Beltche-MCP-Server
Verified Safeby gajda-w
Overview
An MCP (Model Context Protocol) Server for the Beltche BJJ gym management platform, enabling AI assistants like ChatGPT to manage students, trainings, and gym data through defined tools.
Installation
npm run devEnvironment Variables
- OAUTH_CLIENT_ID
- OAUTH_CLIENT_SECRET
- OAUTH_AUTHORIZE_URL
- OAUTH_TOKEN_URL
- OAUTH_REDIRECT_URI
Security Notes
The server employs robust security practices including Zod for environment variable validation, Pino for structured logging with redaction of sensitive data (like tokens and authorization headers), `asyncHandler` for consistent error handling, and `express-rate-limit` to prevent abuse. OAuth tokens are managed via a `linkToken` and stored securely (in-memory for dev, Redis for prod), and refreshed as needed. No direct `eval` or unsanitized shell execution from user input was identified. Dependencies appear to be standard and well-vetted. A full audit of the MCP SDK and FusionAuth setup would be needed for a perfect score.
Similar Servers
example-remote-server
A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.
mcp-typescript-template
This project provides a foundational TypeScript template for developing remote Model Context Protocol (MCP) servers with robust tooling and best practices.
mcp-servers
Provides current weather conditions and forecasts from the Open-Meteo API for a given geographical location.
mcp-demo-server
Provides demo servers in Go and Python to demonstrate and test the Model Context Protocol (MCP) using various tools like echotest, timeserver, and fetch.