featbit-front-agent
by featbit
Overview
This server acts as a Node.js proxy agent for the FeatBit feature flag system, allowing client-side SDKs to evaluate feature flags and send insights without direct communication with the FeatBit backend.
Installation
npm startEnvironment Variables
- FEATBIT_EVENTS_URL
- FEATBIT_STREAMING_URL
- FEATBIT_TLS_REJECT_UNAUTHORIZED
- AGENT_PORT
- AGENT_SECRET
- HEARTBEAT_INTERVAL
- CUSTOM_CLIENT_SDK_HEADERS
- CUSTOM_CLIENT_SDK_PARAMS
- FEATBIT_ALL_FEATURE_FLAGS_URL
Security Notes
The server utilizes `eval()` extensively in its feature flag evaluation logic (`src/utils/index.js`, `src/core/flags_engine.js`) to execute rules and variations received from the FeatBit backend. This poses a critical security risk as it allows arbitrary JavaScript code execution on the server if the FeatBit backend is compromised or if the data stream containing flag rules is tampered with. No obvious sandboxing mechanisms (like Node.js `vm` module) are in place to mitigate this vulnerability, potentially leading to remote code execution.
Similar Servers
vibe-check-mcp-server
Provides metacognitive oversight and self-improvement capabilities for AI agents using Chain-Pattern Interrupts (CPI) to prevent reasoning lock-in and over-engineering.
mcp-sdk-functions-hosting-node
A Node.js server for hosting serverless functions, likely within a Managed Cloud Platform (MCP) SDK context.
unleash-mcp
Manages Unleash feature flags for LLM-powered coding assistants, enabling creation, evaluation, and code wrapping following best practices.
openai-sdk-knowledge-org
The server provides an AI-powered knowledge base for OpenAI API usage and SDKs, integrating Retrieval-Augmented Generation (RAG) and Model Context Protocol (MCP) capabilities.