A6-Tango-MCP

Name: A6-Tango-MCP
Author: agilesix

Verified Safe

by agilesix

View Source

Overview

An MCP server providing AI agents with access to federal procurement and grants data through the Tango API, featuring caching, rate limiting, and comprehensive error handling.

Installation

Run Command

npm start

Environment Variables

TANGO_API_KEY
GOOGLE_CLIENT_ID
GOOGLE_CLIENT_SECRET
COOKIE_ENCRYPTION_KEY
TANGO_API_BASE_URL
CACHE_TTL_SECONDS
HOSTED_DOMAIN
MCP_TOKEN_EXPIRY_DAYS
ADMIN_EMAILS
REQUIRE_AUTHENTICATION
ALLOWED_AUTH_METHODS
OAUTH_TOKEN_TTL_SECONDS
SESSION_COOKIE_MAX_AGE
RATE_LIMIT_PER_USER
ENABLE_AUTH_LOGGING
ENABLE_TOKEN_ANALYTICS

Security Notes

The server demonstrates a high level of security awareness and implementation. It includes robust input sanitization (stripping control characters, trimming), comprehensive authentication (OAuth with domain restrictions, cryptographically secure MCP tokens with hashing, usage tracking, and revocation capabilities), strong access control (requiring @agile6.com emails for OAuth), and CSRF protection for OAuth flows. Secrets (API keys, OAuth client secrets, cookie encryption keys) are correctly managed as Cloudflare Worker secrets and are not exposed. Rate limiting is implemented across different endpoint types to prevent abuse. Detailed audit logging captures security-relevant events. No 'eval' or other obvious malicious dynamic code execution patterns were detected. The architecture leverages Cloudflare Workers' inherent security benefits. Minor areas for improvement might involve more aggressive input validation (e.g., regex for all string parameters) beyond just sanitization, but overall, it's very well-secured.

Similar Servers

mcp

317

Connect IBM products and other enterprise systems to AI agents via the Model Context Protocol (MCP) to enable AI models to interact with various local and remote resources.

Other

$Low