npm - cos-mcp - Versions diffs - 1.0.14 → 1.0.15 - Mend

cos-mcp 1.0.14 → 1.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.en.md CHANGED Viewed

@@ -250,6 +250,40 @@ After completing the above steps, you can run COS MCP Server from the source cod
 ---
+## 🔒 Security Guidelines
+### Connection Mode Security
+#### STDIO Mode
+- STDIO mode uses local process communication, limited to local machine calls only. It offers **high security** and is suitable for personal development use.
+#### SSE Mode
+- SSE mode (`/sse`) serves over HTTP and is **intended for internal network (intranet) deployment**, providing access to team members within a trusted network.
+- ⚠️ **Never expose the `/sse` endpoint directly to the public internet.** Doing so would allow anyone to operate your COS bucket through the interface, leading to potential data leaks or resource abuse.
+- For production or public-facing environments, **developers must implement their own authentication logic on top of this service**, for example:
+  - Add authentication middleware at the reverse proxy layer (Nginx / API Gateway)
+  - Validate requests using Token, OAuth, API Key, or similar mechanisms
+  - Configure IP whitelisting or VPN for network-level access control
+### Tool Access Control
+In SSE mode, the MCP Server exposes all registered tools to connected clients. In team-sharing scenarios, developers are strongly advised to implement **tool-level access control and restrictions** at the application layer:
+- **Tool Whitelisting**: At the business gateway layer, only allow tools permitted for each user role/permission level. Prevent low-privilege users from executing high-risk operations (e.g., file deletion, batch operations).
+- **Operation Audit & Logging**: Log every tool invocation including the requester identity, call parameters, and execution results for post-incident traceability and security auditing.
+- **Rate Limiting**: Apply rate limiting on tool invocations at the gateway or middleware layer to prevent malicious or accidental resource abuse.
+- **Secondary Confirmation for Sensitive Operations**: For high-risk operations such as file deletion or overwrite, implement a secondary confirmation or approval workflow at the business layer.
+- **Input Parameter Validation**: Validate user-supplied parameters (e.g., file paths, bucket names) at the gateway layer to prevent path traversal or unauthorized access.
+### Key Security
+- **SecretId / SecretKey** are Tencent Cloud API credentials with permissions to operate your cloud resources. Keep them safe at all times.
+- It is recommended to use [sub-account keys](https://cloud.tencent.com/document/product/598/13674) following the **principle of least privilege**, granting only the necessary COS operation permissions.
+- Never hardcode credentials in source code or commit them to public repositories.
+- Manage keys through environment variables (`.env` file) and ensure `.env` is added to `.gitignore`.
+---
 ## ⚠️ Notes
 1. If an older version of the package is installed, replace `cos-mcp` with `cos-mcp@latest` in the commands to install the latest version.

package/README.md CHANGED Viewed

@@ -250,6 +250,40 @@ npm run build
 ---
+## 🔒 安全性说明
+### 连接模式安全建议
+#### STDIO 模式
+- STDIO 模式为本地进程通信，仅限本机调用，**安全性较高**，适合个人开发使用。
+#### SSE 模式
+- SSE 模式（`/sse`）通过 HTTP 提供服务，**适合内网部署**，开放给团队内部使用。
+- ⚠️ **切勿将 `/sse` 端口直接暴露到公网**，否则任何人都可以通过该接口操作您的 COS 存储桶，造成数据泄露或资源滥用。
+- 如需在生产环境或公网使用，**开发者必须在上层封装自己的业务鉴权逻辑**，例如：
+  - 在反向代理（Nginx / API Gateway）层添加鉴权中间件
+  - 使用 Token、OAuth、API Key 等机制校验请求合法性
+  - 配置 IP 白名单或 VPN 等网络层访问控制
+### 工具调用管控
+SSE 模式下，MCP Server 会将所有已注册的工具（Tool）暴露给连接的客户端。在团队共享场景下，建议开发者根据实际业务需求在上层进行 **工具调用的管控与限制**：
+- **工具白名单**：在业务网关层按用户角色/权限只放行允许调用的工具，避免低权限用户执行高危操作（如删除文件、批量操作等）。
+- **操作审计与日志**：记录每次工具调用的请求者、调用参数和执行结果，便于事后追溯和安全审计。
+- **调用频率限制**：在网关或中间件层对工具调用设置速率限制（Rate Limiting），防止资源被恶意或意外滥用。
+- **敏感操作二次确认**：对文件删除、覆盖写入等高风险操作，建议在业务层增加二次确认或审批流程。
+- **输入参数校验**：在网关层对用户传入的参数（如文件路径、Bucket 名称等）进行合法性校验，防止路径穿越或越权访问。
+### 密钥安全
+- **SecretId / SecretKey** 是腾讯云 API 密钥，拥有操作您云资源的权限，请务必妥善保管。
+- 建议使用 [子账号密钥](https://cloud.tencent.com/document/product/598/13674) 并遵循 **最小权限原则**，仅授予必要的 COS 操作权限。
+- 禁止将密钥硬编码在代码中或提交到公开仓库。
+- 推荐通过环境变量（`.env` 文件）管理密钥，并将 `.env` 加入 `.gitignore`。
+---
 ## ⚠️ 注意事项
 1. 如果安装了旧版本的包，可以将上述内容内 `cos-mcp` 改为 `cos-mcp@latest` 安装最新版包。

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "cos-mcp",
-  "version": "1.0.14",
+  "version": "1.0.15",
   "type": "module",
   "main": "dist/index.js",
   "bin": {
@@ -15,6 +15,7 @@
     "start:sse": "npm run build && node ./dist/index.js --connectType=sse",
     "inspect": "npx @modelcontextprotocol/inspector",
     "publish:release": "npm run build && npm publish --access public",
+    "publish:strict": "npm run build && npm publish --access public --tag strict",
     "publish:local": "npm run build && npm pack",
     "format": "prettier --write \"src/**/*.ts\"",
     "test": "npx jest"