mnemosyne

r/mnemosyne

Fork 0

Commit Graph

Author	SHA1	Message	Date
Robert Helewka	6a4fecf488	fix(mcp): disable audience verification in resolve_mcp_jwt All checks were successful CVE Scan & Docker Build / security-scan (push) Successful in 50s Details CVE Scan & Docker Build / build-and-push (push) Successful in 2m16s Details Team JWTs include `aud=mnemosyne` while per-turn JWTs omit `aud` entirely. Since `iss` + `typ` already partition the two token populations, explicitly skip audience verification to avoid rejecting valid tokens. Also expand test coverage for the MCP auth surface to exercise all three credential types (opaque MCPToken, per-turn JWT, team JWT), including replay cache behavior and Neo4j-backed library resolution via mocked cypher queries.	2026-05-10 12:32:58 -04:00

Author

SHA1

Message

Date

Robert Helewka

6a4fecf488

fix(mcp): disable audience verification in resolve_mcp_jwt

CVE Scan & Docker Build / security-scan (push) Successful in 50s

Details

CVE Scan & Docker Build / build-and-push (push) Successful in 2m16s

Details

Team JWTs include `aud=mnemosyne` while per-turn JWTs omit `aud`
entirely. Since `iss` + `typ` already partition the two token
populations, explicitly skip audience verification to avoid rejecting
valid tokens.

Also expand test coverage for the MCP auth surface to exercise all
three credential types (opaque MCPToken, per-turn JWT, team JWT),
including replay cache behavior and Neo4j-backed library resolution
via mocked cypher queries.

2026-05-10 12:32:58 -04:00

1 Commits