kolada-mcp-server

The project demonstrates robust security practices, including continuous automated scanning (CodeQL, GitGuardian, TruffleHog, Bearer SAST, Dependabot, npm audit) as detailed in SECURITY.md. Sensitive configurations are managed through environment variables, and rate limiting/retry logic is implemented for external API interactions. The HTTP server's primary MCP endpoints (`/mcp`, `/sse`, `/rpc`) are noted as 'Open Access (No authentication)' in the source code. While suitable for public Kolada data, this means local deployments are generally accessible without an MCP-specific authentication layer. The `render.yaml` file includes an `MCP_AUTH_TOKEN` environment variable, suggesting that securing the MCP server itself with an authentication token is possible in a deployment context, though not enforced by the provided code for the default public endpoints.