This repository is designed for local, stdio-based MCP usage on a trusted workstation.

Supported today:

• local docs-only MCP through riverpod-knowledge-graph mcp
• local audit-enabled MCP through riverpod-knowledge-graph mcp-audit
• local CLI usage for audit-repo and build-snapshot

Not supported today:

• direct internet-facing MCP deployment
• shared or multi-tenant remote hosting
• Cloudflare Workers deployment without a dedicated transport and auth layer

• mcp is docs-only and does not expose audit tools
• public MCP read tools are pinned to the configured corpus root
• mcp-audit is explicit opt-in because it can inspect local repo files
• bootstrap-codex only writes a local Codex config entry; it does not expose a remote service

• Snapshot read tools should only read the bundled corpus root configured at startup.
• Audit tools are local filesystem readers and should only be enabled for trusted local repos.
• Remote hosting would require authentication, authorization, request isolation, and a non-stdio transport before it should be considered safe.

This repo should never contain:

• secrets, tokens, credentials, or private keys
• machine-local config files with user-specific absolute paths
• private customer data or repo snapshots that are not redistributable

If you find a security issue in the package defaults or MCP surface, please open a GitHub security advisory or contact the maintainers through the repository’s security reporting flow if it is enabled. If a private channel is not available yet, avoid posting exploit details in a public issue.