Skip to content
Aurora MCP by Consilio

Trust

Aurora MCP was designed to be handed to a large language model safely. This section explains what we built, what we won’t do, and what you can verify for yourself.

The short version

Section titled “The short version”
  • Per-user authentication. OAuth 2.1 with PKCE against ConsilioId. No shared secrets, no service accounts, no elevated keys in the client.
  • Token never touches the server. Envoy validates and terminates every access token; the MCP server sees only signed identity headers.
  • Read-only tools. Every tool is read-only by design — the assistant cannot write, update, or delete.
  • Identity-scoped results. Each request runs as the signed-in user. If portal access is revoked, MCP access evaporates at the same instant.
  • No prompt or tool output retention. The MCP server does not persist prompts or tool responses.

Read more

Section titled “Read more”
  • Security model — how authentication, authorisation, and isolation work in detail.
  • Privacy — what data the MCP server handles and what it doesn’t keep.
  • Compliance — certifications and evidence for procurement reviews.