fd-mcp-server

The server employs API key authentication for the MCP endpoint, exchanging it for Firebase ID tokens via a backend service, which is a sound approach. All API interactions (both MCP and Web UI) are performed using GraphQL queries with arguments passed as variables, mitigating direct SQL injection risks. The system leverages Firebase for user authentication in the Web UI, including MFA. While `MCP_HOST` allows binding to all interfaces (0.0.0.0), this is common in containerized deployments like Cloud Run, where network security is managed at the platform level. The `allowedHosts` check is disabled in Cloud Run environments, relying on the platform's security. Potential security relies heavily on the robustness of the upstream First Dollar GraphQL APIs and the security of the API key exchange endpoint. Prompt injection risks for the Claude agent are managed through a detailed system prompt and fallback mechanisms, but remain an inherent concern with LLM integrations.