php-mcp-sdk
Verified Safeby dalehurley
Overview
A PHP SDK for building Model Context Protocol (MCP) servers that expose AI capabilities (tools, prompts, sampling) and data resources to clients, facilitating AI agent orchestration and structured human-AI interaction.
Installation
php examples/server/simple-server.phpEnvironment Variables
- MCP_SERVER_HOST
- MCP_SERVER_PORT
- MCP_OAUTH_ISSUER_URL
- MCP_OAUTH_CLIENT_ID
- MCP_OAUTH_CLIENT_SECRET
- MCP_TLS_CERT_PATH
- MCP_TLS_KEY_PATH
Security Notes
The SDK demonstrates a strong focus on security, employing robust input validation using `InvalidArgumentException` and `JsonSchemaValidator`, structured error handling (`McpError`), and network security features in its transport layers (`allowedHosts`, `allowedOrigins`, `enableDnsRebindingProtection` for HTTP/WebSocket). The OAuth implementation includes client authentication, token verification, PKCE support (configurable for proxy scenarios), and metadata endpoints, showing a good understanding of OAuth best practices. While complex OAuth flows always carry inherent configuration risks, the SDK provides the necessary primitives to implement them securely. No `eval()` or direct code injection vulnerabilities were found. URI validation for `Root` objects also adds a layer of safety.
Similar Servers
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
php-mcp
Facilitates communication and integration between LLM applications and external data sources or tools by implementing the Model Context Protocol (MCP).
mcp
An MCP server providing a set of mathematical tools (calculator functions) for remote execution via the Model Context Protocol.
mcp-client-laravel
Laravel-native client for interacting with Model Context Protocol (MCP) servers to discover and call tools, and access resources for AI agents.