php-mcp-sdk
Verified Safeby dalehurley
Overview
A PHP SDK for building Model Context Protocol (MCP) servers that expose AI capabilities (tools, prompts, sampling) and data resources to clients, facilitating AI agent orchestration and structured human-AI interaction.
Installation
php examples/server/simple-server.phpEnvironment Variables
- MCP_SERVER_HOST
- MCP_SERVER_PORT
- MCP_OAUTH_ISSUER_URL
- MCP_OAUTH_CLIENT_ID
- MCP_OAUTH_CLIENT_SECRET
- MCP_TLS_CERT_PATH
- MCP_TLS_KEY_PATH
Security Notes
The SDK demonstrates a strong focus on security, employing robust input validation using `InvalidArgumentException` and `JsonSchemaValidator`, structured error handling (`McpError`), and network security features in its transport layers (`allowedHosts`, `allowedOrigins`, `enableDnsRebindingProtection` for HTTP/WebSocket). The OAuth implementation includes client authentication, token verification, PKCE support (configurable for proxy scenarios), and metadata endpoints, showing a good understanding of OAuth best practices. While complex OAuth flows always carry inherent configuration risks, the SDK provides the necessary primitives to implement them securely. No `eval()` or direct code injection vulnerabilities were found. URI validation for `Root` objects also adds a layer of safety.
Similar Servers
tmcp
Build Model Context Protocol (MCP) servers for AI agents, providing schema-agnostic tools, resources, and prompts, with optional OAuth 2.1 authentication and distributed session management.
php-mcp
Implements the Model Context Protocol (MCP) to enable seamless integration between LLM applications and external data sources and tools, providing a server-side framework in PHP.
mcp
A TypeScript SDK for building and interacting with Model Context Protocol (MCP) servers, facilitating AI agent interaction through exposed tools, prompts, and resources via JSON-RPC over HTTP/SSE.
mcpc
A framework for building agentic Model Context Protocol (MCP) servers by composing existing MCP tools. It enables the creation of portable, interoperable AI agents with flexible execution modes and robust logging/tracing capabilities.