Jason Woltje
a9254c1bd8
Implemented comprehensive structured logging for all git command injection and SSRF attack attempts blocked by input validation. Security Events Logged: - GIT_COMMAND_INJECTION_BLOCKED: Invalid characters in branch names - GIT_OPTION_INJECTION_BLOCKED: Branch names starting with hyphen - GIT_RANGE_INJECTION_BLOCKED: Double dots in branch names - GIT_PATH_TRAVERSAL_BLOCKED: Path traversal patterns - GIT_DANGEROUS_PROTOCOL_BLOCKED: Dangerous protocols (file://, javascript:, etc) - GIT_SSRF_ATTEMPT_BLOCKED: Localhost/internal network URLs Log Structure: - event: Event type identifier - input: The malicious input that was blocked - reason: Human-readable reason for blocking - securityEvent: true (enables security monitoring) - timestamp: ISO 8601 timestamp Benefits: - Enables attack detection and forensic analysis - Provides visibility into attack patterns - Supports security monitoring and alerting - Captures attempted exploits before they reach git operations Testing: - All 31 validation tests passing - Quality gates: lint, typecheck, build all passing - Logging does not affect validation behavior (tests unchanged) Partial fix for #277. Additional logging areas (OIDC, rate limits) will be addressed in follow-up commits. Fixes #277 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Mosaic Orchestrator
Agent orchestration service for Mosaic Stack built with NestJS.
Overview
The Orchestrator is the execution plane of Mosaic Stack, responsible for:
- Spawning and managing Claude agents
- Task queue management (Valkey-backed)
- Agent health monitoring and recovery
- Git workflow automation
- Quality gate enforcement callbacks
- Killswitch emergency stop
Architecture
Part of the Mosaic Stack monorepo at apps/orchestrator/.
Controlled by apps/coordinator/ (Quality Coordinator).
Monitored via apps/web/ (Agent Dashboard).
Development
# Install dependencies (from monorepo root)
pnpm install
# Run in dev mode (watch mode)
pnpm --filter @mosaic/orchestrator dev
# Build
pnpm --filter @mosaic/orchestrator build
# Start production
pnpm --filter @mosaic/orchestrator start:prod
# Test
pnpm --filter @mosaic/orchestrator test
# Generate module (NestJS CLI)
cd apps/orchestrator
nest generate module <name>
nest generate controller <name>
nest generate service <name>
NestJS Architecture
- Modules: Feature-based organization (spawner, queue, monitor, etc.)
- Controllers: HTTP endpoints (health, agents, tasks)
- Services: Business logic
- Providers: Dependency injection
Configuration
Environment variables loaded via @nestjs/config.
See .env.example for required vars.
Documentation
- Architecture:
/docs/ORCHESTRATOR-MONOREPO-SETUP.md - API Contracts:
/docs/M6-ISSUE-AUDIT.md - Milestone: M6-AgentOrchestration (0.0.6)