test-mcp-server

The server demonstrates robust security practices: - **SafeFastMCPWrapper**: Protects against internal FastMCP API changes, providing clear error messages and preventing crashes. - **AST-based `safe_eval()`**: Replaced direct `eval()` usage (often a security vulnerability) with a secure AST parsing mechanism for expression evaluation (though the calculator tool has been removed in latest production configuration). - **Pydantic BaseSettings**: Ensures type-safe and validated configuration loaded from environment variables or .env files, guarding against invalid or malicious settings. - **RateLimitMiddleware**: Implements in-memory rate limiting per client IP, mitigating potential DoS attacks. - **Input Validation**: Pydantic models are used for validating tool input schemas, ensuring only valid data is processed. - **API Key Protection**: API keys are managed via environment variables and are not logged or exposed in error messages. - **DNS Rebinding Protection**: Explicitly disabled (`enable_dns_rebinding_protection=False`) due to the specific requirements of OpenAI App Store integration, which typically involves requests from multiple dynamic origins. This is a deliberate trade-off for platform compatibility, though generally a security consideration.