This server authenticates to the WG21 wiki with credentials supplied through the
environment (the MCP host's launch env block, or a local .env for
development). Credentials are:
- read only from the process environment at startup,
- held in memory for the lifetime of the process,
- never written to logs, tool output, the cache, or any file,
- never embedded in source code or tests.
Use a bot password (Special:BotPasswords, Read grant) where possible: it is
scoped and revocable. User SSO credentials are supported as a fallback.
The committee wiki is access-restricted and its contents are confidential. This project treats all wiki content as confidential:
- No wiki page titles, namespace names, or page content are embedded in source, tests, fixtures, or documentation. The wiki structure is discovered at runtime.
- Only the public meeting schedule (from isocpp.org) and generic placeholders appear in the repository.
- The local cache database and any dumps are git-ignored.
Tool output returned to an authenticated user may contain wiki content (they already have wiki access); logs and committed artifacts must not.
Logging uses the stdlib logging module (wg21_wiki_mcp.log). A centralized
redaction layer (wg21_wiki_mcp.log_safety) scrubs every log record before it
reaches a handler:
- Credential passwords from the active configuration are registered at startup
and replaced with
[REDACTED]if they ever appear in a log message. - Common credential-like patterns (
password=…,token=…, etc.) are redacted even when not pre-registered. - Log call sites use safe exception summaries (exception type + sanitized message) and never include page titles or wikitext. Lock contention logs use a content-free title hash, not the title itself.
AuthError and other domain error messages are built without upstream exception
text, so authentication failures cannot carry credential material or IdP HTML into
tool errors or logs.
Offline tests assert that registered secrets and sample wiki content never appear
in captured log output (caplog).
Every pull request runs Gitleaks in CI
(.github/workflows/ci.yml) using the MIT-licensed CLI binary. We do not use the
gitleaks-action wrapper: that action requires a GITLEAKS_LICENSE repository
secret for organization-owned repos (free keys are available at
gitleaks.io). Running the CLI directly provides
the same scan coverage with no license key. The job fails on any detected secret
in commits reachable from the PR branch (the CLI invocation applies no confidence
filter). This complements the runtime redaction layer: secrets must neither leak at runtime nor be committed.
Please report suspected vulnerabilities privately to the maintainers via a GitHub security advisory rather than a public issue.