r/mnemosyne
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
70b1fc510b8da160d83c552d476b2d605019618a
mnemosyne/test-postgres.sh
Robert Helewka 6a4fecf488
All checks were successful
CVE Scan & Docker Build / security-scan (push) Successful in 50s
Details
CVE Scan & Docker Build / build-and-push (push) Successful in 2m16s
Details
fix(mcp): disable audience verification in resolve_mcp_jwt 
Team JWTs include `aud=mnemosyne` while per-turn JWTs omit `aud`
entirely. Since `iss` + `typ` already partition the two token
populations, explicitly skip audience verification to avoid rejecting
valid tokens.

Also expand test coverage for the MCP auth surface to exercise all
three credential types (opaque MCPToken, per-turn JWT, team JWT),
including replay cache behavior and Neo4j-backed library resolution
via mocked cypher queries.
2026-05-10 12:32:58 -04:00

4.0 KiB
Executable File
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink