turbomcp
Verified Safeby Epistates
Overview
High-performance Rust SDK for building Model Context Protocol (MCP) servers with automatic schema generation and multi-transport support, focusing on LLM integration and developer experience.
Installation
cargo run --example hello_worldEnvironment Variables
- RUST_LOG
- MCP_SSE_PORT
- TRANSPORT
- TURBOMCP_PORT
- TURBOMCP_BIND_ADDRESS
- TURBOMCP_TIMEOUTS__REQUEST_TIMEOUT
- TURBOMCP_AUTH_SECRET
- TURBOMCP_AUTH_ALGORITHM
- TURBOMCP_AUTH_ISSUER
- TURBOMCP_AUTH_AUDIENCE
Security Notes
Project has demonstrated active identification and elimination of critical cryptographic vulnerabilities (RSA timing attack) and high-priority issues (SSRF, path traversal, memory/resource exhaustion). Robust input sanitization for code generation and strict dependency management are in place. RBAC was removed from the protocol layer for better separation of concerns. While dealing with code generation and proxies inherently introduces complexity, the project explicitly addresses these with dedicated protection mechanisms. A custom 'zero-tolerance' test ensures no common insecure patterns exist. Uses `secrecy` for sensitive data.
Similar Servers
rust-mcp-sdk
A high-performance, asynchronous Rust SDK for building Model Context Protocol (MCP) servers and clients, simplifying protocol handling, enabling tool-based interactions, and supporting multiple transports and authentication methods.
rust-mcp-schema
Provides a type-safe Rust implementation of the Model Context Protocol (MCP) schema for building LLM applications and integrating with external data sources and tools. It facilitates serialization and deserialization of MCP messages.
rust-mcp-server
Facilitates interaction between a large language model (LLM) and a local Rust development environment by exposing local Rust tools and project context to the LLM.
mcp-framework
A Rust framework implementing the Model Context Protocol for building production-ready MCP servers, clients, and intelligent AI agents that integrate with LLMs for tool use and browser automation.