supermcp
by dhanababum
Overview
A multi-tenant platform enabling AI assistants to connect with and manage various SQL databases through standardized connectors and a web-based interface.
Installation
cd connectors/tenants_sqldb && pip install -e ".[all]" && uv run python main.pyEnvironment Variables
- CONNECTOR_SALT
- ASYNC_DATABASE_URL
- JWT_SECRET
- JWT_ALGO
- APP_STORAGE_PATH
- LOGO_STORAGE_TYPE
- SUPERUSER_EMAIL
- SUPERUSER_PASSWORD
- WEB_URL
- CONNECTOR_ID
- CONNECTOR_SECRET
- APP_BASE_URL
- ORIGIN_URLS
- WORKERS
- PORT
Security Notes
Critical vulnerability: The `fastapi-users` library, used for user authentication (login, registration, password reset), is configured with a hardcoded JWT secret (`SECRET = "SECRET"` in `app/src/users.py`). This allows any attacker to easily forge valid user authentication tokens (both JWT bearer and cookie-based), thereby bypassing authentication for regular users and potentially superusers. While the internal communication between the backend and connectors uses a separate, environment-variable-controlled `JWT_SECRET`, the user-facing authentication system is severely compromised. Additionally, logo storage path handling needs careful sanitization to prevent path traversal vulnerabilities, though `os.path.join` provides some protection.
Similar Servers
metorial-platform
An open source integration platform for agentic AI, connecting AI models to external APIs, data sources, and tools with a single function call.
SageMCP
A scalable platform for hosting MCP servers with multi-tenant support, OAuth integration, and connector plugins for various services, deployed on Kubernetes.
nlp2sql
Converts natural language queries to optimized SQL for enterprise-scale databases, supporting multiple AI providers and robust schema management.
agentxsuite
A unified open-source platform for connecting, managing, and monitoring AI agents and tools across various Model Context Protocol (MCP) servers.