Usage
recourse gateway doctor -e prodOptions:
| Flag | Default | Description |
|---|---|---|
-e, --environment | prod | Environment to test (dev, staging, prod) |
-p, --policy | — | Custom policy file path |
--json | false | Output results as JSON |
--verbose | false | Show detailed test output |
Demo
All 28 Tests
Tool Exposure (6 tests)
Verifies that human-only control plane tools are NOT exposed via MCP, while gateway tools ARE exposed.
gateway_approve not exposed
Human-only tool must not appear in tools/list
gateway_reject not exposed
Human-only tool must not appear in tools/list
gateway_break_glass not exposed
Emergency override must not be agent-callable
gateway_policy_override not exposed
Policy changes must not be agent-callable
gateway_terraform_plan IS exposed
Agents need to create plans
gateway_shell_exec IS exposed
Agents need sandboxed shell access
Terraform Enforcement (6 tests)
Verifies that Terraform apply is strictly plan-bound and cannot be bypassed.
Apply without plan_id fails
Agent cannot run terraform apply directly
Apply with invalid plan_id fails
Random/fabricated plan IDs are rejected
Apply with expired plan fails
Plans past TTL cannot be applied
Apply with wrong workspace fails
Plan for workspace A cannot apply to B
Apply with hash mismatch fails
Drift detection prevents stale applies
Destroy blocks in prod
terraform destroy is blocked in production
Plan Lifecycle (4 tests)
Verifies that plans are created, stored, and expired correctly.
Plan creates valid plan_id
32-character hex ID is returned
Plan stores hash for verification
SHA-256 hash stored for drift detection
Plan TTL is configured
Default 3600s, must be > 0
Approval TTL is configured
Default 86400s, must be > plan TTL
Kubernetes (5 tests)
Verifies kubectl operations follow expected gate behavior.
kubectl get always allowed
Read-only operations pass through
kubectl delete escalates
Deletions require human approval
kubectl delete namespace blocks
Namespace deletion is never auto-approved
kubectl exec escalates
Container exec requires approval
Protected namespaces configured
kube-system, monitoring, etc. are protected
Shell Sandbox (7 tests)
Verifies dangerous shell patterns are blocked before execution.
curl|bash blocks
Remote code execution pattern
curl|sh blocks
Remote code execution pattern
wget|sh blocks
Remote code execution pattern
bash <(curl) blocks
Process substitution RCE pattern
rm -rf / blocks
System destruction pattern
sudo su blocks
Privilege escalation pattern
nc -e (reverse shell) blocks
Reverse shell pattern
Interpreting Results
All tests pass
Gateway is production-ready. Deploy with confidence.
Some tests fail (warnings)
Review failures. May be acceptable for dev/staging environments.
Critical tests fail
Do NOT deploy. Tool exposure or enforcement tests failing means agents could bypass the gateway.
CI Integration
Run gateway doctor in CI to prevent deploying misconfigured gateways:
# GitHub Actions
- name: Verify gateway configuration
run: |
npx recourse-cli gateway doctor -e prod --json > doctor-results.json
if [ $(jq '.failed' doctor-results.json) -gt 0 ]; then
echo "Gateway doctor failed"
exit 1
fiExit code is non-zero if any critical tests fail.