MCP-SERVER-OPENPROJECT
Verified Safeby CMEDUCATIVA
Overview
An HTTP REST adapter that exposes the OpenProject v3 API via the Model Context Protocol (MCP), providing comprehensive project management functionalities.
Installation
cp .env.production .env && docker-compose up -dEnvironment Variables
- OPENPROJECT_URL
- OPENPROJECT_API_KEY
- OPENPROJECT_PROXY
- HTTP_HOST
- HTTP_PORT
- HTTP_AUTH_ENABLED
- HTTP_AUTH_USERNAME
- HTTP_AUTH_PASSWORD
- CORS_ENABLED
- CORS_ORIGINS
- RATE_LIMIT
- GZIP_ENABLED
- GZIP_MIN_SIZE
- LOG_LEVEL
- LOG_FORMAT
- TEST_CONNECTION_ON_STARTUP
Security Notes
The server uses FastAPI with secure practices like `secrets.compare_digest` for HTTP Basic Auth. Rate limiting, configurable CORS, and GZIP compression are implemented. Critical secrets like `OPENPROJECT_API_KEY` are loaded from environment variables. Potential risks include: 1. Default `HTTP_AUTH_PASSWORD` is set to 'changeme' in deployment files (`docker-compose.yml`, `easypanel-compose.yml`). In `easypanel-compose.yml`, `HTTP_AUTH_ENABLED` defaults to `true`, making this a severe vulnerability if the password is not updated in production. The `install.sh` script mitigates this by prompting for a password and enabling auth. 2. Default `CORS_ORIGINS='*'` allows all origins, which should be restricted to specific domains in production environments. 3. The service exposes HTTP without SSL/TLS by default; documentation advises using a reverse proxy for HTTPS.
Similar Servers
mcp-atlassian
Provides an MCP (Model Context Protocol) server for interacting with Atlassian Jira and Confluence APIs, offering tools for content management, search, and workflow automation.
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
Unla
Transforms existing MCP Servers and APIs into MCP protocol-compliant endpoints through configuration, enabling LLM tool calling without code changes.
mcp-openapi-server
A Model Context Protocol (MCP) server that exposes OpenAPI endpoints as MCP tools, along with optional support for MCP prompts and resources, enabling Large Language Models to interact with REST APIs.