tmcp
Verified Safeby paoloricciuti
Overview
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
Installation
cd apps/playground && pnpm build && node dist/index.jsEnvironment Variables
- TMCP_DURABLE_OBJECT
- TMCP_SESSION_INFO
- PGHOST
- PGUSER
- PGDATABASE
- PGPASSWORD
- PGPORT
- REDIS_URL
Security Notes
The project uses standard development practices including TypeScript, ESLint, and Prettier, which contribute to code quality and reduce common vulnerabilities. It implements JSON-RPC 2.0 and OAuth 2.1, with an emphasis on security features like PKCE and HTTPS for OAuth. Input parsing (JSON.parse) from external sources (stdin, HTTP body) is handled within try-catch blocks. While the default CORS policy for HTTP transport is permissive (`*`), it is configurable. There are no obvious signs of 'eval', obfuscation, hardcoded production secrets, or malicious patterns in the provided source code. The LLM sampling (`server.message`) requests are initiated by the server but executed by the client, with client-side user consent and controls, mitigating direct server-side LLM cost/abuse concerns.
Similar Servers
zeromcp
A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.
1xn-vmcp
An open-source platform for composing, customizing, and extending multiple Model Context Protocol (MCP) servers into a single logical, virtual MCP server, enabling fine-grained context engineering for AI workflows and agents.
mcp-servers
Provides an MCP server for Qdrant vector database integration, enabling AI agents to perform semantic search, store documents, and manage collections with advanced multi-tenant filtering capabilities.
MCP-Council
Automates the conversion of REST APIs into AI-powered MCP (Model Context Protocol) servers, enabling seamless integration of APIs with AI assistants.