MCP security model
v1.1.1 preview. How the planned MCP server handles auth, scope, and trust.
v1.1.1 preview, not yet functional. The COHESION MCP server remains a planned wrapper over the scoring API. Use the HTTPS API documentation for production integration.
What this is
Planned security posture for the MCP server. The same controls as the underlying scoring API, plus MCP-specific considerations.
Inherited from the scoring API
- Peppered SHA-256 key storage, 80 ms auth timing floor.
- Two-layer rate limit: per-IP (Cloudflare Workers Rate Limiting) and per-key (D1 sliding window).
- Uniform
UNAUTHORIZEDenvelope. - 90-day audit log retention.
See security for the full posture.
MCP-specific
- Scope: The MCP server is a stateless proxy. No additional data storage.
- Per-tool confirmation: Hosts like Claude Code and Claude.ai prompt the user before each tool call. COHESION does not bypass this.
- Header-only auth: No cookie or OAuth. Key is carried per-request, not stored in the MCP server.
- Prompt-injection hardening: The server rejects tool calls whose arguments contain control tokens the hosts reserve for prompt boundaries.