Merge pull request #25 from cablate/copilot/request-security-clarifications

Rename security clarification doc file and update README reference

Author: cablate

README.md

@@ -238,6 +238,12 @@ src/
 - Input validation using Zod schemas
 - Error handling and logging
 
+### Security Assessment Clarifications (2026-03)
+
+For enterprise security reviews, see the standalone document:
+
+- [Security Assessment Clarifications (23 items)](./SECURITY_ASSESSMENT.md)
+
 ## License
 
 MIT

SECURITY_ASSESSMENT.md

@@ -0,0 +1,31 @@
+# Security Assessment Clarifications
+
+> Updated: 2026-03
+
+For enterprise security reviews, the current implementation can be summarized as follows:
+
+| # | Security check type | Clarification for this repository |
+|---|---|---|
+| 1 | Licensing & Legal Compliance | MIT License (commercial/internal/modification/distribution allowed under MIT terms). |
+| 2 | Data Protection & Privacy Laws | The server is stateless for business data and only proxies user-provided query parameters to Google Maps APIs; no database or file persistence of prompt/result payloads is implemented. Operators remain responsible for legal basis, retention policy, and regional compliance in their own deployment. |
+| 3 | Infrastructure & Deployment Security | Self-hosted Node.js service. API keys can be provided by header/CLI/env and should be restricted in Google Cloud (API scope + IP/referrer), rotated, and managed in a secret manager. |
+| 4 | Long-Term Viability Risk | Open-source project with public commit/release history; users can pin versions/tags for controlled adoption. |
+| 5 | Unexpected RCE / Code Attacks | No eval/plugin runtime/shell execution path from tool input. Inputs are validated and used as API request parameters only. |
+| 6 | Tool Contamination Attacks | No persistent cache/storage for tool outputs. Session state is in-memory and contains transport/API-key context only. |
+| 7 | Shadowing Attack | Tools are statically registered at server startup; no dynamic tool download or runtime override mechanism is provided by this repository. |
+| 8 | Credential Theft | Secret in scope is mainly Google Maps API key. This project supports header/CLI/env injection and should be deployed with secret-manager storage, restricted keys, key rotation, and transport security (HTTPS via trusted proxy/ingress in production). |
+| 9 | Verification of MCP Server Provider | Source code is publicly auditable in `cablate/mcp-google-map` with visible maintainership and issue/PR history. |
+| 10 | Verification of Information Handled | Tool output is sourced from Google Maps Platform responses; the server does not persist or transform data beyond formatting responses. |
+| 11 | Authentication methods and permissions | No internal user/role system exists in this MCP server. Access control should be enforced at deployment boundary (network policy, reverse proxy auth, API gateway) and by Google API key restrictions. |
+| 12 | AI Agent Execution Environment Verification | Repository does not ship hard-coded credentials; `.env.example` contains placeholders only. |
+| 13 | MCP Server Settings / Version Verification | Use pinned package versions/tags/commit SHAs in your deployment pipeline for controlled upgrades. |
+| 14 | Verify connected MCP servers during prompt input | This is controlled by the MCP client/host application, not by this server. This repository exposes one MCP endpoint (`/mcp`) and does not manage other connected servers. |
+| 15 | Account/DB/container/SQL management | Not applicable: this server does not include DB connectors or SQL execution features. |
+| 16 | Logging, Monitoring, Log Query | Basic stdout/stderr logging is provided. Centralized log retention/query/alerting is not built-in and should be implemented by the host platform (for example, container logs + SIEM). |
+| 17 | Post-Approval Malicious Update Risk | Mitigate by pinning exact package versions, reviewing changelogs/commits before upgrade, and using internal artifact approval/signing workflows. |
+| 18 | Outdated Dependencies | Dependencies are managed in `package.json`/`package-lock.json`. Operators should run routine dependency scanning (for example, `npm audit`, SCA in CI) and patch regularly. |
+| 19 | Environmental Damage due to Auto-Approval | Current tools call Google Maps APIs and do not provide local file/system mutation operations; risk mainly depends on client-side auto-approval policy and surrounding toolchain composition. |
+| 20 | Intent/Objective Tampering | No autonomous goal-modification logic exists in this repository; behavior is bounded by MCP tool schemas and request handlers. |
+| 21 | Human Operation Risk | Main risks are deployment misconfiguration (unrestricted API keys, exposed endpoint, missing TLS, over-broad network access). Use change control + least privilege. |
+| 22 | Lag Pull Attack | The server returns real-time API responses per request and does not cache historical outputs; stale-decision risk is primarily on client orchestration and human review timing. |
+| 23 | Cost-related information | Open-source, self-hosted server code (free). Google Maps Platform usage may incur API charges based on your Google Cloud billing plan. |

package-lock.json

@@ -82,7 +82,7 @@ export class BaseMcpServer {
       const apiKeyManager = ApiKeyManager.getInstance();
       const requestApiKey = apiKeyManager.getApiKey(req);
 
-      Logger.log(`${this.serverName} Get API KEY: ${requestApiKey}`)
+      Logger.log(`${this.serverName} API key received from request context`);
 
       if (sessionId && this.sessions[sessionId]) {
         // Reuse existing session