fastify-mcp
Verified Safeby haroldadmin
Overview
Integrates Model Context Protocol (MCP) server functionality into Fastify web applications, supporting streamable HTTP and legacy HTTP+SSE transports.
Installation
npx ts-node examples/stateless-streamable-http-server.tsSecurity Notes
The codebase appears well-structured and follows good practices for a Fastify plugin. It correctly handles session management (add, remove, close events) and provides generic error responses for invalid requests, minimizing information leakage. There are no obvious signs of 'eval' usage, obfuscation, hardcoded secrets, or malicious patterns. The use of `reply.raw` is inherent to Fastify's low-level access and the underlying MCP SDK transport layer. The primary security consideration for deployment is the in-memory session management, which, while secure for single-node instances, would require a distributed session store for horizontally scaled applications to prevent state loss or unauthorized access across instances. This is a design choice inherent to how the MCP SDK handles sessions, not a vulnerability in the plugin itself.
Similar Servers
hyper-mcp
A fast, secure Model Context Protocol (MCP) server that extends its capabilities through WebAssembly plugins, enabling AI agents to access tools, resources, and prompts.
fastify-mcp-server
A Fastify plugin providing a streamable HTTP transport for the Model Context Protocol (MCP), enabling AI assistants to interact with services.
MCP-Council
Automates the conversion of REST APIs into AI-powered MCP (Model Context Protocol) servers, enabling seamless integration of APIs with AI assistants.
mcp_hello_server
Minimal MCP-style server implemented with FastAPI for demonstrating and extending Model Context Protocol interactions.