specwright
Verified Safeby acartag7
Overview
Specwright is a web-based tool for AI-assisted software development that helps turn vague feature requests into executable plans by generating specs, breaking them into chunks, executing them with AI (opencode/GLM), and reviewing the output for iterative refinement.
Installation
pnpm dev:dashboardEnvironment Variables
- OPENCODE_URL
- ANTHROPIC_API_KEY
- CLAUDE_CODE_OAUTH_TOKEN
- CLAUDE_PATH
- SPECWRIGHT_USE_HTTP_API
- MAX_WORKERS
- DB_PATH
- SPECWRIGHT_EXECUTOR_TYPE
- SPECWRIGHT_EXECUTOR_ENDPOINT
- SPECWRIGHT_EXECUTOR_MODEL
- SPECWRIGHT_EXECUTOR_TIMEOUT
- SPECWRIGHT_EXECUTOR_MAX_TOKENS
- SPECWRIGHT_PLANNER_TYPE
- SPECWRIGHT_PLANNER_CLI_PATH
- SPECWRIGHT_REVIEWER_TYPE
- SPECWRIGHT_REVIEWER_CLI_PATH
- SPECWRIGHT_REVIEWER_AUTO_APPROVE
- SPECWRIGHT_MAX_ITERATIONS
Security Notes
The server relies heavily on `child_process.execSync` and `child_process.spawn` for Git operations and AI execution. While attempts are made to sanitize user-controlled input (e.g., `replace(/"/g, '\"')` for commit messages), `execSync` is inherently risky when dealing with external commands and user input, increasing the potential for command injection if sanitization is imperfect. The core functionality is to execute code changes, which is a high-privilege operation. Users must understand this risk when running the tool. External API keys (Anthropic) are handled via environment variables, not hardcoded.
Similar Servers
github-mcp-server
The GitHub MCP Server connects AI tools directly to GitHub's platform, enabling AI agents and chatbots to manage repositories, issues, pull requests, and automate workflows through natural language interactions.
spec-workflow-mcp
Facilitates structured, specification-driven software development by providing a workflow engine, real-time dashboards, and tools for task management, approvals, and detailed implementation logging, integrated with AI agents and VSCode.
claude-prompts
Manages hot-reloadable AI prompt templates with advanced features like chains, quality gates, and structured reasoning, acting as an automation and code-editing agent for various AI assistants.
sudocode
Git-native spec and issue management, and lightweight agent orchestration for AI-assisted software development, enabling long-horizon task context tracking and collaborative work in git repositories.