Input validation and schema enforcement for Vault gRPC requests

[jh-lee-cryptolab]

Problem

No defense against MCP protocol manipulation attacks where malicious parameters are injected into Vault gRPC requests. When an agent is compromised via prompt injection, it can send abnormal parameters (excessive top_k, wrong types, malicious strings, etc.) to Vault.

Attack scenario

MCP protocol manipulation (malicious parameters)
→ Input validation + schema enforcement

Requirements

gRPC request validation

• Strict validation for all gRPC method input parameters
  • top_k: positive integer, enforce max value (per-user config or global max)
  • query vector: dimension count validation, value range validation (block NaN/Inf)
  • index_name: allow only permitted character patterns (alphanumeric + underscore)
  • String fields: enforce max length limits
• Reflect constraints at Protobuf schema level where possible
• Implement runtime validation as a gRPC interceptor (not scattered across individual method code)

Defense targets

• Integer overflow / underflow
• Empty vectors or vectors with abnormal dimensions
• Path traversal attempts via index name
• Excessively large requests (configure gRPC max message size)

Affected files

• rune-admin/mcp/vault/vault_grpc_server.py — add gRPC interceptor
• rune-admin/mcp/vault/protos/vault_service.proto — add schema-level constraints
• rune-admin/mcp/vault/vault_mcp.py — defensive validation in core logic

Priority

High — Standard technique; first line of defense when an agent is compromised via prompt injection.

References

• docs/VAULT-SECURITY-ADDONS item Updated architecture with consideration to Rune plugin #4