bead-mcp-ts
Verified Safeby KyongSik-Yoon
Overview
An MCP server to integrate with the beads issue tracker and agent memory system using the bd CLI.
Installation
npm startEnvironment Variables
- BEADS_PATH
- BEADS_DB
- BEADS_WORKING_DIR
- BEADS_ACTOR
- BEADS_NO_AUTO_FLUSH
- BEADS_NO_AUTO_IMPORT
- BEADS_REQUIRE_CONTEXT
Security Notes
The server relies heavily on executing the external 'bd' CLI via 'child_process.spawn'. While 'spawn' is generally safer than 'exec', user-provided strings (like titles, descriptions, assignee names, etc.) are passed directly as arguments. This introduces a risk if the 'bd' CLI itself has vulnerabilities that allow command injection or improper handling of malicious input in its arguments. Path resolution for 'workspace_root' also involves `git rev-parse` and file system checks, which, if not properly sanitized or if user input is fully untrusted, could lead to unexpected behavior or information disclosure, although no direct write vulnerabilities are apparent. No 'eval' or hardcoded secrets found.
Similar Servers
mcp-typescript-template
This project provides a foundational TypeScript template for developing remote Model Context Protocol (MCP) servers with robust tooling and best practices.
mcp
An MCP server providing a set of mathematical tools (calculator functions) for remote execution via the Model Context Protocol.
mcp-beads-village
Multi-agent task coordination, issue tracking, and file locking to prevent conflicts between AI agents working on a shared codebase.
photon
A multi-tenant platform for hosting and executing AI/ML "Photons" (modular tools/services) with robust authentication, session management, and OAuth capabilities, supporting various data stores.