Investigate Endpoint/Route Allowlists/Blocklists

[orpiske]

Investigate Endpoint/Route Allowlists/Blocklists

Objective

Research and implement security mechanism to control which Camel endpoints and routes can be created and executed via code execution engine.

Dependencies

None (security enhancement, can be implemented independently)

Requirements

• Investigate security requirements (development-time vs. runtime enforcement)
• Design allowlist/blocklist configuration format
• Determine enforcement points (route creation, execution, both)
• Implement validation logic for endpoints and routes
• Support pattern-based rules (wildcards, regex)
• Provide clear error messages for blocked operations
• Document security configuration and best practices
• Consider performance impact of validation

Affected Files/Modules

• /core/core-runtimes/core-runtime-camel/ (validation logic)
• /backend/router/src/main/java/ai/wanaku/router/bridge/CodeExecutionBridge.java (enforcement point)
• Configuration files (YAML/properties for allowlist/blocklist rules)

Notes

Security-critical feature. Examples: block file:// in production, allow only http/https endpoints, prevent certain route patterns. Consider scope: should this apply at development time (rejecting code generation), runtime (preventing execution), or both? Balance security with usability.