photon
Verified Safeby portel-dev
Overview
A framework for building simple, auditable, single-file TypeScript applications that function as Model Context Protocol (MCP) servers for AI assistants and/or command-line interface (CLI) tools, emphasizing security, ease of development, and rapid deployment.
Installation
npx @portel/photon mcp <photon-name>Environment Variables
- {MCP_NAME_UPPERCASE}_{PARAM_NAME_UPPERCASE} (e.g., GITHUB_TOKEN, SQLITE_DB_PATH, FILESYSTEM_WORKDIR, ANALYTICS_HOST)
Security Notes
The framework itself implements strong security practices for its operations (e.g., uses esbuild for compilation, uses child_process.spawn for daemon processes, promotes environment variables for secrets, provides path traversal warnings in examples). The primary security risk lies in the content of user-provided .photon.ts files, as they execute with the same permissions as the 'photon' process. The project explicitly advocates for 'Security Through Transparency' and single-file audits to mitigate this, and includes a security scanner for dependencies. No direct 'eval' or obvious injection vulnerabilities in the core framework were found.
Similar Servers
tmcp
Build Model Context Protocol (MCP) servers for AI agents, providing schema-agnostic tools, resources, and prompts, with optional OAuth 2.1 authentication and distributed session management.
mcp-kit
A CLI tool for scaffolding Model Context Protocol (MCP) applications, either as servers providing tools, resources, and prompts, or clients consuming them.
boilerplate-mcp-server
This boilerplate provides a production-ready foundation for developing custom Model Context Protocol (MCP) servers in TypeScript to connect AI assistants with external APIs and data sources, exemplified by an IP geolocation lookup tool.
mcp-typescript-template
This server acts as a template for building remote Model Context Protocol (MCP) servers using TypeScript, handling MCP tool registration and session management over HTTP.