| Version | Supported |
|---|---|
| 1.x | Yes |
Strada.MCP implements defense-in-depth with multiple security layers.
- All 49 tools validate input via Zod schemas
- C# identifiers validated against keyword list
- Numeric ranges enforced (ports, dimensions, sizes)
- Enum constraints on all categorical inputs
- Directory traversal prevention on every file operation (
src/security/path-guard.ts) - Null byte injection rejection
- Paths resolved and validated against allowed root directories
- Symlink traversal prevention
- Configurable allowed paths via
ALLOWED_PATHSenvironment variable
- API keys, tokens, and secrets scrubbed from all tool output (
src/security/sanitizer.ts) - Patterns detected:
sk-*,AIza*,Bearer *,ghp_*,gho_*,xox*-* - Git credential URLs redacted
- Environment variables with secrets never logged
- Global
READ_ONLY=trueblocks all write operations - Per-tool
readOnlymetadata enforced at registry level - Bridge commands respect read-only flag
- Roslyn script execution disabled by default
- Requires explicit
SCRIPT_EXECUTE_ENABLED=true - Sandboxed execution with timeout
- Unity bridge binds to
127.0.0.1only (no remote access) - Bridge accepts only registered JSON-RPC commands (allowlist)
- No outbound network calls except configured embedding API and Brain URL
- All process arguments sanitized against shell metacharacters (
src/security/validator.ts) - Dangerous characters rejected:
; & | ` $ ( ) { } [ ] < > ! \ - File paths prefixed with
--to prevent flag injection
If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public GitHub issue
- Email: security@stradacore.com
- Include:
- Description of the vulnerability
- Steps to reproduce
- Impact assessment
- Suggested fix (optional)
We will acknowledge receipt within 48 hours and provide a timeline for a fix.
- Path traversal / directory escape
- Credential leakage in tool output
- Shell injection via tool parameters
- Unauthorized Unity Editor manipulation
- Denial of service via large inputs
- Physical access attacks
- Compromised Node.js runtime
- Malicious MCP client (trusted client model)
- Unity Editor API vulnerabilities