mcp-typescript-simple
Verified Safeby jdutton
Overview
A production-ready MCP (Model Context Protocol) server for building AI agent backends, offering dual-mode operation (STDIO + Streamable HTTP with OAuth), multi-LLM integration, and comprehensive observability.
Installation
npm run dev:stdioEnvironment Variables
- ANTHROPIC_API_KEY
- OPENAI_API_KEY
- GOOGLE_API_KEY
- GOOGLE_CLIENT_ID
- GOOGLE_CLIENT_SECRET
- GOOGLE_REDIRECT_URI
- GITHUB_CLIENT_ID
- GITHUB_CLIENT_SECRET
- GITHUB_REDIRECT_URI
- MICROSOFT_CLIENT_ID
- MICROSOFT_CLIENT_SECRET
- MICROSOFT_TENANT_ID
- MICROSOFT_REDIRECT_URI
- TOKEN_ENCRYPTION_KEY
- REDIS_URL
- ALLOWED_USERS
- NODE_ENV
- MCP_MODE
- HTTP_PORT
- HTTP_HOST
- OTEL_EXPORTER_OTLP_ENDPOINT
- OTEL_SERVICE_NAME
- SESSION_SECRET
- SESSION_TIMEOUT_MINUTES
- REQUIRE_HTTPS
- DCR_STORE_TYPE
- DCR_FILE_PATH
- DCR_TOKEN_STORE
- DCR_TOKEN_FILE_PATH
- LOG_LEVEL
- SECRETS_MASTER_KEY
- LLM_DEFAULT_PROVIDER
Security Notes
The server is explicitly designed with a strong security posture, integrating comprehensive security tooling into its SDLC. Features include robust OAuth with PKCE and Dynamic Client Registration, AES-256-GCM encryption for secrets at rest (via TOKEN_ENCRYPTION_KEY), Redis-backed session storage for horizontal scalability (preventing session reconstruction bugs), and OCSF structured audit logging for security events. Dedicated security scanners (e.g., check-admin-auth, check-secrets-in-logs, check-file-storage) are used to enforce best practices and prevent common vulnerabilities, such as logging PII or storing secrets in plaintext files in production.
Similar Servers
mcp-openapi-server
Exposes OpenAPI endpoints as Model Context Protocol (MCP) tools, enabling Large Language Models (LLMs) to discover and interact with REST APIs through a standardized protocol.
frontmcp
Develop and integrate third-party API services using the Model Context Protocol (MCP) framework, enabling AI models to interact with external systems through defined tools, resources, and prompts.
boilerplate-mcp-server
This boilerplate provides a production-ready foundation for developing custom Model Context Protocol (MCP) servers in TypeScript to connect AI assistants with external APIs and data sources, exemplified by an IP geolocation lookup tool.
opentelemetry-mcp-server
The OpenTelemetry Model Context Protocol (MCP) server enables LLMs to efficiently use the OpenTelemetry stack by providing tools to configure an OpenTelemetry collector and returning strict JSON schemas for collector components to ensure correct configuration.