: Assess Risk Level Risk->>Risk: Calculate Score Risk->>Risk: Check History Risk->>Risk: Anomaly Detection alt High Risk Risk-->>Gateway: Block Request Gateway-->>Client: 403 Forbidden Gateway->>Monitor: Security Alert else Medium Risk Risk->>Gateway: Quarantine Gateway-->>Client: 202 Accepted (Pending Review) else Low Risk Risk->>Backend: Process Request Backend-->>Gateway: Success Gateway-->>Client: 201 Created end Gateway->>Monitor: Audit Log ``` ### 2. API Security Layers ```yaml # API Gateway Configuration security: authentication: - api_key: required - request_signing: HMAC-SHA256 - tls: 1.3_minimum rate_limiting: - global: 1000/hour - per_user: 100/hour - per_endpoint: varies validation: - schema: strict_mode - size_limit: 100KB - timeout: 30s monitoring: - all_requests: logged - suspicious: alerted - metrics: real_time ``` ## Security Enforcement Points ### What Happens Client-Side (Untrusted) ```typescript // Client-side validation is for UX only // Cannot be trusted for security class LocalValidator { validate(content: any): ValidationResult { // Quick checks for user feedback // But server will re-validate everything return { isValid: true, warnings: [] }; } } ``` ### What Happens Server-Side (Trusted) ```typescript // Server-side validation is mandatory // This is where real security happens class CloudValidator { async validateSubmission(request: Request): Promise<ValidationResult> { // Cannot be bypassed by client modifications const checks = await Promise.all([ this.validateAuthentication(request), this.validateSchema(request.body), this.scanForMaliciousContent(request.body), this.checkRateLimit(request.userId), this.assessRisk(request) ]); if (checks.some(c => !c.passed)) { // Log attempt and block await this.securityLog.record(request, checks); throw new SecurityException('Validation failed'); } return { isValid: true, riskScore: calculateRisk(checks) }; } } ``` ## Comparison: Client vs Server Validation | Aspect | Client-Side (Current) | Server-Side (Required) | |--------|----------------------|------------------------| | **Can be bypassed** | ✅ Yes | ❌ No | | **Trust level** | ❌ Untrusted | ✅ Trusted | | **Purpose** | UX feedback | Security enforcement | | **Performance** | Fast | Slightly slower | | **Security value** | None | Critical | ## Implementation Requirements ### 1. Cloud API Service - **Technology**: Node.js + Express or AWS API Gateway - **Authentication**: API keys + request signing - **Validation**: Mandatory for all write operations - **Monitoring**: CloudWatch, Datadog, or similar ### 2. Security Services ```mermaid graph LR subgraph "API Gateway Services" A[Load Balancer] B[WAF] C[Rate Limiter] D[Auth Service] end subgraph "Validation Services" E[Schema Validator] F[Security Scanner] G[Risk Analyzer] H[ML Anomaly Detection] end subgraph "Backend Services" I[Content Service] J[User Service] K[Analytics Service] L[Notification Service] end A --> B B --> C C --> D D --> E E --> F F --> G G --> H H --> I I --> J J --> K K --> L style E fill:#99ff99 style F fill:#99ff99 style G fill:#99ff99 style H fill:#99ff99 ``` ### 3. Deployment Architecture ```mermaid graph TB subgraph "Internet" I1[Users] I2[Attackers] end subgraph "CDN/Edge" E1[CloudFlare] E2[DDoS Protection] E3[Geographic Filtering] end subgraph "API Layer" A1[Load Balancer] A2[API Gateway 1] A3[API Gateway 2] A4[API Gateway N] end subgraph "Service Mesh" S1[Validation Service] S2[Risk Service] S3[Content Service] S4[Monitor Service] end subgraph "Data Layer" D1[PostgreSQL] D2[Redis Cache] D3[S3 Storage] D4[ElasticSearch] end I1 --> E1 I2 --> E1 E1 --> E2 E2 --> E3 E3 --> A1 A1 --> A2 A1 --> A3 A1 --> A4 A2 --> S1 A3 --> S1 A4 --> S1 S1 --> S2 S2 --> S3 S3 --> S4 S1 --> D2 S3 --> D1 S3 --> D3 S4 --> D4 style E2 fill:#ff9999 style S1 fill:#99ff99 style S2 fill:#99ff99 ``` ## Migration Path ### Phase 1: API Gateway (Week 1) 1. Deploy basic API gateway 2. Implement authentication 3. Add rate limiting 4. Enable monitoring ### Phase 2: Validation Services (Week 2) 1. Port validation logic to cloud 2. Implement schema validation 3. Add security scanning 4. Enable risk scoring ### Phase 3: Full Migration (Week 3-4) 1. Update MCP clients to use API 2. Deprecate direct GitHub access 3. Monitor and tune 4. Security audit ## Security Benefits ### Before (Current Architecture) - ❌ Client-side validation only - ❌ Can be bypassed - ❌ No central monitoring - ❌ No rate limiting - ❌ Direct GitHub access ### After (Cloud API Architecture) - ✅ Mandatory server validation - ✅ Cannot be bypassed - ✅ Central security monitoring - ✅ Rate limiting enforced - ✅ Controlled GitHub access ## Cost Considerations ### Estimated Monthly Costs - API Gateway: $50-200 - Compute (validation): $100-500 - Monitoring: $50-100 - Storage: $20-50 - **Total**: $220-850/month ### Cost Optimization - Use serverless for validation - Cache validation results - Batch processing where possible - Auto-scale based on demand ## Conclusion The current architecture's reliance on client-side validation is a critical security flaw. By implementing a cloud API gateway with mandatory server-side validation, we create a true security boundary that cannot be bypassed by malicious actors. This is not optional for a production system handling user-generated content. The cloud API gateway must be implemented before public launch to ensure security. **Key Principle**: Never trust the client. Always validate on the server.