spec-context-mcp
Verified Safeby madebymlai
Overview
Unified MCP server combining semantic code search with spec-driven development workflow, providing a dashboard for managing specs, approvals, and implementation logs, and supporting AI-assisted features.
Installation
npx spec-context-mcpEnvironment Variables
- OPENROUTER_API_KEY
- QDRANT_URL
- DASHBOARD_URL
- DASHBOARD_API_KEY
- EMBEDDING_MODEL
- EMBEDDING_DIMENSION
- QDRANT_API_KEY
Security Notes
API keys (OpenRouter, Qdrant) are handled via environment variables and not hardcoded. Path handling in the backend uses `PathUtils` for normalization and validation, mitigating directory traversal risks. The dashboard frontend sanitizes user-provided content before rendering with `dangerouslySetInnerHTML` to prevent common XSS attacks. Rate limiting and audit logging are implemented in the dashboard's `security-utils.ts`. A theoretical, minor XSS risk exists with Mermaid diagram rendering (`securityLevel: 'loose'`) when combined with `dangerouslySetInnerHTML` if malicious diagram code is processed, although content is typically internal and trusted within the development workflow context.
Similar Servers
spec-workflow-mcp
Facilitates structured, specification-driven software development by providing a workflow engine, real-time dashboards, and tools for task management, approvals, and detailed implementation logging, integrated with AI agents and VSCode.
openrouter-deep-research-mcp
This server orchestrates multi-agent AI research workflows by decomposing complex queries, executing parallel sub-queries using an ensemble of LLMs, and synthesizing findings into comprehensive reports, often leveraging real-time web data, internal knowledge bases, and advanced caching.
codeweaver
A code intelligence platform that provides semantically rich, context-aware code search for AI agents, aimed at reducing cognitive load and token costs for coding tasks.
athena-protocol
An intelligent MCP server that acts as an AI tech lead for coding agents, providing expert validation, impact analysis, and strategic guidance before code changes are made.