lsmcp
Verified Safeby depoll
Overview
Provides AI models with semantic code understanding and refactoring capabilities via Language Server Protocol (LSP) integration.
Installation
docker run --rm -i -v "$(pwd):$(pwd)" -w "$(pwd)" lsmcp:latestEnvironment Variables
- LOG_LEVEL
- NODE_ENV
Security Notes
The project emphasizes a 'container-first architecture' with Docker, providing good isolation. It uses `child_process.spawn` with `shell: false` and includes input sanitization functions (`escapeRegExp`, `escapeShell`, `validateFilePath`, `sanitizeFileURI`) to prevent command injection and path traversal. Filesystem modifications are performed through `src/utils/file-operations.ts` which relies on URIs being safe. The `executeCommand` tool allows executing LSP server commands, which could be a vector if the underlying LSP server exposes dangerous commands, but this is a function of LSP itself. Overall, good security practices are evident.
Similar Servers
mcp-language-server
Serves as an MCP (Model Context Protocol) gateway, enabling LLMs to interact with Language Servers (LSPs) for codebase navigation, semantic analysis, and code editing operations.
chunkhound
Provides local-first codebase intelligence, extracting architecture, patterns, and institutional knowledge for AI assistants.
cclsp
Integrate LLM-based coding agents with Language Server Protocol (LSP) servers to enable robust code navigation, symbol resolution, and refactoring across various programming languages.
context-engine
Provides an agent-agnostic local context engine via Model Context Protocol (MCP) for coding agents, enabling semantic search, planning, code review, and prompt enhancement with AI integration.