ddev-mcp
by codingsasi
Overview
Provides AI assistants with DDEV development environment automation for various web projects, managing environments, databases, and executing commands.
Installation
npx ddev-mcpEnvironment Variables
- DDEV_MCP_LOG_LEVEL
- ALLOW_DANGEROUS_COMMANDS
- DDEV_MCP_TOOL_TIMEOUT
- DDEV_PROJECT_PATH
Security Notes
The server's primary tool, `ddev_exec`, directly executes arbitrary shell commands provided by AI input within the DDEV container. While a 'Dangerous Command Protection' feature is implemented using regex patterns, blacklisting is inherently vulnerable to bypass. There is no explicit shell escaping or robust whitelisting for the `command` argument before it's passed to `child_process.exec`. This poses a significant command injection risk if the AI-generated input is not strictly validated and sanitized by an external client or if a malicious prompt bypasses the regex filters, allowing execution of arbitrary code on the host system. The `sanitizeCommand` and `sanitizeOptions` functions are for logging purposes only, not for preventing injection into the execution itself. Running with `ALLOW_DANGEROUS_COMMANDS=true` escalates this risk further.
Similar Servers
claude-prompts
This server provides a hot-reloadable prompt engine with chains, quality gates, and structured reasoning for AI assistants, enhancing control over Claude's behavior in prompt workflows.
conductor-tasks
Conductor Tasks acts as an intelligent AI-powered assistant for developers, streamlining the entire development lifecycle from task generation and planning (parsing PRDs, expanding tasks, generating implementation steps) to execution and code modification (generating diffs). It provides visual task management, integrates with various IDEs, and leverages multiple LLM providers for optimal results and cost efficiency.
codearchitect-mcp
Automatically saves and retrieves AI conversation sessions from IDEs (Cursor, VS Code) to provide context continuity and build a searchable knowledge base for developers.
ssd-ai
An AI development assistant that uses natural language to help developers with a wide range of coding, planning, debugging, and project management tasks across TypeScript, JavaScript, and Python projects.