ai-agent-mcp-server

Critical security vulnerabilities found: 1. Hardcoded Google API credentials (CLIENT_ID, CLIENT_SECRET, REFRESH_TOKEN) are present in `backup.ts`. This is a severe risk as these secrets would be exposed if the code is publicly accessible. 2. Hardcoded RabbitMQ credentials (username: 'platform', password: 'platform', vhost: 'tarik.sagbas') are used in `service_core/rpc_client.py` for `rpc_call_mcp`, making client-to-server communication dependent on static, non-environment-variable-driven secrets. 3. The FastAPI client (`mcp_amqp/lg_agent.py`) enables CORS with `allow_origins=["*"]`, which is overly permissive and can expose the service to cross-site scripting (XSS) attacks or unauthorized access from any domain. 4. The use of `exec` in `mcp_amqp/app.py` for dynamic function generation, while seemingly controlled by predefined schemas, still presents a potential attack vector if the schema generation or input is compromised.