Back to Home
bautiroalt icon

MCP-Server

by bautiroalt

View Source

Overview

A unified server for managing Model Context Protocols, integrating AI analytics (META-MINDS), file operations, real-time streaming, and monitoring with an admin panel and advanced security features.

Installation

Run Command
docker-compose up -d

Environment Variables

  • JWT_SECRET_KEY
  • API_KEY
  • API_KEY_NAME
  • CORS_ORIGINS
  • ALLOWED_HOSTS
  • DATA_DIRECTORY
  • LOG_FILE
  • REDIS_URL
  • MONGO_URL
  • DB_NAME
  • ADMIN_USERNAME
  • ADMIN_PASSWORD_HASH
  • RATE_LIMIT_PER_MINUTE
  • RATE_LIMIT_BURST
  • MAX_FILE_SIZE
  • ALLOWED_EXTENSIONS
  • ENABLE_METRICS
  • METRICS_PATH
  • HEALTH_CHECK_PATH
  • GRAFANA_PASSWORD
  • MONGO_USERNAME
  • MONGO_PASSWORD
  • ENVIRONMENT
  • META_MINDS_ENABLED
  • META_MINDS_DEFAULT_QUESTIONS
  • META_MINDS_QUALITY_THRESHOLD
  • META_MINDS_REPORTS_DIR
  • REACT_APP_BACKEND_URL
  • REACT_APP_API_URL
  • REACT_APP_MCP_API_URL

Security Notes

The server has critical security risks related to file system interaction. The MCP Tools (`read_file`, `write_file`, `list_directory`, `search_files`) and File Management API endpoints (`/files/{file_path:path}`) directly use user-provided paths without sufficient validation against directory traversal attacks (e.g., `../`). This could allow unauthorized access, modification, or deletion of arbitrary files outside intended data directories. Additionally, default admin credentials (`Jatin23K`, `#JK2025sy#`) are hardcoded in `backend/data/users/users.json`, which is a common vulnerability if not changed. The broad CORS policy (`Access-Control-Allow-Origin: *`) configured for development in `firebase.json` and potentially in `main.py` poses a risk if not restricted for production APIs. While some security measures like JWT authentication, bcrypt, rate limiting, and input sanitization methods are present in `security_manager.py`, their application is not consistently demonstrated or robust enough to mitigate direct file system access vulnerabilities.

Similar Servers

tmcp

151

A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.

Other
8
$Low

SageMCP

25

A scalable platform for hosting MCP servers with multi-tenant support, OAuth integration, and connector plugins for various services, deployed on Kubernetes.

Other
7
$Medium

toolhive-cloud-ui

6

A UI for interacting with AI models via OpenRouter and managing/utilizing MCP (Model Context Protocol) servers and their tools from a centralized catalog.

Other
8
$Low

agentxsuite

5

A unified open-source platform for connecting, managing, and monitoring AI agents and tools across various Model Context Protocol (MCP) servers.

Other
8
$High

Stats

Interest Score30
Security Score3
Cost ClassLow
Stars1
Forks1
Last Update2026-01-19

Tags

AI AnalyticsFastAPIReactContext ManagementFile OperationsReal-time StreamingMonitoringDeploymentSecurity