Security

Security

What Sovara Gateway does, what it never does, and how to report a vulnerability. Written for the security team that will read it before signing the contract.

Data residency

The gateway runs entirely inside your environment. The Azure Marketplace edition deploys as a Managed Application into your own subscription. The self-hosted edition runs in your cloud, your Kubernetes cluster, or on-prem.

MCP request and response payloads are not sent to Weldon Web. Egress depends on the deployment you configure: upstream MCP servers, OIDC metadata, remote configuration, alert webhooks and your chosen audit or tracing sink may require it. The Azure Marketplace edition also reports billable usage to Microsoft; that report does not contain MCP payloads.

What gets logged, and where it goes

Each intercepted tools/call request on a configured route produces a structured audit event with the following fields:

  • · timestamp (UTC, ISO 8601)
  • · identity (resolved from JWT claims)
  • · tool (MCP tool name)
  • · arguments (masked audit copy)
  • · decision (allow, deny, rate-limited, with reason)
  • · latency_ms
  • · upstream_status
  • · response (masked audit copy when response capture supports the response)

Masked-response capture is enabled by default and can be disabled globally. It is bounded by size; v1 does not capture batch JSON-RPC response bodies. Optional inline DLP is a separate per-route control for live JSON responses.

The audit sink is configurable. Choose one: Azure Log Analytics, an OpenTelemetry (OTLP) collector, or stdout. The customer chooses; Weldon Web never sees the events.

Sensitive data handling

When enabled, built-in detectors mask sensitive values in audit copies of arguments and captured responses:

  • · PAN (Luhn-validated)
  • · Email address
  • · UK National Insurance Number
  • · US Social Security Number
  • · IPv4 and IPv6 addresses
  • · Phone numbers (E.164 and common UK / US formats)
  • · JWT
  • · AWS access keys
  • · GitHub tokens
  • · Slack tokens
  • · PEM private keys

By default, credential-named JSON properties are masked and value-pattern detectors are not enabled. Built-in and custom value detectors are configured in the audit redaction section. Raw argument deny-patterns are a separate policy control; masking an audit copy does not rewrite the request sent to the MCP server. Optional inline DLP can rewrite supported JSON responses before they return to the agent.

Every customer regex has a 100 ms timeout. Invalid custom redaction patterns are skipped with a warning; redaction configuration hot-reloads without dropping in-flight connections.

Authentication

Routed traffic requires a bearer JWT validated through the configured OIDC authority, issuer and audience settings. The gateway uses standard ASP.NET Core JWT bearer validation and caches signing metadata, so it does not call the IdP for every request.

JWT claims drive identity resolution in a fixed order: upn, appid, oid, then sub. Scope and role claims can be required by configured tool policy.

Supply chain

The gateway is built on .NET 8. The notable runtime dependencies are YARP (reverse proxy) and the OpenTelemetry .NET SDK (instrumentation and OTLP export).

The container base image is mcr.microsoft.com/dotnet/aspnet:8.0 on Microsoft's servicing schedule.

Runtime dependencies are declared in the project files. Ask during pilot scoping if your procurement process requires a specific SBOM format or release artefact.

Vulnerability disclosure

Report vulnerabilities to security@weldonweb.co.uk. I aim to acknowledge reports within two business days and to confirm remediation timing within five.

No PGP key today. If that is a blocker for your disclosure policy, tell me and I will publish one.

SDLC

Weldon Web is a solo operation. I write the code, review it against an explicit threat model, and run the release. There is no SOC 2 today; do not let me invent one.

The test suite covers policy, redaction, identity, routing, metering and proxy behaviour. Release-security artefacts and independent assurance should be agreed explicitly during procurement; they are not implied by this page.

Anything else

If your procurement or security team needs something not covered here (penetration test report, specific compliance attestation, custom DPA terms), ask via the contact form. You will get the engineer, not a queue.