mcp-server-for-apache-ofbiz

Name: mcp-server-for-apache-ofbiz
Author: jacopoc

Verified Safe

by jacopoc

View Source

Overview

Proxy server for generative AI applications to interact with backend REST APIs via Model Context Protocol (MCP) tools, specifically for Apache OFBiz.

Installation

Run Command

node ./build/server.js ./config ./build/tools

Environment Variables

BACKEND_API_BASE
SERVER_PORT
MCP_SERVER_BASE_URL
AUTHZ_SERVER_BASE_URL
MCP_SERVER_CLIENT_ID
MCP_SERVER_CLIENT_SECRET
TLS_KEY_PATH
TLS_CERT_PATH
BACKEND_ACCESS_TOKEN
BACKEND_USER_AGENT
MCP_SERVER_CORS_ORIGINS
MCP_SERVER_DNS_REBINDING_PROTECTION_ALLOWED_HOSTS
MCP_SERVER_DNS_REBINDING_PROTECTION_ALLOWED_ORIGINS
RATE_LIMIT_WINDOW_MS
RATE_LIMIT_MAX_REQUESTS
SCOPES_SUPPORTED
BACKEND_API_AUDIENCE
BACKEND_API_RESOURCE
TOKEN_EXCHANGE_SCOPE
TLS_KEY_PASSPHRASE

Security Notes

The project implements robust security features including OAuth 2.0 with JWT validation and token exchange, configurable CORS, rate limiting, and DNS rebinding protection. It supports TLS (HTTPS) connections. Configuration for sensitive data (client secrets, tokens, TLS keys) are externalized to 'config.json' and are not hardcoded. There are no 'eval' calls or obvious code obfuscation. The dynamic tool loading mechanism ('src/lib/mcp/tool-loader.ts') allows execution of code from the 'tools' directory; while this is a core feature for extensibility, it requires ensuring the 'tools' directory is secured against unauthorized write access in production environments.

Similar Servers

mcpo

3742

Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.

Web & APIs

$Low

mcp

268

This repository provides a collection of Model Context Protocol (MCP) servers to enable AI agents to interact with and manage various Oracle Cloud Infrastructure (OCI) services, Oracle Database, and MySQL databases through natural language.

AI & ML

$Medium