toolhive-cloud-ui
Verified Safeby stacklok
Overview
A Next.js application for visualizing MCP (Model Context Protocol) servers in user infrastructure with easy URL copying for integration with AI agents.
Installation
pnpm devEnvironment Variables
- OIDC_ISSUER_URL
- OIDC_CLIENT_ID
- OIDC_CLIENT_SECRET
- OIDC_PROVIDER_ID
- BETTER_AUTH_SECRET
- BETTER_AUTH_URL
- API_BASE_URL
Security Notes
The project implements robust security practices, including server-side management of OIDC tokens, encryption of sensitive token data stored in HTTP-only cookies (using `jose` with AES-256-GCM), and a secure refresh token mechanism. It configures several standard security headers (CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy). The Content Security Policy (CSP) includes `unsafe-inline` for scripts and styles, which is a common but minor theoretical weakening often necessary in Next.js applications. Hardcoded secrets are explicitly marked as development-only placeholders in the code and documentation, with clear instructions to replace them in production. No 'eval' or obfuscation patterns were found.
Similar Servers
mcp-tools
This library provides utilities for developers to build MCP (Model Context Protocol) clients and servers, facilitating secure authentication and data access for AI applications, particularly with Clerk integration.
SageMCP
A scalable platform for hosting MCP servers with multi-tenant support, OAuth integration, and connector plugins for various services, deployed on Kubernetes.
turn-based-game-mcp
Provides a demo and learning tool for building turn-based games with an AI opponent using the Model Context Protocol.
mcp-server-playground
A Model Context Protocol (MCP) server that acts as an OAuth proxy for 3rd party authorization servers like Auth0, provides stateful session management, and exposes various tools for system time, streaming, project keyword searching, and AWS services (S3, ECS, CloudWatch Logs, Bedrock).