amorce

The server implements strong L1 (API Key) and L2 (Ed25519 Cryptographic Signatures) security, Human-in-the-Loop (HITL) approvals, and rate limiting. However, there are significant security concerns for development/standalone modes: - `_verify_request_with_standalone` in `adapters/mcp/mcp_agent_wrapper.py` explicitly *bypasses full signature verification* in standalone mode, stating 'DO NOT USE IN PRODUCTION without trust directory!' This is a critical risk if deployed incorrectly. - A hardcoded `ADMIN_KEY` ('sk-admin-amorce-2025-secure-reset') is present in `setup_full_env.py` and `register_mock.py`, which could grant administrative access to the Trust Directory if these scripts are used in a production context. - In `orchestrator.py`, API key authentication is optional in standalone mode if `AGENT_API_KEY` is not set, posing a risk in non-isolated environments. - `subprocess.Popen` is used to launch external MCP servers, which could be a command injection risk if `mcp_command` is not carefully controlled (though current configuration uses trusted commands).