nettune

The project uses a client-server architecture where the `nettune` server (Go application) runs with root privileges on the target Linux machine to modify kernel parameters and traffic control settings. The client wrapper (`@jtsang/nettune-mcp` npm package) downloads the `nettune` binary from GitHub releases and verifies it using SHA256 checksums, a good practice to prevent tampering. Communication between the client and server is HTTP with Bearer token authentication. The server implements robust security measures including client IP-based rate limiting, request body size limits, and constant-time comparison for API keys to mitigate timing attacks. The README provides critical security warnings regarding API key exposure via shell history (when passed as a command-line argument) and recommends using TLS termination for production deployments. The inherent risk of a tool modifying system network configurations is high due to requiring root privileges, but the project has implemented reasonable safeguards and transparently documented risks.