poly-db-mcp

The server leverages Deno's secure runtime with explicit permission grants (`--allow-net`, `--allow-read`, `--allow-write`, `--allow-env`), avoiding `--allow-run` to prevent shell execution vulnerabilities. It actively tests against hardcoded credentials in adapters and enforces environment variable-based configuration for sensitive data. A comprehensive `SECURITY.md` outlines robust vulnerability reporting and disclosure policies, including a 'Safe Harbour' for researchers. The `PROVEN-INTEGRATION.md` indicates a plan to integrate formally verified modules for SQL injection prevention and schema validation, demonstrating a proactive approach to security by design. Pre-commit hooks for GitHub Actions also enforce security best practices for workflows. The primary security boundary for data access relies on the user's configuration of database authentication, which is a common and necessary practice.