From 6716e128bed8f9a2ba2f44dc7187b634c5725f82 Mon Sep 17 00:00:00 2001 From: Omar Abdelwahab Date: Mon, 10 Nov 2025 10:06:07 -0800 Subject: [PATCH] security: exclude mcp_authorization from serialization and logs Added Field(exclude=True) to mcp_authorization field to ensure tokens are NEVER exposed in: - API responses (model_dump()) - JSON serialization (model_dump_json()) - Logs - Any Pydantic serialization This prevents accidental token leakage through: - Error messages - Debug logs - API response payloads - Monitoring/telemetry systems The field is still accessible within the application code but will be automatically excluded from all Pydantic serialization operations. --- .../remote/tool_runtime/model_context_protocol/config.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/llama_stack/providers/remote/tool_runtime/model_context_protocol/config.py b/src/llama_stack/providers/remote/tool_runtime/model_context_protocol/config.py index 57b3f781f..265fd9918 100644 --- a/src/llama_stack/providers/remote/tool_runtime/model_context_protocol/config.py +++ b/src/llama_stack/providers/remote/tool_runtime/model_context_protocol/config.py @@ -6,7 +6,7 @@ from typing import Any -from pydantic import BaseModel +from pydantic import BaseModel, Field class MCPProviderDataValidator(BaseModel): @@ -36,7 +36,11 @@ class MCPProviderDataValidator(BaseModel): # mcp_endpoint => authorization token # Example: {"http://server.com": "token123"} - mcp_authorization: dict[str, str] | None = None + # Security: exclude=True ensures this field is NEVER included in: + # - API responses + # - Logs + # - Serialization (model_dump, dict(), json()) + mcp_authorization: dict[str, str] | None = Field(default=None, exclude=True) class MCPProviderConfig(BaseModel):