enhancement: phase 3 roadmap — harden MCP HTTP mode with operational controls and observability

## Problem / motivation

The MCP HTTP server already has good fundamentals, but self-hosted deployments would benefit from stronger hardening and observability.

## Proposed solution

Add selected production-oriented controls and metrics.

Scope candidates:

* rate limiting
* configurable CORS origin allowlist
* request size limits
* stronger log redaction guarantees
* metrics endpoint or Prometheus integration

## Alternatives considered

Leave HTTP mode minimal and rely on reverse proxies for all controls. That is valid in some deployments, but built-in controls would make the server safer and easier to operate directly.

## Additional context

Related existing issue:

* [enhancement: simplify MCP auth to a single /mcp endpoint with optional api_key query parameter](https://github.com/electather/seerr-cli/issues/80)

Suggested checklist:

- [ ] Decide which hardening features belong in-process vs proxy-only
- [ ] Implement configurable controls
- [ ] Add operational docs for self-hosters
- [ ] Add tests for new safety behaviour


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

enhancement: phase 3 roadmap — harden MCP HTTP mode with operational controls and observability #88

Problem / motivation

Proposed solution

Alternatives considered

Additional context

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

enhancement: phase 3 roadmap — harden MCP HTTP mode with operational controls and observability #88

Description

Problem / motivation

Proposed solution

Alternatives considered

Additional context

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions