forgesyte
by rogermt
Overview
Modular AI-vision MCP server for real-time image analysis, plugin orchestration, and integration with Gemini-CLI.
Installation
cd server && uv sync && uv run fastapi dev app/main.pyEnvironment Variables
- FORGESYTE_ADMIN_KEY
- FORGESYTE_USER_KEY
- CORS_ORIGINS
- VITE_API_URL
- VITE_API_BASE
- VITE_API_KEY
- VITE_WS_BACKEND_URL
- VITE_WS_URL
Security Notes
The dynamic plugin loading mechanism (via Python entry-points/pip install) is a critical security risk. If an attacker can inject or install malicious Python packages as plugins, they can execute arbitrary code on the server. The `analyze()` method and `on_load()`/`on_unload()` hooks within plugins can perform any operation. Additionally, the `ImageAcquisitionService` fetches images from arbitrary URLs, creating a potential Server-Side Request Forgery (SSRF) vulnerability if URLs are not rigorously validated. The development mode allows anonymous API access if no keys are configured, which could lead to accidental insecure deployments. API key authentication uses SHA256 hashing, which is reasonable for API keys but requires careful environment variable management.
Similar Servers
f2c-mcp
A Model Context Protocol server for Figma Design to Code, enabling AI tools to convert Figma designs into production-ready frontend code.
fastify-mcp-server
Provides a Fastify plugin to act as a Model Context Protocol (MCP) server, enabling AI assistants and other clients to interact with services via streamable HTTP.
fastify-mcp
Integrates Model Context Protocol (MCP) server functionality into Fastify web applications, supporting streamable HTTP and legacy HTTP+SSE transports.
foreman-mcp-server
A Model Context Protocol (MCP) server that enables Language Models (LLMs) to interact with a Foreman instance for IT automation, reporting, and configuration management.