Security & access control
Molar Guard holds a GitHub App key that can read and write your repositories, runs synthetic users against live production (including payment paths), and executes an autonomous LLM agent (Mender) that opens code PRs. Security rigor matches CI/CD infrastructure providers — not typical low-stakes SaaS.
Trust center: contact support@molar.it for SOC 2 report and security questionnaire.
Threat model summary
| Risk | Mitigation |
|---|---|
| GitHub App key compromise | Secrets manager only; never in git; short-lived installation tokens |
| Real charges from synthetics | Defense-in-depth: is_synthetic DB column + middleware + test Stripe keys |
| Mender writes malicious code | Forbidden paths, sandbox validation, human merge required, audit log |
| Cross-tenant data leak | Every query scoped by org_id; IDOR tests on all endpoints |
| Webhook forgery | HMAC-SHA256 + replay dedup + timestamp skew |
Human roles
Guard inherits platform RBAC via Better Auth + @molar/auth-core.
| Role | Typical holder | Key permissions |
|---|---|---|
| Owner | Founder, VP Eng | Everything including billing, GitHub install, delete org |
| Admin | DevEx lead | Settings, schedules, Mender paths, members (not billing) |
| Maintainer | Engineer | Run scenarios, ack incidents, reject Mender, edit scenarios via PR |
| Viewer | PM, support | Read dashboards and incidents; no mutations |
| Billing Manager | Finance | Plan tier and Mender budget; no artifact access |
Permissions highlights
| Action | Owner | Admin | Maintainer | Viewer |
|---|---|---|---|---|
| GitHub App install | ✅ | ⚠️ | ❌ | ❌ |
| Make check required | ✅ | ✅ | ❌ | ❌ |
| Scheduled checks CRUD | ✅ | ✅ | ✅ | ❌ |
| Ack / suppress incident | ✅ | ✅ | ✅ | ❌ |
| Mender apply → PR | ✅ | ✅ | ✅ | ❌ |
| Mender forbidden paths | ✅ | ✅ | ⚠️ cannot widen defaults | ❌ |
| Audit log export | ✅ | ✅ | ❌ | ❌ |
| API key create/revoke | ✅ | ✅ | ❌ | ❌ |
Cross-org access is denied for all roles.
Machine identities
| Identity | Scope |
|---|---|
GitHub App (molar-guard[bot]) | Per-installation; checks + PR comments + read contents |
Mender bot (molar-mender[bot]) | contents:write on fix branches only |
| Region worker | Workload identity (IAM/OIDC); no static shared secrets |
| MCP agent credential | Scoped to single org; molar.rerun gated by capability flag |
Revoke GitHub access by uninstalling the app or removing repos — Guard reconciles on installation webhooks immediately.
Session & API security
- Never store session tokens in
localStorage/sessionStorage - HttpOnly + Secure + SameSite cookies for browser sessions
- CSRF protection on cookie-authenticated mutating
/v1calls from dashboard - Next.js middleware on monitoring, Mender, and settings routes
- Safe redirect validation on
nextquery params after login - API keys are hashed at rest; shown once at creation
MCP and CI use Bearer tokens, not dashboard cookies.
Synthetic safety (production)
Before enabling production schedules:
Mandatory controls
- Analytics filter acknowledgement — confirm synthetic users are excluded from your analytics and billing exports
- Synthetic middleware installed in your app
is_syntheticcolumn on users table + filtered analytics views- Three request signals minimum:
X-Synthetic-Source, client__MOLAR_SYNTHETIC__, DB flag
Money-flow blocking
Never rely on a single signal. Guard ships middleware that:
- Swaps Stripe SDK to test keys for synthetic users
- Routes Twilio to test credentials or Clone
- Sinks email to Email Clone
- Prefixes S3 uploads to
_molar_synthetic/
MolarDestructiveCallError throws if PR-context code calls live api.stripe.com with live keys.
Cleanup
Synthetic data retention templates (7-day default) — customer runs cleanup SQL on their schedule.
Mender governance
| Control | Detail |
|---|---|
| Human-in-the-loop | Mender never merges |
| Forbidden paths | auth, payment, security, migrations by default |
| Sandbox validation | Patch must pass scenario in Docker + Clones before PR opens |
| Prompt injection defense | Scenario files, DOM, HAR treated as untrusted; size-bounded context |
| Token budget | Per-org monthly cap; circuit breaker at 3 attempts/scenario/24h |
| Audit trail | Immutable mender_attempts + export |
Rejecting a Mender PR stores mender_rejections for RLHF — no customer code shared cross-org without opt-in.
Tenant isolation
Every resource is org-scoped:
- Postgres queries:
WHERE org_id = :currentOrg - Redis keys:
guard:{orgId}:… - BullMQ queues: per-installation partition
- Artifact paths:
s3://…/guard/{orgId}/{runId}/… - Signed URLs: scoped to single run + action
Cross-tenant access is a Sev-1 incident by policy.
Webhook security
Inbound (GitHub): HMAC-SHA256, delivery ID dedup (24h), 25 MB body limit, 10-minute clock skew.
Outbound (alerts): Shared secret HMAC optional; use HTTPS endpoints only.
Signed URL actions (PR Approve/Reject): One-shot JWT, short TTL, bound to attemptId + orgId.
Secrets management
| Secret | Storage |
|---|---|
| GitHub App private key | AWS Secrets Manager / Vault — not plaintext env on disk |
| API keys | Hashed in Postgres |
| BYOK LLM keys | Encrypted integration row; never in logs or BullMQ payloads |
| Webhook secrets | Env / secrets manager |
Rotate keys via dashboard Settings → API keys and GitHub App settings.
Data classification
| Data | Sensitivity | Retention |
|---|---|---|
| Customer source (via GitHub) | Crown jewels | Duration of install |
| Run artifacts (screenshots, HAR, video) | May contain PII from UI | Plan-based; configurable |
| Mender prompts/responses | Confidential | Audit log retention policy |
| Audit events | Compliance | 1 year minimum |
Guard is not in PCI cardholder scope (Stripe is processor) but handles credentials to customer production systems.
Compliance
- SOC 2 Type II — target for enterprise customers (report on request)
- Subprocessors — listed in trust documentation
- GDPR — data export/deletion via support; org deletion workflow in API
- Penetration testing — annual third-party cadence
Security contacts
| Channel | Use |
|---|---|
| support@molar.it | General security questions |
| Security disclosure | Responsible disclosure via support (PGP on request) |
Hardening checklist for admins
- Minimum two Owners per org
- API keys scoped to least privilege; rotate quarterly
- Production monitoring: analytics ack + middleware verified
- Mender forbidden paths reviewed for your repo layout
- Branch protection requires human review on
molar-menderPRs - Alert webhooks use HTTPS + signature verification
- Viewer role used for stakeholders who should not ack incidents
Next
- Production monitoring — synthetic onboarding
- Mender — governance modes
- Configuration —
forbiddenPaths - Troubleshooting — auth and webhook errors