Skip to content

MCP proxy Phase 3: operational hardening (SigV4 shim, scaling, quotas, observability) #18

Description

@chaodu-agent

Part of #15 (Revision 2 — this issue was re-scoped: per-tool allowlist filtering moved into the Phase 2 gate (#17); Phase 3 is now operational hardening).

Goal

Production-scale operability for the MCP proxy once Phase 2's security gate has shipped.

Scope (from RFC Revision 2)

  • Secretless IAM authenticationghp mcp stdio shim: runs inside the agent container as a stdio MCP server, pipes frames to ghpool over HTTPS attaching a periodically-refreshed presigned sts:GetCallerIdentity proof (ambient ECS task role / EKS IRSA). SigV4 controls per RFC: TLS required, ≤60s proof validity, allowlisted STS host/region, strict signed-header validation
  • Horizontal scaling — shared session state (or LB session affinity) replacing the single-replica in-memory pin cache; document the failure mode either way
  • Per-agent rate quotas + circuit breaking — noisy-neighbor protection; Retry-After handling and exponential backoff (never auto-retry non-idempotent writes — enforced in Phase 2)
  • Dashboards + alerting — MCP request metrics, per-agent deny rates, upstream latency
  • Automated upstream contract testing — extends the Phase 0 spike + existing e2e (Add e2e test script and workflow for MCP proxy #21) into a scheduled suite detecting hosted-endpoint contract drift
  • Cache authorization — if MCP response caching is ever added, cached hits must respect the caller's policy (a response fetched under a more privileged identity must not serve a less privileged agent)

Non-goals

  • Any relaxation of Phase 2's default-deny model
  • Self-hosted github-mcp-server fallback (tracked separately if the hosted endpoint becomes a problem)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions