feat(demo): lock down identity, egress, and credential surfaces

src/app/api/agent/enroll/__tests__/route.test.ts

@@ -1,4 +1,4 @@
-import { vi, describe, it, expect, beforeEach } from "vitest";
+import { vi, describe, it, expect, beforeEach, afterEach } from "vitest";
 import { mockDeep, mockReset, type DeepMockProxy } from "vitest-mock-extended";
 import type { PrismaClient } from "@/generated/prisma";
 
@@ -164,3 +164,29 @@ describe("POST /api/agent/enroll -- NODE-03 label template auto-assignment", ()
     expect(prismaMock.vectorNode.update).not.toHaveBeenCalled();
   });
 });
+
+describe("POST /api/agent/enroll -- demo mode", () => {
+  const ORIGINAL_ENV = process.env.NEXT_PUBLIC_VF_DEMO_MODE;
+
+  beforeEach(() => {
+    mockReset(prismaMock);
+  });
+
+  afterEach(() => {
+    if (ORIGINAL_ENV === undefined) delete process.env.NEXT_PUBLIC_VF_DEMO_MODE;
+    else process.env.NEXT_PUBLIC_VF_DEMO_MODE = ORIGINAL_ENV;
+  });
+
+  it("rejects with 403 when demo mode is active and never touches the database", async () => {
+    process.env.NEXT_PUBLIC_VF_DEMO_MODE = "true";
+
+    const req = makeRequest({ token: "vf_enroll_demo", hostname: "demo-host" });
+    const res = await POST(req);
+
+    expect(res.status).toBe(403);
+    const body = await res.json();
+    expect(body.error).toMatch(/demo/i);
+    expect(prismaMock.environment.findMany).not.toHaveBeenCalled();
+    expect(prismaMock.vectorNode.create).not.toHaveBeenCalled();
+  });
+});

src/app/api/agent/enroll/route.ts

@@ -6,6 +6,7 @@ import { fireEventAlert } from "@/server/services/event-alerts";
 import { debugLog, errorLog } from "@/lib/logger";
 import { nodeMatchesGroup } from "@/lib/node-group-utils";
 import { checkIpRateLimit } from "@/app/api/_lib/ip-rate-limit";
+import { isDemoMode } from "@/lib/is-demo-mode";
 
 const enrollSchema = z.object({
   token: z.string().min(1),
@@ -17,6 +18,13 @@ const enrollSchema = z.object({
 });
 
 export async function POST(request: Request) {
+  if (isDemoMode()) {
+    return NextResponse.json(
+      { error: "Agent enrollment is disabled in the public demo." },
+      { status: 403 },
+    );
+  }
+
   const rateLimited = checkIpRateLimit(request, "enroll", 10);
   if (rateLimited) return rateLimited;
 

src/server/routers/alert-channels.ts

@@ -1,7 +1,7 @@
 import { z } from "zod";
 import { TRPCError } from "@trpc/server";
 import { Prisma } from "@/generated/prisma";
-import { router, protectedProcedure, withTeamAccess } from "@/trpc/init";
+import { router, protectedProcedure, withTeamAccess, denyInDemo } from "@/trpc/init";
 import { prisma } from "@/lib/prisma";
 import { withAudit } from "@/server/middleware/audit";
 import { validatePublicUrl, validateSmtpHost } from "@/server/services/url-validation";
@@ -52,6 +52,7 @@ export const alertChannelsRouter = router({
         config: z.record(z.string(), z.unknown()),
       }),
     )
+    .use(denyInDemo())
     .use(withTeamAccess("EDITOR"))
     .use(withAudit("notificationChannel.created", "NotificationChannel"))
     .mutation(async ({ input }) => {
@@ -124,6 +125,7 @@ export const alertChannelsRouter = router({
         enabled: z.boolean().optional(),
       }),
     )
+    .use(denyInDemo())
     .use(withTeamAccess("EDITOR"))
     .use(withAudit("notificationChannel.updated", "NotificationChannel"))
     .mutation(async ({ input }) => {
@@ -205,6 +207,7 @@ export const alertChannelsRouter = router({
 
   deleteChannel: protectedProcedure
     .input(z.object({ id: z.string() }))
+    .use(denyInDemo())
     .use(withTeamAccess("EDITOR"))
     .use(withAudit("notificationChannel.deleted", "NotificationChannel"))
     .mutation(async ({ input }) => {
@@ -224,6 +227,7 @@ export const alertChannelsRouter = router({
 
   testChannel: protectedProcedure
     .input(z.object({ id: z.string() }))
+    .use(denyInDemo())
     .use(withTeamAccess("EDITOR"))
     .use(withAudit("notificationChannel.tested", "NotificationChannel"))
     .mutation(async ({ input }) => {

src/server/routers/certificate.ts

@@ -1,6 +1,6 @@
 import { z } from "zod";
 import { TRPCError } from "@trpc/server";
-import { router, protectedProcedure, withTeamAccess } from "@/trpc/init";
+import { router, protectedProcedure, withTeamAccess, denyInDemo } from "@/trpc/init";
 import { prisma } from "@/lib/prisma";
 import { encrypt, decrypt } from "@/server/services/crypto";
 import { parseCertExpiry, daysUntilExpiry } from "@/server/services/cert-expiry-checker";
@@ -81,6 +81,7 @@ export const certificateRouter = router({
         dataBase64: z.string().min(1),
       }),
     )
+    .use(denyInDemo())
     .use(withTeamAccess("EDITOR"))
     .use(withAudit("certificate.uploaded", "Certificate"))
     .mutation(async ({ input }) => {
@@ -115,6 +116,7 @@ export const certificateRouter = router({
 
   delete: protectedProcedure
     .input(z.object({ id: z.string(), environmentId: z.string() }))
+    .use(denyInDemo())
     .use(withTeamAccess("EDITOR"))
     .use(withAudit("certificate.deleted", "Certificate"))
     .mutation(async ({ input }) => {

src/server/routers/environment.ts

@@ -86,6 +86,7 @@ export const environmentRouter = router({
         teamId: z.string(),
       })
     )
+    .use(denyInDemo())
     .use(withTeamAccess("EDITOR"))
     .use(withAudit("environment.created", "Environment"))
     .mutation(async ({ input }) => {
@@ -125,6 +126,7 @@ export const environmentRouter = router({
         costBudgetCents: z.number().int().min(0).max(1_000_000_00).nullable().optional(), // monthly budget in cents, null to disable
       })
     )
+    .use(denyInDemo())
     .use(withTeamAccess("EDITOR"))
     .use(withAudit("environment.updated", "Environment"))
     .mutation(async ({ input, ctx }) => {
@@ -264,6 +266,7 @@ export const environmentRouter = router({
 
   delete: protectedProcedure
     .input(z.object({ id: z.string() }))
+    .use(denyInDemo())
     .use(withTeamAccess("ADMIN"))
     .use(withAudit("environment.deleted", "Environment"))
     .mutation(async ({ input }) => {
@@ -295,6 +298,7 @@ export const environmentRouter = router({
 
   generateEnrollmentToken: protectedProcedure
     .input(z.object({ environmentId: z.string() }))
+    .use(denyInDemo())
     .use(withTeamAccess("ADMIN"))
     .use(withAudit("environment.enrollmentToken.generated", "Environment"))
     .mutation(async ({ input }) => {
@@ -318,6 +322,7 @@ export const environmentRouter = router({
 
   revokeEnrollmentToken: protectedProcedure
     .input(z.object({ environmentId: z.string() }))
+    .use(denyInDemo())
     .use(withTeamAccess("ADMIN"))
     .use(withAudit("environment.enrollmentToken.revoked", "Environment"))
     .mutation(async ({ input }) => {

src/server/routers/git-sync.ts

@@ -1,6 +1,6 @@
 import { z } from "zod";
 import { TRPCError } from "@trpc/server";
-import { router, protectedProcedure, withTeamAccess } from "@/trpc/init";
+import { router, protectedProcedure, withTeamAccess, denyInDemo } from "@/trpc/init";
 import { prisma } from "@/lib/prisma";
 
 export const gitSyncRouter = router({
@@ -84,6 +84,7 @@ export const gitSyncRouter = router({
   /** Retry all failed jobs for an environment. */
   retryAllFailed: protectedProcedure
     .input(z.object({ environmentId: z.string() }))
+    .use(denyInDemo())
     .use(withTeamAccess("EDITOR"))
     .mutation(async ({ input }) => {
       const now = new Date();
@@ -105,6 +106,7 @@ export const gitSyncRouter = router({
   /** Retry a single failed job. */
   retryJob: protectedProcedure
     .input(z.object({ jobId: z.string() }))
+    .use(denyInDemo())
     .use(withTeamAccess("EDITOR"))
     .mutation(async ({ input }) => {
       const job = await prisma.gitSyncJob.findUnique({

src/server/routers/secret.ts

@@ -1,6 +1,6 @@
 import { z } from "zod";
 import { TRPCError } from "@trpc/server";
-import { router, protectedProcedure, withTeamAccess } from "@/trpc/init";
+import { router, protectedProcedure, withTeamAccess, denyInDemo } from "@/trpc/init";
 import { prisma } from "@/lib/prisma";
 import { encrypt, decrypt } from "@/server/services/crypto";
 import { withAudit } from "@/server/middleware/audit";
@@ -28,6 +28,7 @@ export const secretRouter = router({
         value: z.string().min(1),
       }),
     )
+    .use(denyInDemo())
     .use(withTeamAccess("EDITOR"))
     .use(withAudit("secret.created", "Secret"))
     .mutation(async ({ input }) => {
@@ -55,6 +56,7 @@ export const secretRouter = router({
         value: z.string().min(1),
       }),
     )
+    .use(denyInDemo())
     .use(withTeamAccess("EDITOR"))
     .use(withAudit("secret.updated", "Secret"))
     .mutation(async ({ input }) => {
@@ -71,6 +73,7 @@ export const secretRouter = router({
 
