search-mcp
Verified Safeby blakazulu
Overview
Provides semantic search capabilities for codebases to be used by AI agents.
Installation
npx @liraz-sbz/search-mcpEnvironment Variables
- DATABASE_HOST
- DATABASE_PORT
- DATABASE_NAME
- DATABASE_USER
- DATABASE_PASSWORD
- JWT_SECRET
- SESSION_EXPIRY
- GOOGLE_CLIENT_ID
- GOOGLE_CLIENT_SECRET
- GITHUB_CLIENT_ID
- GITHUB_CLIENT_SECRET
- NODE_ENV
- CACHE_TTL
- DEBUG
- LOG_LEVEL
- SEARCH_MCP_DEBUG
- SEARCH_MCP_LOG_LEVEL
Security Notes
The server demonstrates a strong focus on security. It includes robust path traversal prevention (safeJoin, secureResolvePath, isPathSafeToDelete), SQL injection prevention (escapeSqlString), and Denial-of-Service (DoS) protection (MAX_QUERY_LENGTH, MAX_GLOB_PATTERN_LENGTH, MAX_JSON_FILE_SIZE, GLOB_TIMEOUT_MS, MAX_TOP_K clamping in LanceDB search). Concurrency issues are mitigated with an IndexingLock to prevent race conditions during indexing operations (SMCP-057). It handles embedding security by only inserting successful embeddings and includes model compatibility checks (SMCP-074). Stale lockfile cleanup is implemented with TOCTOU mitigation. Hardcoded secrets are avoided by relying on environment variables. Overall, the codebase shows a proactive approach to common web application and file system interaction vulnerabilities.
Similar Servers
chunkhound
ChunkHound transforms codebases into searchable knowledge bases for AI assistants, enabling deep semantic and regex-based code research.
codegraph-rust
CodeGraph transforms codebases into a semantically searchable knowledge graph, enabling AI agents to reason about code architecture, dependencies, and patterns using specialized agentic tools.
sourcegraph-mcp
Provides AI-enhanced code search and content fetching capabilities from Sourcegraph instances to LLM agents.
context-engine
A local-first, agent-agnostic Model Context Protocol (MCP) server that provides semantic code search, context enhancement, and AI-powered planning and execution tracking capabilities to coding agents.