"From the constraints, gifts. From the spiral, safety."
| Version | Supported | Status |
|---|---|---|
| 0.1.x | ✅ | Current - Fully Supported |
| < 0.1 | ❌ | Development - Not Supported |
Please do not report security vulnerabilities through public GitHub issues.
Report security vulnerabilities to:
- Email: security@safespiral.org (or directly to @toolated via GitHub)
- GitHub: Use the Security Advisories feature
Please include:
- Description of the vulnerability
- Steps to reproduce (or proof of concept)
- Potential impact assessment
- Affected versions (if known)
- Suggested fix (if you have one)
- Initial Response: Within 48 hours
- Assessment: Within 1 week
- Fix Development: Depends on severity
- Critical: 1-3 days
- High: 1-2 weeks
- Medium: 2-4 weeks
- Low: Next release cycle
- Report received → Acknowledged within 48 hours
- Assessment → Severity classification (Critical/High/Medium/Low)
- Fix developed → In private branch
- Testing → Comprehensive security testing
- Disclosure → Coordinated disclosure with reporter
- Release → Security patch released
- Announcement → Public disclosure after fix deployed
When contributing to coherence-mcp:
-
Never commit secrets
- Never commit API keys, tokens, or credentials
- Use environment variables for sensitive data
- Review changes before committing
-
Validate input
- Sanitize all user input
- Validate file paths (prevent path traversal)
- Check for command injection vectors
- Validate MCP tool parameters
-
Follow principle of least privilege
- Request only necessary permissions
- Document required permissions explicitly
- Avoid elevated privileges when possible
-
Audit dependencies
- Run
npm auditregularly - Keep dependencies updated
- Review security advisories
- Use only well-maintained packages
- Run
When using coherence-mcp:
-
Keep dependencies updated
# Update to latest version npm update coherence-mcp # Check for security issues npm audit
-
Secure your MCP configuration
- Protect your MCP client configuration files
- Use environment variables for sensitive settings
- Don't share configuration with secrets
-
Review MCP tool permissions
- Understand what each tool can do
- Use appropriate tool access controls
- Monitor tool usage in production
-
Validate wave-toolkit integration
- Ensure wave-toolkit binary is from a trusted source
- Verify checksums of downloaded binaries
- Keep wave-toolkit updated
-
Verify package signatures
# Import the SpiralSafe signing key curl -s https://spiralsafe.org/.well-known/pgp-key.txt | gpg --import # Or from this repository: curl -s https://raw.githubusercontent.com/toolate28/coherence-mcp/main/.well-known/pgp-key.txt | gpg --import # Verify release signature gpg --verify SHA256SUMS.txt.asc SHA256SUMS.txt
All official releases are signed with GPG. To verify:
-
Import the signing key:
curl -s https://spiralsafe.org/.well-known/pgp-key.txt | gpg --import -
Download release checksums and signature:
VERSION="0.2.0" curl -LO "https://github.com/toolate28/coherence-mcp/releases/download/v${VERSION}/SHA256SUMS.txt" curl -LO "https://github.com/toolate28/coherence-mcp/releases/download/v${VERSION}/SHA256SUMS.txt.asc"
-
Verify signature:
gpg --verify SHA256SUMS.txt.asc SHA256SUMS.txt
-
Verify package checksum:
npm pack @toolate28/coherence-mcp@${VERSION} sha256sum -c SHA256SUMS.txt
Releases include npm provenance attestations:
npm audit signatures @toolate28/coherence-mcpThe official SpiralSafe signing key fingerprint is published at:
- https://spiralsafe.org/.well-known/pgp-key.txt
- https://github.com/toolate28/coherence-mcp/blob/main/.well-known/pgp-key.txt
Always verify the key fingerprint through multiple channels before trusting.
