KOmcp
Verified Safeby TillMatthis
Overview
Provides a secure, OAuth2-authenticated Model Context Protocol (MCP) server that enables LLM applications like Claude to manage (create, search, retrieve, delete) Kura notes via API calls.
Installation
npm run devEnvironment Variables
- BASE_URL
- KOAUTH_URL
- KOAUTH_JWKS_URL
- KOAUTH_CLIENT_REGISTRATION_URL
- KURA_DATABASE_URL
- KURA_URL
Security Notes
The server demonstrates robust security practices: Fastify with Helmet, CORS (configurable origins), and Rate Limiting. OAuth2 token validation is thorough, using JWKS for signature verification and checking issuer, audience, and expiration. Role-based access control is enforced via `requireScopes` middleware. Logging (Pino) is structured and redacts sensitive data like Authorization headers. Docker deployment uses a non-root user. Critically, KOmcp interacts with Kura via its HTTP API (`KuraClient` uses `fetch`), shifting direct database access and potential SQL injection risks to the Kura application itself. A minor inconsistency is that `src/config/env.ts` validates for `KURA_DATABASE_URL` while `src/services/kura-client.ts` uses `KURA_URL` to connect to Kura's API, which might lead to unnecessary environment variable requirements, but does not pose a direct security vulnerability.
Similar Servers
zen-mcp-server
A server for coordinating and managing AI agents, likely for simulations or complex task execution, leveraging Claude LLMs.
consult-llm-mcp
Facilitates Claude Code to consult powerful external AI models for complex code analysis, debugging, and review tasks.
mcp-server
Provides AI-powered security insights and operational capabilities for Kubernetes and cloud environments by exposing Rad Security APIs as Model Context Protocol (MCP) tools.
remote-mcp
Remote MCP allows users to create and manage cloud-based Model Context Protocol (MCP) servers, facilitating secure connections between AI clients (like Claude Desktop) and various external applications (GitHub, Slack, Notion, etc.).