mcp-agent-server

CRITICAL VULNERABILITIES IDENTIFIED: 1. **Information Leak on Public Endpoints**: The `/ws/dashboard`, `/api/dashboard/state`, `/api/presence/ws`, and `/api/presence/sse` endpoints are explicitly marked as public routes in `auth.ts`. These endpoints expose sensitive system information including server details, a list of all agents, their statuses, active tasks, system metrics, projects, and session metadata, all without any authentication. This allows unauthenticated users to gain comprehensive visibility into the operational state of the entire multi-agent platform. 2. **Secret Master API Key Exposure**: The `/key` endpoint (path configured by `SECRET_KEY_PATH`) returns the master API key. While the code includes a warning to 'keep this path secret', relying on obscurity for access to a critical secret is a significant security risk. If this path is discovered (e.g., through scanning, misconfiguration, or leaks), the master API key is exposed. 3. **Root Privileges Required**: Core functionalities such as agent provisioning (creating Unix users and their home directories), setting file ownership (`chown`), and running commands as other users (`su`) require the server to operate with root privileges or highly permissive sudoer configurations. This introduces a substantial attack surface, as a compromise of the server could lead to full system compromise. RECOMMENDATIONS: Implement robust authentication/authorization for all dashboard and presence endpoints. Remove or severely restrict the `/key` endpoint, ideally replacing it with a secure token issuance/rotation mechanism for master access.