   delete: protectedProcedure
     .input(z.object({ id: z.string(), environmentId: z.string() }))
+    .use(denyInDemo())
     .use(withTeamAccess("EDITOR"))
     .use(withAudit("secret.deleted", "Secret"))
     .mutation(async ({ input }) => {

src/server/routers/settings.ts

@@ -2,7 +2,7 @@ import { z } from "zod";
 import crypto from "crypto";
 import { TRPCError } from "@trpc/server";
 import { S3Client, HeadBucketCommand, PutObjectCommand, DeleteObjectCommand } from "@aws-sdk/client-s3";
-import { router, protectedProcedure, requireSuperAdmin } from "@/trpc/init";
+import { router, protectedProcedure, requireSuperAdmin, denyInDemo } from "@/trpc/init";
 import { prisma } from "@/lib/prisma";
 import { encrypt, decrypt } from "@/server/services/crypto";
 import { withAudit } from "@/server/middleware/audit";
@@ -115,6 +115,7 @@ export const settingsRouter = router({
     }),
 
   updateOidc: protectedProcedure
+    .use(denyInDemo())
     .use(requireSuperAdmin())
     .input(
       z.object({
@@ -149,6 +150,7 @@ export const settingsRouter = router({
     }),
 
   updateOidcRoleMapping: protectedProcedure
+    .use(denyInDemo())
     .use(requireSuperAdmin())
     .input(
       z.object({
@@ -174,6 +176,7 @@ export const settingsRouter = router({
     }),
 
   updateOidcTeamMappings: protectedProcedure
+    .use(denyInDemo())
     .use(requireSuperAdmin())
     .input(z.object({
       mappings: z.array(z.object({
@@ -257,6 +260,7 @@ export const settingsRouter = router({
     }),
 
   updateFleet: protectedProcedure
+    .use(denyInDemo())
     .use(requireSuperAdmin())
     .input(
       z.object({
@@ -282,6 +286,7 @@ export const settingsRouter = router({
     }),
 
   updateAnomalyConfig: protectedProcedure
+    .use(denyInDemo())
     .use(requireSuperAdmin())
     .input(
       z.object({
@@ -334,6 +339,7 @@ export const settingsRouter = router({
     }),
 
   testOidc: protectedProcedure
+    .use(denyInDemo())
     .use(requireSuperAdmin())
     .input(
       z.object({
@@ -403,6 +409,7 @@ export const settingsRouter = router({
   // ─── Backup & Restore ─────────────────────────────────────────────────────
 
   createBackup: protectedProcedure
+    .use(denyInDemo())
     .use(requireSuperAdmin())
     .use(withAudit("settings.backup_created", "SystemSettings"))
     .mutation(async () => {
@@ -418,13 +425,15 @@ export const settingsRouter = router({
     }),
 
   previewBackup: protectedProcedure
+    .use(denyInDemo())
     .use(requireSuperAdmin())
     .input(z.object({ filename: z.string().min(1) }))
     .query(async ({ input }) => {
       return previewBackup(input.filename);
     }),
 
   deleteBackup: protectedProcedure
+    .use(denyInDemo())
     .use(requireSuperAdmin())
     .input(z.object({ filename: z.string().min(1) }))
     .use(withAudit("settings.backup_deleted", "SystemSettings"))
@@ -434,6 +443,7 @@ export const settingsRouter = router({
     }),
 
   restoreBackup: protectedProcedure
+    .use(denyInDemo())
     .use(requireSuperAdmin())
     .input(z.object({ filename: z.string().min(1) }))
     .use(withAudit("settings.backup_restored", "SystemSettings"))
@@ -443,6 +453,7 @@ export const settingsRouter = router({
     }),
 
   updateBackupSchedule: protectedProcedure
+    .use(denyInDemo())
     .use(requireSuperAdmin())
     .input(
       z.object({
@@ -475,6 +486,7 @@ export const settingsRouter = router({
     }),
 
   testS3Connection: protectedProcedure
+    .use(denyInDemo())
     .use(requireSuperAdmin())
     .input(z.object({
       bucket: z.string().min(1),
@@ -518,6 +530,7 @@ export const settingsRouter = router({
     }),
 
   updateStorageBackend: protectedProcedure
+    .use(denyInDemo())
     .use(requireSuperAdmin())
     .input(z.object({
       backend: z.enum(["local", "s3"]),
@@ -558,6 +571,7 @@ export const settingsRouter = router({
   // ─── SCIM Provisioning ────────────────────────────────────────────────────
 
   updateScim: protectedProcedure
+    .use(denyInDemo())
     .use(requireSuperAdmin())
     .input(z.object({ enabled: z.boolean() }))
     .use(withAudit("settings.scim_updated", "SystemSettings"))
@@ -579,6 +593,7 @@ export const settingsRouter = router({
     }),
 
   generateScimToken: protectedProcedure
+    .use(denyInDemo())
     .use(requireSuperAdmin())
     .use(withAudit("settings.scim_token_generated", "SystemSettings"))
     .mutation(async () => {