tmcp
Verified Safeby paoloricciuti
Overview
Build Model Context Protocol (MCP) servers for AI agents, providing schema-agnostic tools, resources, and prompts, with optional OAuth 2.1 authentication and distributed session management.
Installation
node src/index.tsEnvironment Variables
- TMCP_DURABLE_OBJECT
- TMCP_SESSION_INFO
- REDIS_URL
- PG_CONNECTION_STRING
- OAUTH_ISSUER_URL
Security Notes
The project emphasizes a 'security-first design' with OAuth 2.1 implementation (including PKCE, Resource Indicators, token validation). CORS is configurable, and the design promotes external configuration of secrets (e.g., Redis/Postgres connection strings, Cloudflare KV bindings). Example code for quick start uses hardcoded secrets, but these are clearly for demonstration. JSON-RPC batching is explicitly disabled as per MCP 2025-06-18 requirements to reduce complexity and potential attack surface. The architecture encourages secure practices, but the overall security depends heavily on the correct implementation and configuration by the end-user (e.g., proper handling of sensitive environment variables, secure database access). No `eval` or obvious malicious patterns were found in the core library code.
Similar Servers
zeromcp
A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.
1xn-vmcp
An open-source platform for composing, customizing, and extending multiple Model Context Protocol (MCP) servers into a single logical, virtual MCP server, enabling fine-grained context engineering for AI workflows and agents.
mcp-servers
Provides an MCP server for Qdrant vector database integration, enabling AI agents to perform semantic search, store documents, and manage collections with advanced multi-tenant filtering capabilities.
MCP-Council
Automates the conversion of any REST API into a Model Context Protocol (MCP) server, enabling AI assistants to interact with external APIs through a standardized interface.