mcp-playground
Verified Safeby emergent-lab
Overview
A web-based developer tool for testing, inspecting, and debugging Model Context Protocol (MCP) servers, supporting OAuth integration, request logging, and interactive execution of tools, resources, and prompts.
Installation
pnpm dev:allEnvironment Variables
- DATABASE_URL
- BETTER_AUTH_SECRET
- BETTER_AUTH_URL
- GITHUB_CLIENT_ID
- GITHUB_CLIENT_SECRET
- RESEND_API_KEY
- ENCRYPTION_KEY
- NEXT_PUBLIC_BASE_URL
- SKIP_ENV_VALIDATION
- IP_HASH_SALT
- VERCEL_URL
- PORT
Security Notes
The project demonstrates strong security practices for a web application. It uses Node.js's `crypto` module for AES-256-GCM encryption of sensitive data like OAuth tokens and client secrets, with the encryption key securely loaded from environment variables and validated for correct format. Sensitive data in logs (headers like 'Authorization', 'Cookie', and body fields like 'password', 'token') are sanitized and redacted. Environment variables are strictly validated using Zod via `@t3-oss/env-nextjs`. Security headers are configured in `next.config.ts` to prevent common web vulnerabilities like XSS and clickjacking. PII is configured to be sent to Sentry, which is a conscious operator choice rather than a code vulnerability. The markdown rendering component likely uses `isomorphic-dompurify` for XSS protection.
Similar Servers
inspector
A desktop application for testing, debugging, and managing Model Context Protocol (MCP) servers, including OAuth flow debugging, AI model evaluation, and tool/resource interaction.
mcp-shark
Aggregate multiple Model Context Protocol (MCP) servers into a single unified interface with a powerful monitoring UI, enabling real-time traffic capture, logging, and AI-powered security analysis.
mcp-jest
Automated testing, discovery, and validation framework for Model Context Protocol (MCP) servers.
inspector
An interactive developer tool for testing, debugging, and monitoring Model Context Protocol (MCP) servers, including support for MCP-UI and OpenAI Apps SDK widgets.