feat(v6.2.0): multi-tenant identity, governance profiles, community-saas evaluation server#339
Closed
saurabhjain1592 wants to merge 1 commit intomainfrom
Closed
feat(v6.2.0): multi-tenant identity, governance profiles, community-saas evaluation server#339saurabhjain1592 wants to merge 1 commit intomainfrom
saurabhjain1592 wants to merge 1 commit intomainfrom
Conversation
Commits: 028eecc6,b1ea2d7f,546cf4dd,80e79335,966fde23,ffdf908d,83a30aff,5e10f5c0,ca6c5406,ad567817,2e41f287,500cb409,c7e1046b,fdbd6327,142c935f,4339c362,f68497e5,a27b7c4a,9d731a84,3bce0fb6,c070a7e9,11b1261d,29e790b6,48a0bb1f,556dd02b,1977f4c9,5d4a5fbd,a95b4384,816c81e2,dd932652,8cc0ea33 ### Security - Ed25519 enterprise license signing key rotated (was embedded in setup-e2e-testing.sh) - Rotation tool rewrites all active licenses across regions dynamically - Removed validateClient() mock auth fallback — enterprise MCP handlers now reject unauthenticated requests with 401 - Pre-commit gitleaks rule blocks Ed25519 seed commits ### Added - Community SaaS evaluation server (try.getaxonflow.com): self-registration, rate limiting, Ollama-only, 30-day expiry - Migration 068: community_saas_registrations + daily usage tables - Governance profiles via AXONFLOW_PROFILE env var (dev/default/strict/compliance) - Per-category enforcement via AXONFLOW_ENFORCE env var (pii,sqli,dangerous_commands,all,none) - Profile banner at startup — logs active profile + resolved per-category actions - Telemetry endpoint_type field on all SDKs (localhost/private_network/remote/community-saas) - SoX-compliant telemetry governance: source classification, provenance chain, update workflow - Customer portal multi-tenant identity (migration 065: tenant_id on user_sessions) - Agent test coverage restored to 77% with DB-backed auth/MCP/handler tests - Community SaaS infrastructure: CFN templates, docker-compose overlay, Ollama EC2 - SDK version sweep for v6.1.0 across all examples ### Changed - Default PII_ACTION relaxed from redact to warn (set AXONFLOW_PROFILE=strict to restore) - SQLi and sensitive-data defaults also relaxed to warn - Migration 066: system-default policies rewritten to match new defaults - Canonical contact email standardized to hello@getaxonflow.com ### Fixed - Multi-tenant IDOR: X-Org-ID now derived from validated client license, not deployment env var - Nine workflow service methods now enforce tenant/org ownership (was classic IDOR on GetWorkflow) - Unified execution handler requires both X-Tenant-ID and X-Org-ID (previously optional) - MCP check-input/check-output audit log OrgID derived from authenticated client - deploy-client.sh JWT path no longer silently falls back to hardcoded SM path - Invalid env var values (PII_ACTION=typo) now preserve active profile instead of reverting to legacy defaults - AXONFLOW_ENFORCE=all/none now match documented profile aliases exactly - LoadEnforceFromEnv returns error instead of log.Fatalf (no longer crashes test binaries) - Portal shows real completed step count in executions list - Evaluation tier MaxPendingApprovals corrected from 100 to 25
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| DependsOn: SecurityGroupWaitCondition | ||
| Properties: | ||
| Type: application | ||
| Scheme: !Ref LoadBalancerScheme |
Comment on lines
+1048
to
+1057
| ALBListenerHTTP: | ||
| Type: AWS::ElasticLoadBalancingV2::Listener | ||
| Condition: UseHTTP | ||
| Properties: | ||
| LoadBalancerArn: !Ref AxonFlowALB | ||
| Port: 80 | ||
| Protocol: HTTP | ||
| DefaultActions: | ||
| - Type: forward | ||
| TargetGroupArn: !Ref AgentTargetGroup |
Comment on lines
+1060
to
+1069
| OrchestratorListenerHTTP: | ||
| Type: AWS::ElasticLoadBalancingV2::Listener | ||
| Condition: UseHTTP | ||
| Properties: | ||
| LoadBalancerArn: !Ref AxonFlowALB | ||
| Port: 8081 | ||
| Protocol: HTTP | ||
| DefaultActions: | ||
| - Type: forward | ||
| TargetGroupArn: !Ref OrchestratorTargetGroup |
| # trivy:ignore:AVD-AWS-0104 -- Prometheus requires HTTPS egress for AWS ECS service discovery API | ||
| FromPort: 443 | ||
| ToPort: 443 | ||
| CidrIp: 0.0.0.0/0 |
| # trivy:ignore:AVD-AWS-0104 -- Grafana requires internet access for plugin downloads and AWS Secrets Manager | ||
| FromPort: 443 | ||
| ToPort: 443 | ||
| CidrIp: 0.0.0.0/0 |
Comment on lines
+920
to
+951
| AxonFlowDatabase: | ||
| Type: AWS::RDS::DBInstance | ||
| DeletionPolicy: Snapshot | ||
| UpdateReplacePolicy: Snapshot | ||
| Properties: | ||
| DBInstanceIdentifier: !Sub '${AWS::StackName}-db' | ||
| Engine: postgres | ||
| EngineVersion: !Ref DBEngineVersion | ||
| DBInstanceClass: !Ref DBInstanceClass | ||
| AllocatedStorage: 100 | ||
| StorageType: gp3 | ||
| StorageEncrypted: true | ||
| MasterUsername: axonflow | ||
| MasterUserPassword: !Ref DBPassword | ||
| DBName: axonflow | ||
| DBSubnetGroupName: !Ref DBSubnetGroup | ||
| VPCSecurityGroups: | ||
| - !Ref DBSecurityGroup | ||
| MultiAZ: !Ref DBMultiAZ | ||
| BackupRetentionPeriod: 7 | ||
| PreferredBackupWindow: '03:00-04:00' | ||
| PreferredMaintenanceWindow: 'sun:04:00-sun:05:00' | ||
| PubliclyAccessible: false | ||
| EnableIAMDatabaseAuthentication: true | ||
| EnablePerformanceInsights: true | ||
| PerformanceInsightsRetentionPeriod: 7 | ||
| DeletionProtection: true | ||
| EnableCloudwatchLogsExports: | ||
| - postgresql | ||
| Tags: | ||
| - Key: Name | ||
| Value: !Sub '${AWS::StackName}-database' |
| Type: AWS::SecretsManager::Secret | ||
| Properties: | ||
| Name: !Sub '${AWS::StackName}-db-password' | ||
| KmsKeyId: alias/aws/secretsmanager |
| Properties: | ||
| Name: !Sub '${AWS::StackName}-grafana-password' | ||
| Description: Grafana admin and database password | ||
| KmsKeyId: alias/aws/secretsmanager |
| Properties: | ||
| Name: !Sub '${AWS::StackName}-internal-service-secret' | ||
| Description: Shared secret for Agent-Orchestrator internal service authentication | ||
| KmsKeyId: alias/aws/secretsmanager |
| Properties: | ||
| Name: !Sub '${AWS::StackName}-llm-keys' | ||
| Description: LLM provider API keys (OpenAI, Anthropic, Google, Azure OpenAI) | ||
| KmsKeyId: alias/aws/secretsmanager |
Member
Author
|
Closing — additional commits landed on enterprise main after this sync was triggered. Will re-sync. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sync from Enterprise Repository
This PR syncs changes from the enterprise repository to the Community repository.
Summary
Review Checklist
Auto-generated by sync-community-repo workflow (ADR-016)