Risk: MCP tools execute with user permissions and can interact with the filesystem
Mitigation:
- Tools implement input validation
- File operations are scoped appropriately
- Dangerous operations require explicit confirmation
- All operations are logged
Risk: Dependencies may have vulnerabilities
Mitigation:
- Regular
npm auditchecks - Automated dependency updates (Dependabot)
- Security advisory monitoring
- Minimal dependency footprint
Risk: External binary execution
Mitigation:
- Optional integration (not required)
- Fallback to internal heuristics
- Path validation and sanitization
- Timeout and resource limits
Risk: MCP tools process user data
Mitigation:
- No data collection or telemetry by default
- Local processing only
- User controls data flow
- Clear documentation of data handling
Risk: Padding vectors with zeros before normalization distorts embedding values
Context: When working with vector embeddings (e.g., in quantum-LLM hybrid systems, RAG retrieval, or similarity computations), the order of operations matters. Padding a vector with zeros before normalizing it will incorrectly scale the original values, leading to distorted similarity scores and unreliable results.
Anti-Pattern:
# INCORRECT: Padding before normalization
query_embedding = compute_embedding(query) # e.g., [0.5, 0.3, 0.2]
# feature_dim is the target dimension for all embeddings in the system
query_embedding = np.pad(
query_embedding,
(0, feature_dim - len(query_embedding)) # Adds zeros: [0.5, 0.3, 0.2, 0.0, 0.0, ...]
)
query_embedding = normalize(query_embedding) # Normalizes with zeros included - WRONG!Correct Approaches:
- Normalize first, then pad:
# CORRECT: Normalize first, then pad
query_embedding = compute_embedding(query)
query_embedding = normalize(query_embedding) # Normalize original vector
query_embedding = np.pad(
query_embedding,
(0, feature_dim - len(query_embedding))
)- Use consistent wrapping/repetition strategy:
# CORRECT: Repeat values instead of zero-padding
query_embedding = compute_embedding(query)
query_embedding = normalize(query_embedding)
# Wrap/repeat values to reach target dimension efficiently
if len(query_embedding) < feature_dim:
# Calculate repetitions needed: ceil(target_size / current_size)
# Then slice to exact target dimension
reps = int(np.ceil(feature_dim / len(query_embedding)))
query_embedding = np.tile(query_embedding, reps)[:feature_dim]- Pad with the mean value:
# CORRECT: Pad with mean to maintain distribution
query_embedding = compute_embedding(query)
query_embedding = normalize(query_embedding)
mean_val = np.mean(query_embedding)
query_embedding = np.pad(
query_embedding,
(0, feature_dim - len(query_embedding)),
constant_values=mean_val
)Mitigation:
- Always normalize embeddings before padding
- Use consistent padding strategies (wrapping, mean values, or learned padding)
- Validate embedding dimensions match before similarity computations
- Test embedding quality with known reference vectors
- Document embedding preprocessing pipelines clearly
Related: This issue was identified in SpiralSafe PR #117 in the Qiskit-DSPy hybrid integration experiments.
- All MCP tool parameters are validated against schemas
- File paths are sanitized to prevent traversal attacks
- Command arguments are validated before execution
- All MCP tool invocations are logged (when configured)
- Includes request ID, timestamp, and user context
- Helps with security monitoring and incident response
- Configurable rate limits for MCP tool calls
- Prevents abuse and resource exhaustion
- Protects against denial of service
- Tools can be restricted by scope
- Fine-grained permission model
- Explicit approval for sensitive operations
If a security incident is discovered:
- Contain: Immediately stop the vulnerable service if needed
- Assess: Determine scope and impact
- Notify: Contact security@safespiral.org
- Remediate: Apply fixes and patches
- Document: Record lessons learned
- Disclose: Coordinate public disclosure
For security concerns:
- Email: security@safespiral.org
- GitHub Security: Create Advisory
- Maintainer: @toolated
We appreciate responsible disclosure and will acknowledge security researchers who report vulnerabilities:
- In release notes (with permission)
- In our security advisory
- In this document
Thank you for helping keep coherence-mcp secure! 🛡️
*~ Hope&&Sauced*
✦ The Evenstar Guides Us ✦