mcp-playground
Verified Safeby emergent-lab
Overview
A web-based developer tool for testing, inspecting, and debugging Model Context Protocol (MCP) servers, supporting OAuth integration, request logging, and interactive execution of tools, resources, and prompts.
Installation
pnpm dev:allEnvironment Variables
- DATABASE_URL
- BETTER_AUTH_SECRET
- BETTER_AUTH_URL
- GITHUB_CLIENT_ID
- GITHUB_CLIENT_SECRET
- RESEND_API_KEY
- ENCRYPTION_KEY
- NEXT_PUBLIC_BASE_URL
- SKIP_ENV_VALIDATION
- IP_HASH_SALT
- VERCEL_URL
- PORT
Security Notes
The project demonstrates strong security practices for a web application. It uses Node.js's `crypto` module for AES-256-GCM encryption of sensitive data like OAuth tokens and client secrets, with the encryption key securely loaded from environment variables and validated for correct format. Sensitive data in logs (headers like 'Authorization', 'Cookie', and body fields like 'password', 'token') are sanitized and redacted. Environment variables are strictly validated using Zod via `@t3-oss/env-nextjs`. Security headers are configured in `next.config.ts` to prevent common web vulnerabilities like XSS and clickjacking. PII is configured to be sent to Sentry, which is a conscious operator choice rather than a code vulnerability. The markdown rendering component likely uses `isomorphic-dompurify` for XSS protection.
Similar Servers
mcp-shark
Aggregate multiple Model Context Protocol (MCP) servers into a single unified interface with a powerful monitoring UI.
magic-api-mcp-server
Provides a Model Context Protocol (MCP) server to enhance Magic-API development workflows, enabling advanced interactions for script writing, API management, debugging, and deployment.
mcp-jest
A testing framework for Model Context Protocol (MCP) servers, allowing automated validation of AI agent tools, resources, and prompts.
inspector
An interactive developer tool for testing, debugging, and monitoring MCP (Model Context Protocol) servers, including their tools, prompts, resources, and UI widgets.