charly
by vielhuber
Overview
A comprehensive server gateway for integrating multiple Model Context Protocol (MCP) servers with unified OAuth2 and bearer token authentication, including a web client.
Installation
uvicorn server.mcp:app --host 0.0.0.0 --port 8000Environment Variables
- CLIENT_DB_HOST
- CLIENT_DB_PORT
- CLIENT_DB_USER
- CLIENT_DB_PASSWORD
- CLIENT_DB_DATABASE
- AUTH0_BASE_URL
- AUTH0_URL
- AUTH0_CLIENT_ID
- AUTH0_CLIENT_SECRET
Security Notes
The server's use of `allow_origins=["*"]` in CORS middleware is a critical security vulnerability for production environments, enabling cross-origin attacks. While `config.example.json` uses placeholders for sensitive data, the `server/mcp.py` loads secrets directly from `config.json`, which could be exposed if committed to version control. Furthermore, the `StdioTransport` executes commands and arguments specified in `config.json`, presenting a severe arbitrary command execution risk if an attacker can modify this configuration file. The dynamic loading of a Tailwind CDN script in development environments, while common, also introduces a potential (though lower) supply chain risk.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers for integration with LLM agents and other applications.
mcp-context-forge
A comprehensive Model Context Protocol (MCP) gateway and proxy that unifies REST, MCP, and A2A services, providing features like federation, virtual servers, rate-limiting, security, and an optional admin UI for managing web content and file conversions to markdown.
Unla
A lightweight and highly available gateway service that converts existing MCP Servers and APIs into services compliant with the MCP Protocol through configuration.
mcphub
A hub for managing, orchestrating, and providing a unified API for various Model Context Protocol (MCP) servers and their tools, including user management, OAuth services, and discovery of external servers.