Xyzen
Verified Safeby ScienceOL
Overview
A comprehensive AI-powered chat component and backend service for React applications, featuring LLM integration, agent orchestration with LangChain/LangGraph, customizable tools, and multi-protocol chat capabilities.
Installation
uv run python -m app.mainEnvironment Variables
- XYZEN_ENV
- XYZEN_DEBUG
- XYZEN_HOST
- XYZEN_PORT
- XYZEN_LOGGER_LEVEL
- XYZEN_DATABASE_ENGINE
- XYZEN_DATABASE_POSTGRES_HOST
- XYZEN_DATABASE_POSTGRES_PORT
- XYZEN_DATABASE_POSTGRES_USER
- XYZEN_DATABASE_POSTGRES_PASSWORD
- XYZEN_DATABASE_POSTGRES_DBNAME
- XYZEN_DATABASE_SQLITE_PATH
- XYZEN_LLM_PROVIDER
- XYZEN_LLM_KEY
- XYZEN_LLM_ENDPOINT
- XYZEN_LLM_VERSION
- XYZEN_LLM_DEPLOYMENT
- XYZEN_MCP_SMITHERY_KEY
- SMITHERY_API_KEY
- XYZEN_DIFY_DIFYAPI
- XYZEN_DIFY_DIFYKEY1
- XYZEN_DIFY_DIFYKEY2
- XYZEN_DIFY_TIMEOUT
- XYZEN_LAB_API
- XYZEN_LAB_TIMEOUT
- XYZEN_ADMIN_SECRET
Security Notes
The project implements a sandbox for user-defined tools, which is a strong positive for security. It includes API proxies for external services (Bohrium, Smithery, OpenAPI) to mitigate CORS, but these always introduce an additional attack surface. A specific hardcoded API key (`BOHRAPP_X_APP_KEY`) exists for a particular BohrApp integration, though other keys are configurable. The use of `subprocess.Popen` is contained to specific, well-defined external tools (Playwright MCP) and is not exposed to arbitrary user input. Overall, while external integrations add complexity, the core design appears mindful of security risks, especially for dynamic tool execution.
Similar Servers
arcade-mcp
A framework and collection of toolkits for building and deploying AI agent servers that integrate with various external services.
mcp_massive
An AI agent orchestration server, likely interacting with LLMs and managing multi-agent workflows.
neurolink
Provides a universal AI development platform with multi-provider support, middleware, tool orchestration, and AI-powered workflow automation.
2ly
2LY provides an infrastructure layer for AI agent tooling, enabling a private tool registry with embedded runtimes that integrate with various agent frameworks like LangChain, CrewAI, and AutoGPT.