mcp-server-orchestrator
Verified Safeby felix-toledo
Overview
An orchestration system for AI agents to interact with custom tools via the Model Context Protocol (MCP), integrating Large Language Models (LLMs) like OpenAI with backend services.
Installation
docker compose up --buildEnvironment Variables
- NODE_ENV
- PORT
- MCP_SERVER_PORT
- DATABASE_URL
- ORCHESTRATOR_PORT
- MCP_SERVER_URL
- OPENAI_API_KEY
- KEY_ALLOWED_AGENTS
- LLM_PROVIDER
- OPENAI_MODEL
Security Notes
The MCP Server (`services/mcp-server`) has `cors({ origin: '*' })` enabled by default, which is an overly permissive configuration and a significant security risk for production environments, as it allows any domain to make requests. The Orchestrator uses `JSON.parse(toolCall.arguments)` on LLM-generated strings; while `JSON.parse` itself is generally safe, robust schema validation (using Zod) within each custom tool is critical to prevent malformed inputs from causing unexpected application behavior or errors. Authentication to the Orchestrator is enforced via a `KAA` header, relying on a shared secret from environment variables, which is a good practice. Sensitive API keys and database credentials are correctly sourced from environment variables. The system's prompt for the LLM is verbose, but prompt injection remains an inherent risk in LLM-based systems.
Similar Servers
claude-flow
AI Agent Orchestration and Development Platform for Claude Code
klavis
Develop and deploy AI agents that interact with a wide array of web services (e.g., Gmail, YouTube, LinkedIn, Supabase, Salesforce, Kubernetes) through a standardized Model Context Protocol (MCP), often orchestrated by an intelligent routing layer like Strata.
mcpstore
Orchestrate Microservice Context Protocol (MCP) services and adapt them for integration with various AI frameworks like LangChain, managing tools and their lifecycle.
metorial-platform
An open source integration platform for agentic AI, connecting AI models to external APIs, data sources, and tools.