mcp-agg
Verified Safeby WebLegions
Overview
Aggregates Model Context Protocol (MCP) servers (stdio, SSE, HTTP) and exposes their tools via a high-performance Fastify HTTP API.
Installation
bun run clusterEnvironment Variables
- HOST
- PORT
- CLUSTER_WORKERS
- CLUSTER_RESTART_MAX
- CLUSTER_RESTART_WINDOW
- CLUSTER_SHUTDOWN_TIMEOUT
- TLS_CERT_PATH
- TLS_KEY_PATH
- CORS_ALLOWED_ORIGINS
- ALLOWED_HOSTS
- MCP_CONFIG_FILE
- NODE_ENV
Security Notes
The project demonstrates strong security practices including explicit prototype pollution prevention, custom optimized input validation, and use of security middleware (Helmet, CORS, rate limiting). It leverages environment variables for sensitive configurations and mentions vulnerability scanning in CI/CD. The primary potential risk is the configuration of external MCP servers (via `.mcp.json`), which, if compromised, could direct the aggregator to untrusted endpoints. This is an operational security concern rather than a code vulnerability within the server itself.
Similar Servers
fastify-mcp-server
A Fastify plugin providing a streamable HTTP transport for the Model Context Protocol (MCP), enabling AI assistants to interact with services.
fastify-mcp
Integrates Model Context Protocol (MCP) server functionality into Fastify web applications, supporting streamable HTTP and legacy HTTP+SSE transports.
mcp-streamable-http-server
A development template for creating StreamableHttp services with flexible authentication, dynamic service registration, customizable middleware, and YAML-based tool configuration.
mcp-framework-server
A Python-based server for a Model Context Protocol (MCP) enabling interactive career orientation (proforientation) dialogues via a REST API, designed to integrate with a Telegram bot.