mcp-server

The server uses environment variables for sensitive API tokens (GLEAN_API_TOKEN), which is a good practice. Input validation for tool arguments is enforced using Zod schemas, significantly mitigating injection risks. Communication is via stdio, reducing external network attack surface. Docker deployment options suggest good security practices like dropping privileges and read-only filesystems. A direct `fetch` is used in `read_documents.ts` (noted as a workaround for an SDK bug) for Glean API calls, manually constructing headers, but the values for `Authorization` and `X-Glean-ActAs` still originate from controlled environment variables, so no immediate user-controlled injection is apparent. The `open` utility is used to display launch warnings, but the URLs are hardcoded to a Glean-controlled domain and package version, minimizing the risk of opening arbitrary malicious links.