mesh
Verified Safeby decocms
Overview
An open-source control plane for Model Context Protocol (MCP) traffic, providing unified authentication, routing, observability, and tool management for AI agents and integrations across various services.
Installation
bun run devEnvironment Variables
- ENCRYPTION_KEY
- DATABASE_URL
- PORT
- NODE_ENV
- UNSAFE_ALLOW_STDIO_TRANSPORT
- MESH_URL
Security Notes
The project demonstrates strong security awareness, especially in critical areas. It utilizes `quickjs-emscripten-core` for sandboxed JavaScript execution, carefully limiting tool exposure. Raw SQL execution via `DATABASES_RUN_SQL` is mitigated with `SET LOCAL ROLE` and `SET LOCAL search_path` within transactions for PostgreSQL, providing robust isolation. The OAuth proxy (`oauth-proxy.ts`) includes logic to rewrite URLs and handle `WWW-Authenticate` headers, addressing common OAuth vulnerabilities. Sensitive data is protected using `aes-256-gcm` encryption with a non-hardcoded `ENCRYPTION_KEY`. STDIO connections are disabled by default in production unless explicitly enabled via `UNSAFE_ALLOW_STDIO_TRANSPORT=true`. Overall, the architecture and implementation show a high level of attention to security, but complex systems always have inherent risks.
Similar Servers
klavis
Develop and deploy AI agents that interact with a wide array of web services (e.g., Gmail, YouTube, LinkedIn, Supabase, Salesforce, Kubernetes) through a standardized Model Context Protocol (MCP), often orchestrated by an intelligent routing layer like Strata.
mcp-context-forge
Converts web content (HTML, PDF, DOCX, etc.) and local files from a URL into high-quality Markdown format. It supports multiple conversion engines, content optimization, batch processing, and image handling.
mcphub
An orchestration hub that aggregates, manages, and routes Model Context Protocol (MCP) servers and their tools, providing a centralized interface, user management, OAuth 2.0 authorization server capabilities, and AI-powered tool discovery and routing.
admin
The server acts as a control plane for Model Context Protocol (MCP) traffic, providing a unified API gateway for authentication, routing, and observability across various AI-native services and clients.