dokku-mcp

The project demonstrates strong security awareness for an early-stage project. It includes explicit command validation (checking for dangerous characters, blacklisting certain Dokku commands like 'destroy', 'uninstall', 'remove'). It actively redacts sensitive information (passwords, API keys, SSH private keys) from logs before exposing them. The `CONTRIBUTING.md` discourages the use of `interface{}`, `any`, `reflect.`, and `unsafe.` to maintain type safety and reduce attack surface. While currently relying on a blacklist for commands, a roadmap item exists for an allow-list, which is generally more secure. Development environment setups use clearly marked placeholder credentials. Future plans include robust multi-tenant authentication with JWT, RBAC, and HashiCorp Vault for dynamic SSH keys, indicating a strong security-first mindset.