mcp-devtools

Name: mcp-devtools
Author: sammcj

Verified Safe

by sammcj

View Source

Overview

A high-performance Go-based MCP server providing a unified interface for a wide array of developer tools, designed for agentic coding workflows to replace multiple Node.js/Python-based servers.

Installation

Run Command

go run github.com/sammcj/mcp-devtools@HEAD

Environment Variables

OAUTH_ENABLED
OAUTH_BROWSER_AUTH
OAUTH_ISSUER
OAUTH_AUDIENCE
OAUTH_JWKS_URL
OAUTH_CLIENT_ID
ENABLE_ADDITIONAL_TOOLS
DISABLED_TOOLS
BRAVE_API_KEY
GOOGLE_SEARCH_API_KEY
GOOGLE_SEARCH_ID
KAGI_API_KEY
SEARXNG_BASE_URL
GITHUB_TOKEN
DOCLING_PYTHON_PATH
DOCLING_VLM_MODEL
DOCLING_VLM_API_URL
AGENT_TIMEOUT
AGENT_MAX_RESPONSE_SIZE
AGENT_PERMISSIONS_MODE
PROXY_UPSTREAMS
FILESYSTEM_TOOL_ALLOWED_DIRS
MCP_SECURITY_RULES_PATH
LOG_LEVEL
LOG_TOOL_ERRORS

Security Notes

The server features a comprehensive, multi-layered security framework for access control and content analysis, configurable via YAML rules, and includes protections against common threats like shell injection and data exfiltration. Tools like 'filesystem' and 'docprocessing' integrate with these controls. However, the 'proxy' tool explicitly bypasses this security middleware for upstream proxied tools, making it a significant potential risk for unvetted external services. Agent tools (e.g., Claude, Codex) also feature a 'yolo-mode' to bypass permissions, which presents a high risk if used carelessly. Additionally, content analysis occurs *after* content has been fetched by the tools, meaning a network request is still made even if content is ultimately blocked. The system primarily relies on environment variables for sensitive data, which is good practice.

Similar Servers

mcp-k8s-go

365

An MCP server enabling AI assistants and users to interact with and manage Kubernetes clusters by listing, getting, applying, and executing commands on Kubernetes resources.

Coding Agents

$Medium