sdd-mcp-server 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +15 -4
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -26,16 +26,27 @@ npm run build
|
|
|
26
26
|
npm start
|
|
27
27
|
```
|
|
28
28
|
|
|
29
|
-
### Option 3: Docker
|
|
29
|
+
### Option 3: Docker (Secure Distroless Image)
|
|
30
30
|
```bash
|
|
31
|
-
#
|
|
32
|
-
docker
|
|
31
|
+
# Build distroless image locally
|
|
32
|
+
docker build --target production -t sdd-mcp-server .
|
|
33
33
|
|
|
34
|
-
#
|
|
34
|
+
# Run with Docker (secure distroless image)
|
|
35
|
+
docker run -p 3000:3000 sdd-mcp-server
|
|
36
|
+
|
|
37
|
+
# Or with Docker Compose (includes security hardening)
|
|
35
38
|
curl -O https://raw.githubusercontent.com/yi-john-huang/sdd-mcp/develop/docker-compose.yml
|
|
36
39
|
docker-compose up -d
|
|
37
40
|
```
|
|
38
41
|
|
|
42
|
+
#### 🔒 Security Features
|
|
43
|
+
- **Distroless base image**: Uses `gcr.io/distroless/nodejs18-debian11` for minimal attack surface
|
|
44
|
+
- **No shell access**: Container contains only Node.js runtime and application code
|
|
45
|
+
- **Non-root user**: Runs as user ID 1001 (no privilege escalation)
|
|
46
|
+
- **Read-only filesystem**: Container filesystem is immutable at runtime
|
|
47
|
+
- **Dropped capabilities**: All Linux capabilities dropped except minimal required ones
|
|
48
|
+
- **Security options**: `no-new-privileges` prevents privilege escalation
|
|
49
|
+
|
|
39
50
|
## 🔧 Configuration for AI Clients
|
|
40
51
|
|
|
41
52
|
### Claude Code
|