muster

The project is open-source and provides strong security features like RBAC profiles and session-scoped tool visibility in its Kubernetes deployment. However, configurable options can introduce risks: - The `--yolo` flag, which disables denylists for destructive tool calls, must be used with extreme caution and avoided in production environments. - Exposing the aggregator API (`muster.aggregator.host: "0.0.0.0"`) without proper external network policies and OAuth authentication (enabled via `muster.oauth.enabled` in Helm) can lead to unauthorized access. - While OAuth tokens are stored in-memory by default, the option to configure persistent storage using `valkey` (`muster.oauthServer.storage.type: "valkey"`) introduces an external dependency that requires its own robust security management. - SSO Token Forwarding, though designed for seamless authentication, requires careful configuration of `TrustedAudiences` on downstream MCP servers to prevent token misuse, as emphasized in the documentation's security best practices.