OECD-MCP

The server implements robust input validation using Zod schemas for all tool arguments, preventing common injection attacks. Filter parameters are explicitly sanitized to prevent SSRF (Server-Side Request Forgery) and other malicious inputs. Error messages returned to clients are sanitized to prevent information leakage (e.g., file paths, stack traces, internal IP addresses). Rate limiting is enforced internally for API calls to the OECD SDMX endpoint. Deployment configurations (Docker, Kubernetes) suggest good security practices like read-only filesystems, non-root user execution, and dropped capabilities. A minor potential concern is the default `cors()` middleware in `http-server.ts`, which allows all origins; for production, this should ideally be restricted to specific trusted origins (though typically handled by a proxy/gateway). The `OECDSDMXClient` constructor could theoretically allow an arbitrary `baseUrl`, but the `OECDClient` wrapper, which is used by the MCP server, hardcodes the OECD SDMX base URL, mitigating this risk in practice.