marco/buildmymcpserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
09688c1114
buildmymcpserver/apps/web/app/(marketing)/security/page.tsx

98 lines
4.5 KiB
TypeScript
Raw Normal View History

feat(web): real 3-step wizard, settings, audit, docs, marketing pages Sprint 3.5: close every dead link and replace the single-step wizard with the spec-mandated 3-step flow. Wizard: - Step 1 collects prompt + name + slug, calls /v1/servers/preview. - Step 2 renders parsed tools (name, description, input schema as copyable JSON) + a credential field per requiredSecret Claude actually identified. Self-contained servers see 'No credentials needed' instead of generic Notion placeholders. - Step 3 streams the live build over WebSocket and shows install snippets. New dashboard pages: - /settings — org, plan/usage, members table, API keys + billing stubs (Sprint 4), encryption status. Reads /v1/me/org. - /audit — filterable table over /v1/audit with action pills, resource refs, IP, metadata JSON. Docs site (/docs + 6 sub-pages): - Sticky 240px sidebar, max-w-prose article column, shared DocsTitle/H2/Code primitives. - Quickstart, MCP concepts, OAuth 2.1 flow (full walkthrough with curl), Authoring tools, Self-hosting, API reference, FAQ. Marketing pages: - /changelog with tagged release timeline. - /security with 8 pillars + disclosure. - /privacy with GDPR-aware sections. - /terms (10 clauses). - /pricing full page (nav now points here instead of /#pricing anchor). - /status with live 10s probes against /api/health and /login. Footer 'system status' badge now links to /status. All 20 routes 200 OK in smoke crawl. Typecheck clean across packages.
2026-05-19 18:20:31 +02:00
import Link from 'next/link';
import { CodeBlock } from '@/components/code-block';
export const metadata = { title: 'Security — BuildMyMCPServer' };
const PILLARS = [
{
title: 'Per-server isolation',
body: 'Every customer MCP server runs in its own Docker container. No shared process, no shared filesystem, no shared memory. One server compromised does not affect any other.',
},
{
title: 'Encrypted secrets',
body: 'API keys and credentials are AES-256-GCM encrypted at rest in Postgres with a 32-byte key sourced from env. Decryption happens only at the moment of container ENV injection. Plaintext is never logged.',
},
{
title: 'OAuth 2.1, no API keys for end users',
body: 'Every generated server is an OAuth 2.1 Resource Server. PKCE, Dynamic Client Registration (RFC 7591), Resource Indicators (RFC 8707), RS256-signed JWTs. Short-lived, audience-bound, replay-resistant.',
},
{
title: 'No token passthrough',
body: 'When a tool calls a downstream API, it uses its own server-side credentials — not the user\'s OAuth token. Tokens never leak across trust boundaries. This is mandated by the MCP authorization spec.',
},
{
title: 'Static security checks',
body: 'Every LLM-generated tool body is scanned for banned patterns (eval, new Function, child_process) before Docker build. Prompt-injection markers like "ignore previous instructions" also trip the check. Build fails fast, no risky code ships.',
},
{
title: 'Container hardening',
body: 'Production containers run with --read-only, --cap-drop=ALL, --security-opt=no-new-privileges, CPU and memory limits. Network egress can be restricted to whitelisted domains per server.',
},
{
title: 'Audit log',
body: 'Every privileged action — login, logout, server create/iterate/delete — is recorded with IP, timestamp, user, and metadata. Available via /audit for Team-and-above orgs.',
},
{
title: 'Rate limiting',
body: 'Default 100 requests/min/IP per tool, enforced at the Traefik layer before traffic ever reaches your container.',
},
];
export default function Security() {
return (
<div className="mx-auto max-w-3xl px-6 py-16">
<header className="mb-12">
<div className="text-[11px] uppercase tracking-[0.16em] text-[--color-fg-subtle]">
Security posture
</div>
<h1 className="mt-2 text-[32px] font-semibold tracking-tight">
Built like infrastructure.
</h1>
<p className="mt-3 text-[14px] leading-relaxed text-[--color-fg-muted]">
We host code generated by an LLM, on behalf of customers, that exposes their internal
APIs to AI clients. The threat model is real. Here is what we do about it.
</p>
</header>
<div className="space-y-6">
{PILLARS.map((p) => (
<section key={p.title} className="panel p-5">
<h2 className="text-[14px] font-semibold tracking-tight">{p.title}</h2>
<p className="mt-2 text-[13px] leading-relaxed text-[--color-fg-muted]">{p.body}</p>
</section>
))}
</div>
<section className="mt-12">
<h2 className="text-[18px] font-semibold tracking-tight">Disclosure</h2>
<p className="mt-2 text-[13.5px] leading-relaxed text-[--color-fg-muted]">
Found a vulnerability? Email{' '}
<a className="text-[--color-accent] underline" href="mailto:security@buildmymcpserver.com">
security@buildmymcpserver.com
</a>{' '}
with a clear reproduction. We respond within 48h. We do not run a paid bounty yet, but we
will credit you publicly in the changelog (or anonymously if you prefer).
</p>
<div className="mt-4">
<CodeBlock
label="pgp"
code={`Key fingerprint published at buildmymcpserver.com/.well-known/security.txt`}
/>
</div>
</section>
<section className="mt-12">
<h2 className="text-[18px] font-semibold tracking-tight">Compliance roadmap</h2>
<p className="mt-2 text-[13.5px] leading-relaxed text-[--color-fg-muted]">
SOC 2 Type I is targeted for Q4 2026. The GDPR posture is described in our{' '}
<Link href="/privacy" className="text-[--color-accent] underline">
privacy policy
</Link>
. If you need a DPA or other contracts ahead of SOC 2, reach out Team and Enterprise
customers get one on request.
</p>
</section>
</div>
);
}
Reference in New Issue Copy Permalink