Background
Identified during OSS audit v2 of cortex. When CORTEX_API_KEY is unset, mcp/server.js sends x-cortex-roles from CORTEX_CALLER_ROLES env (default authenticated). api/deps.py trusts this header in open mode.
Problem Statement
Any process with MCP env access can escalate to admin/gdpr_officer and invoke POST /gdpr/erase without a real API key.
Proposed Solution
Require CORTEX_API_KEY for MCP in non-development environments; log warning and refuse GDPR-adjacent tools without key; document in mcp/Dockerfile and .env.example.
Acceptance Criteria
Files / Modules Affected
mcp/server.js, api/deps.py, .env.example, mcp/Dockerfile
OSS Audit: Master Backlog v2
Background
Identified during OSS audit v2 of cortex. When
CORTEX_API_KEYis unset,mcp/server.jssendsx-cortex-rolesfromCORTEX_CALLER_ROLESenv (defaultauthenticated).api/deps.pytrusts this header in open mode.Problem Statement
Any process with MCP env access can escalate to
admin/gdpr_officerand invokePOST /gdpr/erasewithout a real API key.Proposed Solution
Require
CORTEX_API_KEYfor MCP in non-development environments; log warning and refuse GDPR-adjacent tools without key; document inmcp/Dockerfileand.env.example.Acceptance Criteria
ENVIRONMENT=production+ missing API key → MCP tools return explicit auth errortests/api/test_auth.pyextended or MCP tests verify refusalFiles / Modules Affected
mcp/server.js,api/deps.py,.env.example,mcp/DockerfileOSS Audit: Master Backlog v2