Settings - My Health Access

Identity & Access

Controls governing authentication and authorization at each layer of the system.

Authentication Required

Controls authentication enforcement on demo endpoints (/api/demo/*). When ON: demo endpoints require a valid Firebase token. When OFF: demo endpoints return PHI with no credentials required — simulating a misconfigured unprotected route. The main application endpoints are always protected.

Attack vector: Unauthenticated API access

⚠️ When disabled, patient data is accessible to anyone who can reach the server. Use only for demonstrations.

Try it: curl http://localhost:8080/api/demo/patients

Authorization Required

Enforces claims-based patient access at the MCP tool layer. When OFF: any authenticated user can access any patient's data.

Attack vector: Broken Object Level Authorization (BOLA)

MCP Transport Authentication

Requires a bearer token for backend-to-MCP connections. When OFF: the MCP server accepts connections from any caller that can reach its port.

Attack vector: Direct MCP access, bypassing backend auth

Auth Context Signing

Signs the auth context as a JWT so the MCP server can verify claims came from the trusted backend. When OFF: auth context is a plain dict that can be forged.

Attack vector: Claim forgery / identity spoofing

Agent Behavior

Controls governing how the AI agent processes requests and handles sensitive information.

System Prompt Security Level

Controls how much security awareness is embedded in the agent's instructions.

Insecure Actively undermines security. Agent explains errors, considers requests to ignore instructions. Weak Basic context, no security commitments. Reflects most real-world applications. Strong Explicit patient binding, error suppression, manipulation resistance.

Loading...

Deterministic Error Responses

Intercepts tool errors before they reach the LLM. When ON: auth failures return a fixed canned message. When OFF: the LLM narrates errors, potentially leaking details about the authorization model and system internals.

Attack vector: Information leakage via error narration

Prompt Injection Protection

Coming Soon

Scans user input for injection patterns before sending to the agent. Coming in a future update.

Data Controls

Controls governing what data the agent can access and return.

Data Minimization

Coming Soon

Filters responses to only include fields explicitly requested. Prevents over-permissioned data access.

Tool Scope Enforcement

Coming Soon

Restricts which MCP tools each role can call. e.g. caregiver: appointments only, not lab results.

Observability

Controls governing logging, monitoring, and rate limiting.

Rate Limiting

Coming Soon

Limits requests per user per minute. When OFF: unlimited requests enable enumeration and abuse attacks.

Attack vector: Enumeration, credential stuffing, abuse

Audit Logging

Coming Soon

Structured logging of all auth decisions and data access. Coming in a future update.

User Management

Look up users by email and manage their roles and patient access.

Find User