The following dimensions define the production-grade nature of the OpenEdge MCP Server:

Dimension Built-In capability
Least privilege
  • All routes default to read-only.
  • Write operations require explicit enablement.
Authorization model
  • Dual authentication combines a service account and user token.
  • Optional support is available for JSON Web Key Set (JWKS) rotation to ensure key agility. JWKS rotation ensures secure AI tool integration and continuous availability.
Discovery security Scope-based filtering is available for tools and prompts, so users only see what their token allows.
Response safety A centralized guard enforces size and item limit.
Determinism Profiles generated by mcpgen are versioned and reproducible, ensuring consistent deployments.
Transport hardening TLS and mTLS are enforced for inbound traffic, with downstream connections reusing the configured TLS settings for trust continuity.
Token hygiene Service account credentials are stripped before forwarding downstream, reducing leakage risk.
Observability Startup inventory and structured logging hooks provide visibility without exposing secrets.
Extensibility Built-in helper tools allow schema, tag, and prompt management without writing custom code.
Deployment Hardened export pipeline includes rotation scripts for keys and certificates to maintain security posture.