deploystack
Verified Safeby deploystackio
Overview
DeployStack provides an MCP-as-a-Service platform, managing AI agent tools and optimizing context window usage for seamless integration and improved performance.
Installation
POSTGRES_PASSWORD="your_postgres_password" DEPLOYSTACK_ENCRYPTION_SECRET="a_very_secure_secret_key_at_least_32_chars" docker compose up -dEnvironment Variables
- POSTGRES_PASSWORD
- DEPLOYSTACK_ENCRYPTION_SECRET
- VITE_DEPLOYSTACK_BACKEND_URL
- DEPLOYSTACK_REGISTRATION_TOKEN
- DEPLOYSTACK_SATELLITE_NAME
- PORT
- HOST
- NODE_ENV
- LOG_LEVEL
- DEPLOYSTACK_FRONTEND_URL
- DEPLOYSTACK_BACKEND_PUBLIC_URL
- DEPLOYSTACK_SATELLITE_URL
- DEPLOYSTACK_STATUS_SHOW_MCP_DEBUG_ROUTE
- MCP_PROCESS_IDLE_TIMEOUT_SECONDS
- MCP_PROCESS_SPAWN_GRACE_PERIOD_SECONDS
- NSJAIL_MEMORY_LIMIT_MB
- NSJAIL_CPU_TIME_LIMIT_SECONDS
- NSJAIL_MAX_PROCESSES
- NSJAIL_RLIMIT_NOFILE
- NSJAIL_RLIMIT_FSIZE
- NSJAIL_TMPFS_SIZE
- EVENT_BATCH_INTERVAL_MS
- EVENT_MAX_BATCH_SIZE
- EVENT_MAX_QUEUE_SIZE
- EVENT_FLUSH_TIMEOUT_MS
- DEPLOYSTACK_BACKEND_POLLING_INTERVAL
Security Notes
The project demonstrates robust security practices including OAuth2 for authentication, Drizzle/PostgreSQL for data storage, and AES-256-GCM encryption for sensitive data with `DEPLOYSTACK_ENCRYPTION_SECRET`. Process isolation for stdio MCP servers is implemented using `nsjail` on Linux in production, a strong sandboxing mechanism with resource limits. Sensitive information like API keys and URL query parameters are actively masked in logs. While `nsjail` requires network access for tools and `--proc_rw` for Node.js, and uses default placeholder secrets that *must* be changed in production (`CHANGE_ME_HERE`), these are considered good practices with explicit developer guidance, not vulnerabilities.
Similar Servers
klavis
Creates an AI agent that uses Klavis Strata to interact with Gmail and YouTube through MCP, demonstrating how to summarize a YouTube video and email the summary.
mcpstore
MCPStore acts as an orchestration layer for managing Microservice Context Protocol (MCP) services and adapting them as tools for AI frameworks like LangChain, AutoGen, and others.
agentor
Deploy scalable AI agents with tool integrations (weather, email, GitHub, etc.) and support for A2A and MCP communication protocols.
aicode-toolkit
Acts as an MCP proxy server to connect AI agents to multiple underlying MCP servers through a single connection, enabling progressive tool discovery and reducing initial token usage for tool descriptions.