davidcrowe · davidcrowe · Dec 1, 2025 · Nov 27, 2025 · Nov 27, 2025 · Nov 27, 2025
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,34 @@
+name: Build
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Show TS config for validatabl
+        run: npx tsc --showConfig -p packages/validatabl
+
+      - name: Trace module resolution for validatabl
+        run: npx tsc -p packages/validatabl --traceResolution
+
+      - name: Build TypeScript monorepo
+        run: npm run build
@@ -1,4 +1,6 @@
 name: Build
+permissions:
+  contents: read
 on:
  push:
@@ -1,4 +1,6 @@
 name: Build
+permissions:
+  contents: read

 on:
  push:
+
diff --git a/.gitignore b/.gitignore
@@ -59,3 +59,5 @@ packages/**/src/*.js
 packages/**/src/*.js.map
 packages/**/src/*.d.ts
 packages/**/src/*.d.ts.map
+
+tsconfig.tsbuildinfo
diff --git a/README.md b/README.md
@@ -50,33 +50,12 @@ It shows up in two directions:
 
 ---
 
-### Direction 1: Users accessing their own data via AI
-*"How do I let ChatGPT read **my** calendar without exposing **everyone's** calendar?"*
 
-**Without Gatewaystack:**
-```typescript
-app.get('/calendar', async (_req, res) => {
-  const events = await getAllEvents(); // ❌ Everyone sees everything
-  res.json(events);
-});
-```
-
-**With Gatewaystack:**
-```typescript
-app.get('/calendar', async (req, res) => {
-  const userId = req.headers['x-user-id']; // ✅ Verified by gateway
-  const events = await getUserEvents(userId);
-  res.json(events);
-});
-```
-
-The gateway validates the OAuth token, extracts the user identity, and injects `X-User-Id` — so your backend can safely filter data per-user.
-
----
-
-### Direction 2: Enterprises controlling who can use which models and tools
+### Direction 1: Enterprises controlling who can use which models and tools
 *"How do I ensure only **licensed doctors** use medical models, only **analysts** access financial data, and **contractors** can't send sensitive prompts?"*
 
