lintai docs

Appearance

Rule Reference

SEC322lintai-ai-securitystableserver_jsonwarn

server.json remotes: undefined header variable

server.json remotes header value references an undefined template variable

Provider
lintai-ai-security
Surface
server_json
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

basemembership
mcpmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks auth-like remotes[].headers[].value placeholders against variables defined on the same header object.

Deterministic signal basis

ServerJsonSignals placeholder extraction over remotes[].headers[].value compared with headers[].variables keys.

Malicious corpus
server-json-unresolved-header-variable
Benign corpus
server-json-header-variable-defined
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC319server.json remotes: insecure or private URLserver.json remotes entry uses an insecure or non-public remote URLserver_jsonstable
SEC320server.json remotes: undefined template variableserver.json remotes URL references an undefined template variableserver_jsonstable
SEC321server.json remotes: literal auth headerserver.json remotes header commits literal authentication materialserver_jsonstable
SEC323server.json auth: missing explicit secret flagserver.json auth header carries material without an explicit secret flagserver_jsonpreview

Why It Matters

An undefined auth-header placeholder in server.json means the registry document is incomplete: consumers cannot reliably resolve the intended secret input for the remote.

What Triggers

SEC322 applies to server.json auth-like header values and triggers when a placeholder in headers[].value is not defined under the same header object's variables map.

Example that triggers:

json
{
  "headers": [
    {
      "name": "Authorization",
      "value": "Bearer {TOKEN}"
    }
  ]
}

Example that stays clean:

json
{
  "headers": [
    {
      "name": "Authorization",
      "value": "Bearer {TOKEN}",
      "variables": {
        "TOKEN": { "description": "API token", "isSecret": true }
      }
    }
  ]
}

False Positives

This is a deterministic structural check over parsed placeholders and local variable definitions. It does not depend on prose interpretation or remote reachability.

Remediation

Define every auth-header placeholder under the same headers[].variables object or remove the unresolved placeholder from the header value.