Skip to content

[codex] Harden MCP release readiness #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
senseibelbi wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

[codex] Harden MCP release readiness #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
29932ff
Clean repository surface on main
senseibelbi Apr 17, 2026
54a72a2
Move manual helper scripts out of repo root
senseibelbi Apr 17, 2026
7572d95
Document how to request a CompTox API key
senseibelbi Apr 17, 2026
55c9bc5
Harden MCP release readiness
senseibelbi Apr 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,20 @@ ENVIRONMENT="development" # deployment environment
LOG_LEVEL="INFO" # logging verbosity
BYPASS_AUTH="0" # set to "1" to disable auth (development only)
CORS_ALLOW_ORIGINS="" # comma-separated list of allowed origins
MCP_AUTH_ISSUER="" # OIDC issuer URL for MCP bearer-token validation
MCP_AUTH_AUDIENCE="" # Expected JWT audience (comma-separated values allowed)
MCP_AUTH_JWKS_URL="" # OIDC JWKS URL used to verify JWT signatures
MCP_AUTH_REQUIRED_SCOPES="tox:read" # Space/comma-separated scopes required for MCP calls
MCP_RESOURCE_URL="http://localhost:8000/mcp" # Canonical protected MCP resource URL
MCP_RATE_LIMIT_REQUESTS_PER_MINUTE="120" # Per-subject/IP tool-call limit; 0 disables local limiter
MCP_RATE_LIMIT_BURST="20" # Token-bucket burst size for MCP tool calls

# CTX (Comptox) API
CTX_API_BASE_URL="https://comptox.epa.gov/ctx-api" # Default CTX API server
# Request a free CTX API key from ccte_api@epa.gov.
# Official docs:
# - https://www.epa.gov/comptox-tools/computational-toxicology-and-exposure-apis
# - https://www.epa.gov/comptox-tools/computational-toxicology-and-exposure-apis-about
CTX_API_KEY="your_ctx_api_key_here" # Required for CTX APIs (do not commit real key)
CTX_USE_LEGACY="0" # Set to "1" to use https://api-ccte.epa.gov until 2025-10-01
EPA_COMPTOX_API_KEY="" # Legacy env name also supported (fallback)
Expand All @@ -16,3 +27,4 @@ CTX_RETRY_BASE="0.5" # Base delay (seconds) fo
EPACOMP_MCP_HEARTBEAT_TIMEOUT_SECONDS="120" # Minimum heartbeat timeout negotiated with clients
EPACOMP_MCP_HANDSHAKE_TIMEOUT_SECONDS="30" # Minimum handshake timeout negotiated with clients
EPACOMP_MCP_METRICS_ENABLED="1" # Expose /metrics endpoint
MCP_METRICS_BYPASS_AUTH="0" # Set to "1" only when a trusted gateway protects metrics
7 changes: 7 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,3 +49,10 @@ htmlcov/
artifacts/
dist/
build/

# Internal review and generated research artifacts
/AUDIT_MCP_*.md
/ToxMCP_Audit_Reviewed_*/
/scientific_engine_bundle.txt
/triclosan_*.png
/epa_comptox_api_structure.json
86 changes: 0 additions & 86 deletions AUDIT_MCP_COVERAGE_2026-03-18.md
View file
Open in desktop

This file was deleted.

171 changes: 0 additions & 171 deletions AUDIT_MCP_ENDPOINTS_2026-03-18.md
View file
Open in desktop

This file was deleted.

53 changes: 0 additions & 53 deletions AUDIT_MCP_FAMILY_LIVE_COVERAGE_2026-03-18.md
View file
Open in desktop

This file was deleted.

48 changes: 0 additions & 48 deletions AUDIT_MCP_PATCH_VERIFICATION_2026-03-18.md
View file
Open in desktop

This file was deleted.

Loading