mcp_server
Verified Safeby gurkanfikretgunak
Overview
Manages Python packages and indexes project codebases for AI-assisted development using the Model Context Protocol (MCP).
Installation
./scripts/run_http.sh --host localhost --port 8000Environment Variables
- MCP_TRANSPORT
- MCP_HOST
- MCP_PORT
- MCP_API_KEY
- MCP_ENABLE_AUTH
- MCP_ALLOWED_PACKAGES
- MCP_BLOCKED_PACKAGES
- MCP_LOG_LEVEL
- MCP_LOG_FORMAT
- MCP_PROJECT_ROOT
- MCP_WORKSPACE_ROOT
Security Notes
The server implements API key-based authentication, a policy engine for package allow/block lists, and audit logging for tool invocations and resource access. It uses `subprocess.run` with lists for arguments, mitigating shell injection risks. Path operations within `ProjectScanner` and resource handlers correctly use `Path.resolve()` and `project_root / file_path` to prevent path traversal. A note in `src/python_package_mcp_server/transports/http.py` indicates that full SSE integration requires additional setup with the MCP SDK, which could be an area for further security hardening if not properly integrated.
Similar Servers
mcp-server
Provides a Model Context Protocol (MCP) server for AI agents to search and retrieve curated documentation for the Strands Agents framework, facilitating AI coding assistance.
zeromcp
A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.
pypi-query-mcp-server
A Model Context Protocol (MCP) server for querying PyPI package information, dependencies, and compatibility checking, assisting AI agents in Python development workflows.
tenets
Provides intelligent, token-optimized code context and automatically injects guiding principles to AI coding assistants for enhanced understanding and consistent interactions.