This repository is a reference kit, not a managed security service.
Please do not report sensitive findings in public issues. Open a private security advisory or contact the maintainers through the repository security channel when available.
The local demo covers:
- local token validation
- per-tool scopes
- deterministic local quotas
- structured audit events
- default-deny web-access fixtures
Before adapting this code for production, review the production docs and replace local in-memory stores with durable infrastructure appropriate for your system.