Back to Home
nikhildx icon

umcp

Verified Safe

by nikhildx

View Source

Overview

Securely enables AI assistants and automation tools to administer Ubuntu Linux systems through authenticated and whitelisted operations.

Installation

Run Command
umcp --transport http --port 8000

Environment Variables

  • UMCP_NAME
  • UMCP_VERSION
  • UMCP_ENVIRONMENT
  • UMCP_TRANSPORT__STDIO_ENABLED
  • UMCP_TRANSPORT__HTTP_ENABLED
  • UMCP_TRANSPORT__HTTP_HOST
  • UMCP_TRANSPORT__HTTP_PORT
  • UMCP_TRANSPORT__SSE_ENABLED
  • UMCP_TRANSPORT__SSE_PATH
  • UMCP_TRANSPORT__OPENAPI_PATH
  • UMCP_TRANSPORT__DOCS_PATH
  • UMCP_SECURITY__AUTH_TYPE
  • UMCP_SECURITY__JWT_SECRET
  • UMCP_SECURITY__JWT_ALGORITHM
  • UMCP_SECURITY__JWT_EXPIRATION
  • UMCP_SECURITY__API_KEYS_FILE
  • UMCP_SECURITY__RATE_LIMITING_ENABLED
  • UMCP_SECURITY__RATE_LIMIT_PER_MINUTE
  • UMCP_SECURITY__TLS_ENABLED
  • UMCP_SECURITY__TLS_CERT_FILE
  • UMCP_SECURITY__TLS_KEY_FILE
  • UMCP_WHITELIST__CONFIG_FILE
  • UMCP_WHITELIST__RELOAD_INTERVAL
  • UMCP_LOGGING__LEVEL
  • UMCP_LOGGING__FORMAT
  • UMCP_LOGGING__OUTPUT
  • UMCP_LOGGING__FILE_PATH
  • UMCP_LOGGING__AUDIT_FILE
  • UMCP_LOGGING__MAX_SIZE_MB
  • UMCP_LOGGING__BACKUP_COUNT
  • UMCP_PERFORMANCE__MAX_CONCURRENT_REQUESTS
  • UMCP_PERFORMANCE__COMMAND_TIMEOUT
  • UMCP_PERFORMANCE__MAX_OUTPUT_SIZE
  • UMCP_FEATURES__HOT_RELOAD
  • UMCP_FEATURES__METRICS
  • UMCP_FEATURES__HEALTH_CHECK

Security Notes

The project demonstrates a strong "security first" approach. It employs multi-layered security including API key/JWT authentication, Role-Based Access Control (RBAC), extensive command, path, user, git repository, APT package, and systemd service whitelisting, and comprehensive audit logging. Command execution primarily uses `asyncio.create_subprocess_exec` with list arguments, which is safer than shell execution. A `execute_shell` method exists but is explicitly warned against for untrusted input. There are no apparent hardcoded critical secrets in the provided truncated code (example API keys are in a `.example` file, and JWT secret is expected from environment variables). Rate limiting and TLS are configurable features. Robust input validation and sanitization are implemented to prevent command injection and path traversal.

Similar Servers

toolhive-studio

69

ToolHive simplifies and secures the discovery, deployment, and management of Model Context Protocol (MCP) servers, enabling connections to AI agents and clients.

AI & ML
3
$Medium

mcp-ssh-manager

10

Manages remote SSH servers via the Model Context Protocol (MCP), enabling AI assistants like Claude Code and OpenAI Codex to execute commands, transfer files, monitor health, and automate DevOps tasks.

8
$High

mcp-server-aws-sso

8

Connects AI assistants to AWS accounts through AWS IAM Identity Center to enable natural language interaction, command execution, and resource management.

AI & ML
8
$Medium

dev-kit-mcp-server

6

A Model Context Protocol (MCP) server for agent development tools, enabling secure, scoped operations within a root project directory.

Coding Agents
9
$Medium

Stats

Interest Score0
Security Score9
Cost ClassLow
Stars0
Forks0
Last Update2025-12-06

Tags

mcpubuntusystem-administrationai-automationdevopssecurity