Sulkta-Coop/clawdforge
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
clawdforge/clients/mcp/pyproject.toml
Kayos 104f49c441 clients/mcp: apply audit findings — release-blocker fix on upload (093021c → new) 
HIGH:
- S1: upload_file allow-root + symlink-resolve + size-cap. Env: CLAWDFORGE_UPLOAD_ROOT (default cwd), CLAWDFORGE_UPLOAD_MAX_BYTES (default 100MiB). README updated with threat-model paragraph.

LOW:
- S2: logger.propagate = False (stdout discipline defense-in-depth)
- S3: catch-all error message no longer echoes str(e) (host paths)
- S4: whitelist healthz/upload tool response fields
- S5: pattern-validate ff_* file tokens in run schema
- C1: strict-bool guard on timeout_secs/ttl_secs
- C2: coerce empty-string model/system to None

Deps:
- requests>=2.32 (CVE-2024-35195)
- urllib3>=2.2.2 (CVE-2024-37891)
- mcp>=1.2.0

Audit: memory/clawdforge-audits/mcp-093021c.md
2026-04-28 23:10:33 -07:00

54 lines
1.5 KiB
TOML
Raw Blame History

[build-system]
requires = ["hatchling"]
build-backend = "hatchling.build"
[project]
name = "clawdforge-mcp"
version = "0.1.0"
description = "Model Context Protocol (MCP) server that bridges to clawdforge — lets MCP-aware clients (Claude Desktop, Claude Code, Cursor, Zed) call clawdforge tools as native tools."
readme = "README.md"
requires-python = ">=3.10"
authors = [{ name = "Kayos", email = "kayos@sulkta.com" }]
keywords = ["clawdforge", "mcp", "model-context-protocol", "claude", "sulkta"]
classifiers = [
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.10",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
"Operating System :: POSIX :: Linux",
"Intended Audience :: Developers",
"Topic :: Software Development :: Libraries :: Python Modules",
]
dependencies = [
"mcp>=1.2.0",
"requests>=2.32.0",
"urllib3>=2.2.2",
]
[project.optional-dependencies]
test = [
"responses>=0.23",
"pytest>=7",
"pytest-asyncio>=0.21",
]
[project.scripts]
clawdforge-mcp = "clawdforge_mcp.__main__:main"
[project.urls]
Homepage = "http://192.168.0.5:3001/Sulkta-Coop/clawdforge"
Source = "http://192.168.0.5:3001/Sulkta-Coop/clawdforge"
[tool.hatch.build.targets.wheel]
packages = ["src/clawdforge_mcp"]
[tool.hatch.build.targets.sdist]
include = [
"src/clawdforge_mcp",
"README.md",
"pyproject.toml",
]
[tool.pytest.ini_options]
asyncio_mode = "auto"
testpaths = ["tests"]
Reference in a new issue View git blame Copy permalink