spec-workflow-mcp
Verified Safeby Pimzino
Overview
Facilitates structured, specification-driven software development by providing a workflow engine, real-time dashboards, and tools for task management, approvals, and detailed implementation logging, integrated with AI agents and VSCode.
Installation
npx -y @pimzino/spec-workflow-mcp@latest /path/to/your/projectEnvironment Variables
- SPEC_WORKFLOW_HOME
- SPEC_WORKFLOW_BIND_ADDRESS
- SPEC_WORKFLOW_ALLOW_EXTERNAL_ACCESS
- SPEC_WORKFLOW_RATE_LIMIT_ENABLED
- SPEC_WORKFLOW_CORS_ENABLED
- SPEC_WORKFLOW_HOST_PATH_PREFIX
- SPEC_WORKFLOW_CONTAINER_PATH_PREFIX
Security Notes
The dashboard uses `dangerouslySetInnerHTML` for rendering markdown and mermaid diagrams; however, user-supplied comment annotations are HTML-escaped. Mermaid diagrams are rendered with `securityLevel: 'loose'`, which offers more features but requires caution with untrusted content in a browser context. Network binding for the dashboard defaults to local access, requiring explicit opt-in for external access (`SPEC_WORKFLOW_ALLOW_EXTERNAL_ACCESS=true`), which is a good security practice. There are no obvious instances of `eval`, obfuscation, or hardcoded secrets.
Similar Servers
f2c-mcp
A Model Context Protocol server for Figma Design to Code, enabling AI tools to convert Figma designs into production-ready frontend code.
mcp-jest
A testing framework for Model Context Protocol (MCP) servers, allowing automated validation of AI agent tools, resources, and prompts.
spec-oxide
A simple and lightweight Micro-Container Platform (MCP) designed for spec-driven development workflows.
tenets
Provides intelligent, token-optimized code context and automatically injects guiding principles to AI coding assistants for enhanced understanding and consistent interactions.