aks-mcp

The server implements a three-tier access control (readonly, readwrite, admin) for operations, enforced via command validation and Kubernetes RBAC in Helm deployments. It uses `shlex.Split` to mitigate shell injection risks during CLI command execution. OAuth 2.1 authentication with Azure AD is supported for HTTP transports, including JWT validation and dynamic client registration. Azure credentials are sourced from environment variables or Kubernetes secrets, avoiding hardcoding. Telemetry uses a default Microsoft instrumentation key unless overridden, which is a privacy consideration but not a direct security vulnerability. Strict path validation for federated tokens (`/var/run/secrets/azure/tokens/azure-identity-token`) prevents arbitrary file access. Overall, the project demonstrates a strong focus on security best practices, but improper configuration of 'admin' access can expose sensitive cluster operations.