orchestra
by CyberBrown
Overview
Orchestra is a desktop application designed to provide a user-friendly interface for managing Claude Code MCP server configurations, eliminating the need for manual JSON file editing.
Installation
npm run electron:devEnvironment Variables
- VITE_DEV_SERVER_URL
Security Notes
The application uses Electron with good security practices like contextIsolation and nodeIntegration: false, limiting direct Node.js access from the renderer. However, it exposes IPC handlers that allow the renderer process to perform file system operations (read, write, add, remove, update, backup) on arbitrary file paths provided by the renderer. There is no explicit validation in the main process's IPC handlers to restrict `filePath` arguments to only the known configuration file locations (e.g., `~/.claude.json`, `.mcp.json`). This lack of path validation creates a local file system manipulation vulnerability, meaning a compromised renderer could read, write, or delete files anywhere the user has permissions, leading to data exfiltration, corruption, or potential further code execution by modifying sensitive system files.
Similar Servers
autosteer
An AI-powered desktop application (AutoSteer) designed to assist developers with coding, project management, and integrating various development tools. It provides a conversational interface with AI agents, manages projects as Git worktrees, offers an integrated terminal, Git changes viewer, and advanced tab management for session isolation and persistence. It also integrates with Multi-Cloud Platform (MCP) servers for extended functionality.
mcpick
Manages MCP server configurations for Claude Code to optimize context usage and performance by enabling/disabling servers, creating backups, and using profiles.
mcp-gearbox
A cross-platform desktop application for managing Model Context Protocol (MCP) servers across various AI agents.
ccmcp
A CLI tool that intelligently discovers, validates, and selects MCP (Model Context Protocol) server configurations for Claude Code, providing both a TUI and text-based interface.