MCP security model

v1.1.1 preview. How the planned MCP server handles auth, scope, and trust.

v1.1.1 preview, not yet functional. The COHESION MCP server is scheduled to ship 2026-05-15. See the post-launch roadmap for target date.

What this is

Planned security posture for the MCP server. The same controls as the underlying scoring API, plus MCP-specific considerations.

Inherited from the scoring API

• Peppered SHA-256 key storage, 80 ms auth timing floor.
• Two-layer rate limit: per-IP (Cloudflare Workers Rate Limiting) and per-key (D1 sliding window).
• Uniform UNAUTHORIZED envelope.
• 90-day audit log retention.

See security for the full posture.

MCP-specific

• Scope: The MCP server is a stateless proxy. No additional data storage.
• Per-tool confirmation: Hosts like Claude Code and Claude.ai prompt the user before each tool call. COHESION does not bypass this.
• Header-only auth: No cookie or OAuth. Key is carried per-request, not stored in the MCP server.
• Prompt-injection hardening: The server rejects tool calls whose arguments contain control tokens the hosts reserve for prompt boundaries.

Next step

Tool reference.