null *ptrs;
EN ES
Get a license
MCP4Unreal

Security posture, in detail.

Most MCP plugins handwave security. We document it.

AUDITABLE
Every claim on this page maps to a tested behavior in our validation suite. If you disagree with a claim, open an issue on GitHub and we will amend.

Loopback-only by default

The HTTP listener binds to 127.0.0.1. Remote access requires an explicit operator flag and a tunnel you control. No exposure to your LAN out of the box.

Constant-time token comparison

Tokens are compared with a constant-time routine to defeat timing side channels. Short-circuit comparison is never used on auth material.

Configurable pre-auth rate limiting

Requests are rate-limited before token validation. The default remains 200 requests/minute per observed origin, and RateLimitPreAuthMaxRequestsPerMinute makes that budget configurable through settings and runtime posture metadata.

Sliding 60-second window

Fixed windows allow a boundary burst of up to 2x the stated limit at the rollover instant. MCP4Unreal uses a sliding 60-second window so the limit is honored at every instant, not just on average.

JSON nesting pre-scan

Deeply nested JSON can be used as a DoS vector by blowing up parser stacks. Incoming payloads are pre-scanned for depth and size before parsing begins.

OS-native secure storage

Auth tokens live in Windows Credential Manager, macOS Keychain, or Linux libsecret. A documented file fallback exists for headless CI with a clear warning.

CSPRNG token generation per-OS

Tokens are generated from RtlGenRandom on Windows, SecRandomCopyBytes on macOS, and /dev/urandom on Linux. No PRNG short-cuts, no timestamps as entropy.

Confirmation gates for all mutations

Write, EditorMutation, and Destructive tool classes require explicit confirmation or dry_run. Tools that skip the gate cannot ship: the validator refuses them.

Three transaction modes

Every response includes execution_scoped, handler_owned, or not_applicable, so callers always know whether the mutation can be undone by the editor history.

Persistent audit with redactor

Tokens, raw prompts, and project object names are redacted by default. Redaction is opt-in configurable per deployment. Audit is written async in batches.