+> user ↔ backend ↔ LLM
+
 **Without Gatewaystack:**
 ```typescript
 app.post('/chat', async (req, res) => {
@@ -120,6 +99,32 @@ The gateway enforces role + scope checks **before** forwarding to your backend.
 
 ---
 
+### Direction 2: Users accessing their own data via AI
+*"How do I let ChatGPT read **my** calendar without exposing **everyone's** calendar?"*
+
+> user ↔ LLM ↔ backend
+
+**Without Gatewaystack:**
+```typescript
+app.get('/calendar', async (_req, res) => {
+  const events = await getAllEvents(); // ❌ Everyone sees everything
+  res.json(events);
+});
+```
+
+**With Gatewaystack:**
+```typescript
+app.get('/calendar', async (req, res) => {
+  const userId = req.headers['x-user-id']; // ✅ Verified by gateway
+  const events = await getUserEvents(userId);
+  res.json(events);
+});
+```
+
+The gateway validates the OAuth token, extracts the user identity, and injects `X-User-Id` — so your backend can safely filter data per-user.
+
+---
+
 ### Why Both Directions Matter
 
 **Without solving the Three-Party Problem, you can't:**
@@ -243,10 +248,8 @@ Verified against Apps SDK / MCP OAuth 2.1 + RS256 flow.
 ![TypeScript](https://img.shields.io/badge/TypeScript-5.x-blue)
 ![Cloud Run](https://img.shields.io/badge/Cloud%20Run-ready-4285F4)
 ![Auth0](https://img.shields.io/badge/Auth0-RS256-orange)
-[![MCP/Auth Conformance](https://img.shields.io/badge/dynamic/json
-  ?url=https%3A%2F%2Fraw.githubusercontent.com%2Fdavidcrowe%2Fgatewaystack%2Fmain%2Fdocs%2Fconformance.json
-  &query=$.version
-  &label=MCP%2FAuth%20Conformance)](./docs/conformance.json)
+[![MCP/Auth Conformance](https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fraw.githubusercontent.com%2Fdavidcrowe%2Fgatewaystack%2Fmain%2Fdocs%2Fconformance.json&query=$.version&label=MCP%2FAuth%20Conformance)](https://github.com/davidcrowe/gatewaystack/tree/main/docs/conformance.json)
+
 
 
 ## Use Cases
@@ -312,8 +315,6 @@ Focus on provider routing, quota, and safety filters at the tenant or API key le
 **Hand-Rolled Middleware**  
 Many teams glue together JWT validation, headers, and logging inside their app or a thin Node/Go proxy. It works... until you need to support multiple agents, providers, tenants, and audit/regulatory requirements.
 
----
-
 **Gatewaystack is different:**
 - **User-scoped by default** — every request is tied to a verified user, not a shared key
 - **Model-aware** — understands tools, scopes, and provider semantics (Apps SDK, MCP, OpenAI, Anthropic)

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,86 @@
+# Security Policy for GatewayStack
+
+GatewayStack is an open-source **agentic control plane** for user-scoped AI governance.  
+We take security seriously and appreciate responsible disclosure of vulnerabilities.
+
+---
+
+## Supported Versions
+
+GatewayStack is under active development. We currently provide security fixes for:
+
+- The latest commit on the `main` branch
+- The most recent tagged release
+
+If you're using an older tag or a fork, please try to reproduce on `main` before reporting.
+
+---
+
+## Reporting a Vulnerability
+
+If you believe you’ve found a security vulnerability in GatewayStack or any of the
+`@gatewaystack/*` packages, please report it **privately**:
+
+- **GitHub:** Use the **“Report a vulnerability”** link in the repository’s **Security** tab  
+  (if available in your account)
+
+Please include as much detail as possible:
+
+- A clear **description** of the issue and potential impact
+- **Steps to reproduce** (code, configuration, or requests)
+- Any relevant **logs**, stack traces, or screenshots
+- The **commit hash / version** you tested against
+- Your environment (Node.js version, OS, package versions)
+
+Please **do not** open a public GitHub issue for sensitive security reports.
+
+---
+
+## Coordinated Disclosure Policy
+
+We follow a responsible / coordinated disclosure process:
+
+1. You report the vulnerability to us privately.
+2. We acknowledge your report within **5 business days**.
+3. We work with you to:
+   - Reproduce and assess impact
+   - Develop and test a fix
+   - Prepare an advisory and release
+4. We aim to release a fix and advisory within **30 days**, depending on severity and complexity.
+5. Once a fix is released, we’ll credit you (if you’d like) in the security advisory.
+
+If you believe we have not responded in a reasonable timeframe, you may follow up on your
+original report to request a status update.
+
+---
+
+## Scope & Expectations
+
+You are welcome to:
+
+- Test against your own local deployments of GatewayStack
+- Review and analyze the source code
+- Probe configuration and integration flows for security issues
+
+Please **do not**:
+
+- Access, modify, or destroy data that does not belong to you
+- Perform Denial of Service (DoS) or stress tests against shared / production deployments
+- Use automated scanning in a way that could degrade service for others
+
+If you’re unsure whether something is in scope, you can email us first and ask.
+
+---
+
+## Bug Bounties
+
+At this time we **do not run a formal bug bounty program** and cannot guarantee financial rewards.
+
+We do, however, deeply appreciate security research contributions and are happy to provide:
+
+- Acknowledgment in security advisories (with your consent)
+- Public credit in the project’s documentation or release notes
+
+---
+
+Thank you for helping keep Gatewaystack and its users safe.
diff --git a/apps/admin-ui/tsconfig.tsbuildinfo b/apps/admin-ui/tsconfig.tsbuildinfo
diff --git a/apps/gateway-server/tsconfig.tsbuildinfo b/apps/gateway-server/tsconfig.tsbuildinfo