Skip to content

Adds security team tradeoff review for RS migration paths#10

Open
willik wants to merge 5 commits intoshare/fastmcp-migration-planfrom
share/security-oauthproxy-tradeoff-review
Open

Adds security team tradeoff review for RS migration paths#10
willik wants to merge 5 commits intoshare/fastmcp-migration-planfrom
share/security-oauthproxy-tradeoff-review

Conversation

@willik
Copy link
Copy Markdown
Contributor

@willik willik commented Mar 23, 2026

Summary

  • Adds a document addressed to the security team that presents three paths for the MCP server auth migration (external IdP, Mural-API as AS, OAuthProxy), their costs, and what each does and doesn't address from the audit
  • Asks security to confirm whether the pure RS recommendation is firm given the downstream costs, or whether OAuthProxy is an acceptable intermediate posture

willik added 5 commits March 16, 2026 17:19
@willik
Updates plan with AUTH_MODE naming and living document instructions
b72a912 
Reverts agent-proposed BANKSY_MODE (internal/public/dev) to existing
AUTH_MODE (sso-proxy/mural-oauth/dev) for migration simplicity. Adds
"How to use this plan" section establishing the document as a living
plan that should be revised in-place during implementation.
@willik
Converts migration plan to standalone roadmap
f2bdaba 
Strips Cursor plan frontmatter, renames to plain .md, updates
"how to use" section to reference phase-specific .plan.md files
for execution.
@willik
Adds security team tradeoff review for RS migration paths
619e9b4
@willik
Tightens tradeoff review for conciseness
cfe4ef3
@willik
Surfaces user coverage and competitive context, reframes ask
412bc1c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@willik