Katamari MCP Server

title = "Katamari MCP Secret Detection Configuration" [extend] useDefault = true # Disable generic rules that might have too many false positives disabledRules = ["generic-api-key"] # Custom rules for Katamari MCP specific patterns [[rules]] id = "mcp-api-key" description = "MCP-specific API keys" regex = '''mcp[_-]?key[_-]?=\s*['\"]?[a-zA-Z0-9+/]{20,}['\"]?''' keywords = ["mcp", "key"] [[rules]] id = "duckduckgo-api-key" description = "DuckDuckGo API keys" regex = '''duckduckgo[_-]?api[_-]?key\s*=\s*['\"]?[a-zA-Z0-9-]{20,}['\"]?''' keywords = ["duckduckgo", "api", "key"] [[rules]] id = "brave-api-key" description = "Brave Search API keys" regex = '''brave[_-]?api[_-]?key\s*=\s*['\"]?[a-zA-Z0-9-]{20,}['\"]?''' keywords = ["brave", "api", "key"] [[rules]] id = "transport-config" description = "Transport configuration with secrets" regex = '''transport[_-]?config\s*=\s*{[^}]*['\"]?[a-zA-Z0-9+/]{20,}['\"]?[^}]*}''' keywords = ["transport", "config"] [[rules]] id = "webhook-url" description = "Webhook URLs with tokens" regex = '''https?://[^\s]*['\"]?[a-zA-Z0-9]{20,}['\"]?[^\s]*''' keywords = ["http", "webhook", "token"] # Allowlists for known false positives [[allowlists]] description = "Ignore test files" paths = ['''tests/.*''', '''.*\.test\.py''', '''.*_test\.py'''] [[allowlists]] description = "Ignore documentation and examples" paths = ['''docs/.*''', '''.*\.md''', '''.*\.rst'''] [[allowlists]] description = "Ignore configuration templates" paths = ['''.*\.template''', '''.*\.example'''] [[allowlists]] description = "Ignore lock files and dependencies" paths = ['''poetry\.lock''', '''package-lock\.json''', '''requirements.*\.txt'''] [[allowlists]] description = "Ignore git and build files" paths = ['''\.git/.*''', '''__pycache__/.*''', '''.pytest_cache/.*''', '''.tox/.*''']