AI Security Review
scanned 15d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. Risky primitives are runtime features of an AI/MCP gateway and require explicit configuration or authenticated/user API actions.
Decision evidence
public snapshot- dist/index.js.map: ../src/agent/tools.ts can spawn configured MCP stdio servers and a Deno sandbox for user-requested code_tool.runCode.
- dist/index.js.map: ../src/external-json-source.ts, external-config.ts, external-event-sink.ts support configured HTTP/WebSocket/gRPC/stdio integrations.
- dist/index.js.map: ../src/manager/routes.ts can write gateway.config.json via authenticated manager API.
- package.json has no install/postinstall/preinstall lifecycle hooks.
- bin/next-ai-gateway.js only requires dist/index.js to start the gateway CLI/server.
- Network endpoints are AI-gateway aligned: OpenAI, Anthropic, Gemini, ChatGPT Codex OAuth, configured webhooks/MCP sources.
- Deno code execution uses --deny-env, --deny-net, --deny-read, --deny-write, --deny-run, --deny-ffi, --deny-sys.
- No credential harvesting, persistence, destructive behavior, or unconsented AI-agent control-surface mutation found.
Source & flagged code
3 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L1Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L1