Security

Local-first transports

Stdio is the primary transport for local MCP clients. It avoids opening a network

listener and is the recommended production/local integration path.

Streamable HTTP is available for local tooling and controlled deployments. It

binds to 127.0.0.1 by default, accepts only POST /mcp for MCP messages, and

creates a fresh stateless MCP server and HTTP transport for every request.

HTTP controls

The HTTP entrypoint enforces:

Remote HTTP requires:


HOST=0.0.0.0

DEBUG_RECORDER_REMOTE_HTTP=true

DEBUG_RECORDER_HTTP_TOKEN=replace-with-a-long-random-token

DEBUG_RECORDER_ALLOWED_HOSTS=debug-recorder.example.com

DEBUG_RECORDER_ALLOWED_ORIGINS=https://debug-recorder.example.com

Wildcard origins are rejected for remote mode.

Secrets

Logs are written to stderr so stdout remains safe for the stdio MCP protocol.

Structured log metadata is redacted for common token shapes and key names.

Persistence redaction is optional because exact local debugging text can be

valuable. Set DEBUG_RECORDER_REDACT_BEFORE_STORE=true to redact common

credential patterns before storing session, fix, and command text. This protects

new writes and imports only; use the documented redacted-copy workflow for

existing databases.

Database files and JSON exports should be treated as sensitive local artifacts.

See Storage retention and maintenance for retention,

backup, compaction, and migration rollback guidance.

Never commit tokens, package credentials, registry credentials, private keys, or

local transcript/scratch files. Pull request validation includes Gitleaks.

Architecture decisions