{"service":"runtime-mcp auth proxy","auth":"send X-API-Key header","scope":"scans only allowed against CIDRs in ~/.runtime_targets"}