jake/mcpengine
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mcpengine/infra/factory-tools/mcp-validator/SECURITY.md
Jake Shore f3c4cd817b Add all MCP servers + factory infra to MCPEngine — 2026-02-06 
=== NEW SERVERS ADDED (7) ===
- servers/closebot — 119 tools, 14 modules, 4,656 lines TS (Stage 7)
- servers/google-console — Google Search Console MCP (Stage 7)
- servers/meta-ads — Meta/Facebook Ads MCP (Stage 8)
- servers/twilio — Twilio communications MCP (Stage 8)
- servers/competitor-research — Competitive intel MCP (Stage 6)
- servers/n8n-apps — n8n workflow MCP apps (Stage 6)
- servers/reonomy — Commercial real estate MCP (Stage 1)

=== FACTORY INFRASTRUCTURE ADDED ===
- infra/factory-tools — mcp-jest, mcp-validator, mcp-add, MCP Inspector
  - 60 test configs, 702 auto-generated test cases
  - All 30 servers score 100/100 protocol compliance
- infra/command-center — Pipeline state, operator playbook, dashboard config
- infra/factory-reviews — Automated eval reports

=== DOCS ADDED ===
- docs/MCP-FACTORY.md — Factory overview
- docs/reports/ — 5 pipeline evaluation reports
- docs/research/ — Browser MCP research

=== RULES ESTABLISHED ===
- CONTRIBUTING.md — All MCP work MUST go in this repo
- README.md — Full inventory of 37 servers + infra docs
- .gitignore — Updated for Python venvs

TOTAL: 37 MCP servers + full factory pipeline in one repo.
This is now the single source of truth for all MCP work.
2026-02-06 06:32:29 -05:00

48 lines
2.3 KiB
Markdown
Raw Blame History

# Security Policy
## Supported Versions
We currently provide security updates for the following versions of the MCP Validator:
| Version | Supported |
| ------- | ------------------ |
| 0.1.0 | :white_check_mark: |
## Reporting a Vulnerability
The MCP Validator team takes security seriously. If you believe you've found a security vulnerability, please follow these steps:
1. **Do not disclose the vulnerability publicly**
2. **Email us directly** at [scott@janix.ai](mailto:scott@janix.ai) with details about the vulnerability
3. Include the following information in your report:
- Type of issue
- Full paths of source file(s) related to the issue
- Location of the affected source code
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
## Response Process
We are committed to the following response process:
- We will acknowledge receipt of your vulnerability report within 3 business days
- We will provide an initial assessment of the report within 10 business days
- We will keep you informed of our progress throughout the process
- We will notify you when the vulnerability has been fixed
## Security Best Practices
When using the MCP Validator in your own projects, we recommend the following security best practices:
1. **Keep your dependencies updated**: Regularly update the MCP Validator and its dependencies to benefit from security patches
2. **Use caution with file operations**: When using the file operation tools in the MCP servers, be aware of potential security implications in your specific environment
3. **Control network access**: When using the HTTP MCP server, ensure it's only accessible to trusted clients or over secure networks
## Responsible Disclosure
We follow responsible disclosure principles. After a fix has been developed and released, we encourage security researchers to disclose the vulnerability in a responsible manner, giving users time to update their installations. We will credit security researchers who report valid vulnerabilities and work with us through the entire process.
Thank you for helping to keep the MCP Validator and its users secure!
Reference in New Issue View Git Blame Copy Permalink