core/mcp
8
0
Fork 0
Code Issues 4 Pull requests 2 Projects Releases Packages Wiki Activity Actions
Model Context Protocol — Go MCP server + Laravel MCP package
208 commits 6 branches 28 tags 1.4 MiB
Find a file
Snider 95f8ad387c docs(security): document accepted ollama CVEs + operator runbook 
Closes Mantis #323.

All 9 CVEs filed in #323 (govulncheck against the github.com/ollama/ollama
indirect dep) are unfixed upstream as of 2026-04-25. We are on v0.18.1
indirect via go-rag; ollama upstream is at v0.21.2 (3 days old). Pin-bump
resolves none of them.

Documents:
- CVE-by-CVE reachability assessment in our call graph
- 7 server-side CVEs (GZIP DoS, OOB, divzero, nullderef, server DoS) →
  unreachable; we are a client, not a server
- 1 conditional (GO-2025-3824 token exposure) → watch flag, reachable IF we
  ever add auth tokens
- 1 operator-side (GO-2025-4251 missing auth) → operator runbook required

Operator runbook covers:
- Network-level isolation (localhost-only or private-network binding)
- Reverse-proxy + auth for shared deployments
- CI-side govulncheck filter scoped to just these 9 CVE IDs

Surface in use: 3 symbols only (api.NewClient, api.Client, api.EmbedRequest)
imported from one file (go-rag/ollama.go). Vendor-fork would be
over-engineering for this scope; pin-bump is unavailable.

Argus filed; athena reviewed + documented.

Co-Authored-By: Argus <argus@lthn.ai>
Co-Authored-By: Athena <athena@lthn.ai>
Co-Authored-By: Virgil <virgil@lethean.io>
2026-04-25 01:40:43 +01:00
.core feat: initial core/mcp — Go MCP server + PHP Laravel MCP package 2026-03-09 18:34:17 +00:00
.github/workflows docs: update CLAUDE.md for Options{} API + add CI workflow 2026-03-21 13:53:49 +00:00
cmd feat(ax-10): bring mcp to v0.8.0-alpha.1 + CLI test scaffold 2026-04-24 23:35:37 +01:00
docs docs(security): document accepted ollama CVEs + operator runbook 2026-04-25 01:40:43 +01:00
pkg/mcp feat(ax-10): bring mcp to v0.8.0-alpha.1 + CLI test scaffold 2026-04-24 23:35:37 +01:00
src/php feat(mcp): add server resource listing 2026-04-02 16:47:03 +00:00
tests/cli/mcp feat(ax-10): bring mcp to v0.8.0-alpha.1 + CLI test scaffold 2026-04-24 23:35:37 +01:00
.gitattributes feat: initial core/mcp — Go MCP server + PHP Laravel MCP package 2026-03-09 18:34:17 +00:00
.gitignore docs: add implementation plans for plan CRUD and issue dispatch 2026-03-15 15:10:52 +00:00
CLAUDE.md docs: update CLAUDE.md for Options{} API + add CI workflow 2026-03-21 13:53:49 +00:00
composer.json feat: initial core/mcp — Go MCP server + PHP Laravel MCP package 2026-03-09 18:34:17 +00:00
EXCEPTIONS.md fix(mcp): resolve codex review findings — spelling, imports, tests, assertions 2026-03-22 02:14:33 +00:00
go.mod feat(ax-10): bring mcp to v0.8.0-alpha.1 + CLI test scaffold 2026-04-24 23:35:37 +01:00
go.sum refactor(mcp): migrate stdlib imports to core/go primitives + upgrade go-sdk v1.5.0 2026-04-08 22:00:20 +01:00
README.md Initial commit 2026-03-09 18:30:06 +00:00

README.md

mcp

Model Context Protocol — Go MCP server + Laravel MCP package