MCP-Open-Discovery-with-AMQP
Verified Safeby nagual69
Overview
A production-ready infrastructure discovery and CMDB platform, delivering 53 tools via the Model Context Protocol (MCP) SDK for AI assistants, automation, and enterprise infrastructure management.
Installation
docker-compose up -dEnvironment Variables
- TRANSPORT_MODE
- HTTP_PORT
- AMQP_URL
- AMQP_QUEUE_PREFIX
- AMQP_EXCHANGE
- OAUTH_ENABLED
- OAUTH_AUTHORIZATION_SERVER
- OAUTH_CLIENT_ID
- OAUTH_CLIENT_SECRET
- MCP_CREDS_KEY
- ZABBIX_BASE_URL
- ZABBIX_USERNAME
- ZABBIX_PASSWORD
- PLUGINS_ROOT
- PLUGIN_REQUIRE_SIGNED
- PLUGIN_TRUSTED_KEY_IDS
- LOG_LEVEL
- NODE_ENV
Security Notes
The project demonstrates a very strong focus on security, particularly in plugin management, input sanitization, and credential handling. - **Strong Plugin Security**: Implements manifest validation (JSON Schema), SHA256 integrity checks for plugin distributions, static code analysis for restricted module imports, runtime sandboxing (via `Module._load` override) to enforce permissions and dependency policies (`bundled-only`, `external-allowlist`, `sandbox-required`), and optional digital signature verification for trusted plugins. Untrusted or invalid plugins can be quarantined. - **Input Sanitization**: Crucially, `nmap_tools_sdk.js` and `network_tools_sdk.js` explicitly use `sanitizeHost` and `sanitizeUrl` functions to mitigate command injection risks when executing external binaries (`nmap`, `ping`, `wget`, etc.). - **Secure Credential Management**: Utilizes AES-256-CBC encryption for sensitive data (passwords, API keys, SSH keys, etc.) stored locally, supports encryption key rotation, maintains an audit log, and integrates with AWS Secrets Manager and Azure Key Vault for robust secret management. - **Operational Security Concerns**: Default AMQP credentials (`amqp://mcp:discovery@localhost:5672`) and Zabbix credentials (`Admin/zabbix`) are provided for quick start but **must be overridden** in production deployments. Some Nmap tools (`-sS`, `-sU`) explicitly add `--privileged` arguments or inherently require elevated privileges (e.g., `CAP_NET_RAW`, `CAP_NET_ADMIN` in Docker), which is a significant deployment-time security decision and should be managed carefully.
Similar Servers
terraform-mcp-server
Provides seamless integration with Terraform Registry APIs and HCP Terraform/Terraform Enterprise APIs, enabling AI assistants/LLMs to generate high-quality Terraform code and automate IaC workflows.
tfmcp
A CLI tool and MCP server that enables LLMs to analyze, manage, and operate Terraform configurations and infrastructure environments.
ncp
NCP acts as a universal adapter and orchestrator for Model Context Protocol (MCP) servers and tools. It provides a unified interface for discovery, execution, and management of diverse tools (local CLI, HTTP APIs, internal plugins/Photons, AI skills) through natural language and structured code interaction, enabling AI agents to interact with the broader digital ecosystem.
MCP-Agent
An autonomous AI agent designed to discover, connect to, and utilize tools and resources from various Model Context Protocol (MCP) servers to accomplish tasks.