OpenCodeMCP
by silvabyte
Overview
An MCP (Model Context Protocol) server that enables conversational coding via ChatGPT or any MCP-enabled LLM.
Installation
bun run startEnvironment Variables
- MCP_API_KEY
- MCP_PORT
- OPENCODE_URL
- PROJECT_ALIASES
Security Notes
CRITICAL: The `src/auth.ts` file explicitly disables authentication by always returning `true` in `validateAuth`, despite requiring `MCP_API_KEY` in environment variables. This means any client can interact with the server and subsequently control the OpenCode agent to read, modify, or execute code on the connected codebase without any authentication. This is a severe vulnerability. Additionally, direct path usage in tools like `list_files`, `read_file`, `find_text`, `find_files`, and `add_alias` (via `sessionManager.resolveProjectPath`) could expose the system to directory traversal or other file system manipulation if not rigorously sanitized by the underlying OpenCode SDK, especially given the lack of authentication. While the `opencode-ai/sdk` might handle some sanitization, the server's own authentication being disabled is a paramount risk.
Similar Servers
wcgw
Empowering chat applications to code, build, and run on your local machine by providing tightly integrated shell and code editing tools.
cclsp
Integrate LLM-based coding agents with Language Server Protocol (LSP) servers to enable robust code navigation, symbol resolution, and refactoring across various programming languages.
codex-mcp-server
Serves as a Model Context Protocol (MCP) bridge to integrate OpenAI's Codex CLI for AI-powered code analysis, generation, and review within various editors like Claude Code, VS Code, and Cursor.
consult-llm-mcp
An MCP server that allows AI agents like Claude Code to consult stronger, more capable AI models (e.g., GPT-5.2, Gemini 3.0 Pro) for complex code analysis, debugging, and architectural advice.