Skip to content

[codex] Harden staging MCP E2E credentials#1

Merged
haochencheng merged 1 commit into
mainfrom
codex/staging-mcp-e2e-secret-manager
May 12, 2026
Merged

[codex] Harden staging MCP E2E credentials#1
haochencheng merged 1 commit into
mainfrom
codex/staging-mcp-e2e-secret-manager

Conversation

@haochencheng

Copy link
Copy Markdown
Member

Summary

  • Harden staging MCP live E2E credential handling by resolving maintainer Agent Keys from GCP Secret Manager.
  • Sanitize MCP stdio child-process env inheritance so owner/provider/admin/private-key variables are not passed through.
  • Add bugfix/evidence records for the staging MCP flow, with runtime ids and credential details redacted.

Why

The staging MCP E2E previously depended on whatever SYNAPSE_AGENT_KEY happened to be in the shell and inherited the full parent environment. That made release validation brittle and unnecessarily exposed sensitive local env vars to the child MCP process.

Validation

  • npm test
  • npm run verify:mcp
  • npm run ci:quality
  • npm run smoke:cli
  • npm pack --dry-run
  • SYNAPSE_E2E_AGENT_KEY_SOURCE=secret SYNAPSE_ENV=staging SYNAPSE_E2E_SERVICE_ID=svc_synapse_echo SYNAPSE_E2E_PAYLOAD_JSON='{"message":"mcp staging e2e","source":"synapse-mcp-server"}' SYNAPSE_E2E_COST_USDC='0.000000' npm run test:e2e:staging

Security Notes

  • No Agent Key, private key, owner JWT, provider secret, admin credential, raw Authorization header, or private Gateway payload is included.
  • Evidence docs redact invocation and credential runtime identifiers.
  • npm pack --dry-run confirms docs/, scripts/, and test/ are not included in the npm package artifact.

@haochencheng haochencheng marked this pull request as ready for review May 12, 2026 16:11
@haochencheng haochencheng merged commit 4a0b836 into main May 12, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant