ASTra takes security seriously. This document covers authorization, safe practices, and configuration.
By default, no users can execute commands. The allowed_users list must be configured.
# In discord_gateway.py
def is_user_authorized(self, user_id: str) -> bool:
allowed = self._config.allowed_users
if not allowed:
return False # Deny all if list is empty
return user_id in allowed{
"orchestration": {
"allowed_users": ["123456789012345678", "987654321098765432"]
}
}An authorized user can add others:
/auth add @username
/auth remove @username
/auth list
- Enable Developer Mode in Discord Settings
- Right-click your username → Copy ID
Every Discord command checks authorization:
@app_commands.command()
async def feature(self, interaction):
if not self.is_user_authorized(str(interaction.user.id)):
await interaction.response.send_message("❌ Not authorized")
return
# ... handle commandControl which shell commands can be executed:
{
"orchestration": {
"security": {
"command_allowlist": ["git", "npm", "python", "pytest", "php", "composer"],
"require_permission_for_shell": true
}
}
}Only safe branches are indexed to prevent exposure of sensitive feature branches:
{
"ingestion": {
"safe_branches": ["main", "master"]
}
}If you checkout a non-safe branch:
⚠️ Clone successful, but indexing skipped.
Branch `feature/secret` is not in safe list ["main", "master"].
Switch to a safe branch to build the Knowledge Graph.
Sensitive files are excluded by default:
{
"ingestion": {
"ignore_patterns": [".env", "*.key", "*.pem", "secrets/"]
}
}Store securely:
export GITHUB_TOKEN="ghp_xxxx"Never commit tokens to the repository.
export DISCORD_TOKEN="your-bot-token"By default, ASTra uses local Ollama models:
{
"llm": {
"model": "ollama/qwen2.5-coder:7b",
"host": "http://localhost:11434"
}
}Cloud fallback is disabled by default:
{
"orchestration": {
"fallback_to_cloud": false
}
}If enabled, ensure you trust the cloud provider with your code context.
Custom tools execute shell commands. Be aware of:
- Command injection: Unsanitized parameters
- Privilege escalation: Running as current user
- Data exposure: Commands may access sensitive files
- Validate parameters: Use specific types
- Limit scope: Make tools specific, not general
- Audit logs: Commands are logged
- Review YAML files: Treat as code
Example of a safe tool:
name: run_tests
description: Run test suite
command: pytest tests/ -v
parameters: {} # No user inputExample of a risky tool:
name: run_command
description: Run any command
command: {cmd} # DANGER: Arbitrary execution
parameters:
cmd:
type: stringAll commands and tool executions are logged:
INFO: User 123456789 executed /checkout https://github.com/owner/repo
INFO: Executing custom tool 'deploy_staging' with args: {'branch': 'main'}
Configure log path:
{
"orchestration": {
"log_path": "./logs/astra.log"
}
}- Use local LLMs for sensitive codebases
- Restrict allowed_users to trusted developers
- Review custom tools before deployment
- Enable safe_branches for production
- Rotate tokens regularly
- Monitor logs for unusual activity