You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Harden MCP HTTP non-loopback binding and add expected-content check to conformance
- Refuse to serve MCP HTTP on non-loopback hosts without --auth-token
or OAuth configured
- Add --expect flag to model conformance; fail provider if response
content does not match expected value
- Replace bare try/except and isinstance-or chains with contextlib.suppress
and isinstance(..., (list, tuple)) across code_mode, oauth21, mcp_http
Copy file name to clipboardExpand all lines: docs/p2-scope.md
+6-5Lines changed: 6 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,19 +3,20 @@
3
3
## Included
4
4
5
5
- In-memory Graph RAG primitives for entity/relation traversal and document retrieval.
6
-
- Restricted Code Mode for deterministic local data manipulation with AST allow-list validation.
6
+
- Restricted Code Mode for deterministic local data manipulation with AST allow-list validation and child-process timeout/resource guardrails.
7
7
- Stateless MCP request/response envelopes that carry capabilities and shared state per request.
8
-
- Streamable HTTP transport for the MCP server with `Mcp-Session-Id` sessions, optional bearer-token auth, and Origin allowlist (POST/GET/DELETE on `/mcp`).
8
+
- Streamable HTTP transport for the MCP server with `Mcp-Session-Id` sessions, bearer-token/OAuth guardrails for non-loopback binds, and Origin allowlist (POST/GET/DELETE on `/mcp`).
9
9
- Managed-agent readiness checks for tool metadata, audit, budget, external state, and HITL gaps.
10
10
- Provider portability checks for tool calling, structured output, system prompt support, prompt caching, and context limits.
11
+
- Cross-provider live model conformance smoke checks with per-provider pass/fail/skip reporting.
11
12
12
13
## Still Deferred
13
14
14
15
- Production GraphQLite deployment, migrations, and Cypher query tuning.
15
-
-Production sandboxing for Code Mode using containers, V8 isolates, or a managed execution service.
16
-
- OAuth 2.1 / DPoP enforcement on top of the Streamable HTTP transport.
16
+
-Strong production sandboxing for Code Mode using containers, V8 isolates, or a managed execution service.
17
+
-Production hardening for OAuth 2.1 / DPoP deployments, including key rotation and external client storage.
17
18
- Actual managed runtime integration with Anthropic, OpenAI, Google ADK, or Vertex Agent Engine.
18
-
-Cross-provider live conformance tests.
19
+
-Deeper cross-provider conformance for streaming, structured output, tool calling, and provider-specific safety blocks.
0 commit comments