foundryvtt-mcp-relay

The server uses environment variables for sensitive API keys (MCP_SERVER_API_KEY, GOOGLE_GENAI_API_KEY, GitHub OAuth secrets), which is good practice. Client connections are authenticated using an API key via WebSocket. It implements a basic OAuth flow for GitHub, storing tokens in a local file (`token-store.json`) which requires secure host system configuration. A payload deduplication middleware is used to prevent replay attacks or accidental duplicate requests. Content Security Policy headers are defined for the UI widgets, limiting resource and connection domains to `https://mcp.krdp.ddns.net`, which enhances client-side security but implies the server needs to run on this specific domain or have the CSP updated. The WebSocket for the A/V widget (`/widget-av`) does not appear to have explicit authentication in its `onConnection` handler, potentially allowing unauthenticated connections, though the `set-av-state` tool still requires MCP authentication. Statically served AI-generated assets (audio, images) require the `FOUNDRY_DATA_PATH` to be securely configured. Wide-open CORS (`*`) is possible if configured, which is a risk.