accessflow-mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    17:         this.environment =
    18:             process.env.ENVIRONMENT || 'https://accessflow.accessibe.com';
>>> 19:         const nonProdUserName = process.env.NON_PROD_USER_NAME;
    20:         const nonProdPassword = process.env.NON_PROD_PASSWORD;
    21:         // Configure server options based on transport type

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    7:         console.log('Starting HTTP server...');
    8:         // Get port from environment variable or use default
>>> 9:         const port = process.env.PORT ? parseInt(process.env.PORT, 10) : 8080;
    10:         const stateless = process.env.STATELESS === 'true';
    11:         const transportConfig = {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    8:         // Get port from environment variable or use default
    9:         const port = process.env.PORT ? parseInt(process.env.PORT, 10) : 8080;
>>> 10:         const stateless = process.env.STATELESS === 'true';
    11:         const transportConfig = {
    12:             type: 'httpStream',

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    16:         this.transportConfig = transportConfig;
    17:         this.environment =
>>> 18:             process.env.ENVIRONMENT || 'https://accessflow.accessibe.com';
    19:         const nonProdUserName = process.env.NON_PROD_USER_NAME;
    20:         const nonProdPassword = process.env.NON_PROD_PASSWORD;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    18:             process.env.ENVIRONMENT || 'https://accessflow.accessibe.com';
    19:         const nonProdUserName = process.env.NON_PROD_USER_NAME;
>>> 20:         const nonProdPassword = process.env.NON_PROD_PASSWORD;
    21:         // Configure server options based on transport type
    22:         if (transportConfig.type === 'httpStream') {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    99:         else {
    100:             // stdio mode: Use environment variables (backward compatible)
>>> 101:             const domain = sanitizeDomain(process.env.DOMAIN || '');
    102:             const apiKey = process.env.API_KEY || '';
    103:             this.stdioApiService = new ApiService(this.environment, domain, apiKey, nonProdUserName, nonProdPassword);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    100:             // stdio mode: Use environment variables (backward compatible)
    101:             const domain = sanitizeDomain(process.env.DOMAIN || '');
>>> 102:             const apiKey = process.env.API_KEY || '';
    103:             this.stdioApiService = new ApiService(this.environment, domain, apiKey, nonProdUserName, nonProdPassword);
    104:             this.options = {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    113:         const transportMode = transportType === 'stdio' ? 'stdio' : 'HTTP';
    114:         logger.info(`Initializing Flow MCP Server (${transportMode} mode)...`);
>>> 115:         const nonProdUserName = process.env.NON_PROD_USER_NAME;
    116:         const nonProdPassword = process.env.NON_PROD_PASSWORD;
    117:         // Register tools with appropriate configuration

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    114:         logger.info(`Initializing Flow MCP Server (${transportMode} mode)...`);
    115:         const nonProdUserName = process.env.NON_PROD_USER_NAME;
>>> 116:         const nonProdPassword = process.env.NON_PROD_PASSWORD;
    117:         // Register tools with appropriate configuration
    118:         if (transportType === 'stdio') {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    7:     static instance;
    8:     static build() {
>>> 9:         const isCloudRun = process.env.K_SERVICE !== undefined; // Cloud Run sets K_SERVICE
    10:         // In Cloud Run: log to stdout for GCP Logging
    11:         // In stdio: log to file for local debugging

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    27:         }
    28:         const logger = pino({
>>> 29:             level: process.env.LOG_LEVEL || 'info',
    30:             timestamp: pino.stdTimeFunctions.isoTime,
    31:             formatters: {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    38:         logger.info({
    39:             logLocation,
>>> 40:             environment: process.env.NODE_ENV,
    41:             isCloudRun,
    42:         }, 'Logger initialized');

Decoded base64 content: ���,�tI'���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: 1�Cz֢��,�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J���^y��rD^��'�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �ǫ�'����'��'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: 1�Cz֢��,�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J���^y��rD^��'�䜅�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���,�tI'���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���,�tI'���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��b�����}�m�$

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    69:         }
    70:         try {
>>> 71:             const response = await fetch(url, fetchOptions);
    72:             if (!response.ok) {
    73:                 // Try to get error details from response body

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.