This project implements OAuth-protected MCP (Model Context Protocol) infrastructure and handles authentication, authorization, and identity propagation. We take security issues seriously.
This repository is under active development.
Security updates are applied to the main branch.
If you discover a security vulnerability, please do not open a public issue.
Instead, report it responsibly by emailing:
Please include:
- A description of the issue
- Steps to reproduce (if applicable)
- Potential impact
- Any relevant logs or screenshots
We will acknowledge receipt and work with you to assess and remediate the issue promptly.
Security concerns may include (but are not limited to):
- Authentication or authorization bypass
- Token validation or scope enforcement issues
- Identity spoofing or privilege escalation
- Incorrect OAuth discovery or
WWW-Authenticatebehavior - Leaked secrets or sensitive data in logs
Issues outside this scope (e.g., misuse of the software, insecure deployments) may not be considered vulnerabilities.
We follow responsible disclosure practices. Please allow reasonable time for investigation and remediation before any public disclosure.
Thank you for helping keep this project secure.