toolception
Verified Safeby code-rabi
Overview
Provides a dynamic Model Context Protocol (MCP) server toolkit for managing and exposing toolsets at runtime, with features for lazy loading and fine-grained permission-based access control for clients.
Installation
npx --yes tsx tests/smoke-e2e/server-demo.tsEnvironment Variables
- PORT
- STARTUP_MODE
- TOOLSETS
- MCP_CLIENT_ID
Security Notes
The server defaults to listening on '0.0.0.0' (all network interfaces) and enables CORS with 'origin: true' (allowing all origins) by default, which can be a security risk if not explicitly configured for production. For header-based permissions, the MCP server trusts client-provided 'mcp-toolset-permissions' headers directly, necessitating strong external authentication/authorization at the application layer to prevent tampering, a risk explicitly documented in the README. However, the project provides a more secure config-based permission option and safe error responses to avoid information leakage.
Similar Servers
agent-mcp-gateway
An MCP gateway that aggregates multiple downstream MCP servers, providing policy-based access control and on-demand tool discovery to optimize context window usage for agents and subagents.
fastify-mcp-server
Provides a Fastify plugin to act as a Model Context Protocol (MCP) server, enabling AI assistants and clients to interact with services via streamable HTTP transport.
mcp-optimizer
Provides intelligent semantic tool discovery, caching, and unified access to multiple MCP servers through a single endpoint for AI clients.
mcp_tools_server
An MCP server that empowers an LLM to act as a comprehensive, multi-platform AI assistant capable of managing files, system processes, web browsing, personal organization, and media control on a local device.