r/mnemosyne
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6a4fecf4883fe7ed65db1b710c0dfaec56f6d459
mnemosyne/test-postgres.sh
Robert Helewka 6a4fecf488
All checks were successful
CVE Scan & Docker Build / security-scan (push) Successful in 50s
Details
CVE Scan & Docker Build / build-and-push (push) Successful in 2m16s
Details
fix(mcp): disable audience verification in resolve_mcp_jwt 
Team JWTs include `aud=mnemosyne` while per-turn JWTs omit `aud`
entirely. Since `iss` + `typ` already partition the two token
populations, explicitly skip audience verification to avoid rejecting
valid tokens.

Also expand test coverage for the MCP auth surface to exercise all
three credential types (opaque MCPToken, per-turn JWT, team JWT),
including replay cache behavior and Neo4j-backed library resolution
via mocked cypher queries.
2026-05-10 12:32:58 -04:00

4.0 KiB
Executable File
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink