action_mcp
Verified Safeby seuros
Overview
Provides Model Context Protocol (MCP) server capabilities to Ruby on Rails applications, enabling AI assistants to interact with external data sources and tools via JSON-RPC over HTTP/SSE.
Installation
bin/rails s -c mcp.ru -p 62770 -P tmp/pids/mcps0.pidEnvironment Variables
- POSTGRES_USER
- POSTGRES_PASSWORD
- POSTGRES_DB
- REDIS_URL
- JWT_SECRET
- SHELL_COMMAND_WHITELIST
- ENVIRONMENT_VAR
Security Notes
The project defaults to 'none' authentication in `config/mcp.yml`, which is a critical security vulnerability for production if not explicitly configured. While the documentation emphasizes user responsibility for security, this default is dangerous. Furthermore, example tools (e.g., `ExecuteCommandTool` in `test/dummy`) demonstrate direct `system` calls, which can lead to Remote Code Execution (RCE) if user input is not rigorously sanitized. The framework design, while providing strong input validation mechanisms (property DSL), also facilitates the creation of potentially dangerous tools. OAuth 2.1 support and awareness of issues like 'Confused Deputy' are positive, but the core setup requires significant security hardening by the developer.
Similar Servers
fastmcp
FastMCP is a Python framework for building and interacting with Model Context Protocol (MCP) servers. It provides client and server capabilities, enabling the creation of AI agents and services through definable tools, resources, and prompts. It supports various transports, authentication methods, logging, and background task execution, with strong integration for OpenAPI specifications.
tmcp
Build Model Context Protocol (MCP) servers for AI agents, providing schema-agnostic tools, resources, and prompts, with optional OAuth 2.1 authentication and distributed session management.
mcp_rails_template
A Ruby on Rails application template demonstrating the integration and usage of the ActionMCP gem, providing various AI components like prompts, resource templates, and tools for LLMs.
mcp-server-llmling
mcp-server-llmling serves as a Machine Chat Protocol (MCP) server, providing a YAML-based system to configure and manage LLM applications, including resources, prompts, and tools.