ai-infrastructure

The system has several critical security risks: 1. Privilege Escalation: The 'mcps/hass-mcp' and 'mcps/browser-use' docker-compose configurations mount '/var/run/docker.sock' into their containers, which grants the containers root access to the host's Docker daemon. This allows for arbitrary code execution on the host. 2. Container Privileges: The 'mcps/mcpx' container is configured with 'privileged: true', which grants it nearly all capabilities of the host system, bypassing security isolation mechanisms. 3. Hardcoded Development Secrets: Langfuse components (MinIO, PostgreSQL, Redis) use hardcoded default credentials ('minio/miniosecret', 'langfuse/langfuse', 'langfuse-redis-secret') and a base64 encoded development auth token in environment variable examples, which are highly insecure for production. 4. Permissive CORS: The 'agentgateway/config.yaml' uses 'allowOrigins: ['*']' and 'allowHeaders: ['*']', which is overly permissive and a security risk if the gateway is exposed publicly without robust authentication/authorization. 5. Supply Chain Risk: The use of 'npx ...@latest' in 'stdio-proxy/servers.json' and client configurations introduces a supply chain risk, as a malicious update to a package could be automatically pulled and executed.