core
Verified Safeby opensumi
Overview
A framework for building AI-Native IDE products, providing core functionalities like editor, file management, terminal, debugging, search, and extension support, with a strong focus on AI integration and interactive UI components.
Installation
node packages/startup/dist-node/server/server.jsEnvironment Variables
- NODE_ENV
- NIXPACKS_NODE_VERSION
- HOST
- IDE_FRONT_PORT
- MY_WORKSPACE
- SUPPORT_LOAD_WORKSPACE_BY_HASH
- EXTENSION_DIR
- KTLOG_SHOW_DEBUG
- OTHER_EXTENSION_DIR
- EXTENSION_WORKER_HOST
- WS_PATH
- WEBVIEW_HOST
- STATIC_SERVER_PATH
- SKIP_TS_CHECKER
- CI
- analysis
- SUMI_DEV_OPEN_BROWSER
- PORT
- IDE_SERVER_PORT
- EXTENSION_HOST_ENTRY
- WATCHER_HOST_ENTRY
- DEBUG_ENGINE_PATH
- serverPort
- workspaceDir
- extensionCandidate
- isDev
- extHostPath
- watchServerPort
- EXT_MODE
- BROWSER
- BROWSER_ARGS
- GITHUB_TOKEN
- GITHUB_SHA
- EXIT_ON_UNHANDLED_REJECTION
- IS_JEST_TEST
- JEST_COVERAGE_PROVIDER
- DEV_OPEN_INSPECTOR
- VSCODE_NLS_CONFIG
- PTY_PROXY_SOCK
Security Notes
The server includes extensive capabilities for file system access, network communication (websockets, HTTP), and running child processes for terminals, extensions, and debugging, which are inherent to an IDE. The use of `new Function` for executing webview content in `tools/cli-engine/src/webview/webview-host/webview-manager.ts` is a powerful feature that, if not rigorously sandboxed and input-sanitized, could pose a code injection risk. While sandboxing with `sandbox` iframe attributes is present, such constructs always warrant careful security review. The `staticAllowOrigin: '*'` setting in development server configurations is broad but typical for dev tools, though it could be a misconfiguration risk if deployed without restrictions. Overall, the project's nature as an extensible IDE means a larger attack surface, necessitating robust security practices for both the core framework and any integrated extensions.
Similar Servers
mcp-use
A full-stack framework for building Model Context Protocol (MCP) servers, MCP clients, and AI agents in both Python and TypeScript, supporting interactive UI widgets and robust debugging.
agents
The Inkeep Agents project is a comprehensive framework and SDK for building, managing, and running AI agents. This specific 'MCP Server' component (integrated within the Management API) provides a machine-readable API for managing agent configurations, tools, data components, and other project resources.
arcade-mcp
A framework and collection of toolkits for building and deploying AI agent servers that integrate with various external services.
heroui-mcp
The HeroUI MCP Server provides a structured interface for AI assistants to access comprehensive documentation, component details, examples, and theme data for HeroUI's React and React Native design systems, facilitating AI-powered code generation and understanding.