dreams-ai
by vitorcalvi
Overview
An MCP server providing AI-powered code intelligence for semantic search, code structure analysis, and embedding generation, leveraging Apple Silicon GPU acceleration.
Installation
npx ts-node dreams-mcp.tsSecurity Notes
The 'dreams-mcp.ts' file uses 'child_process.exec' to run Python scripts. A critical command injection vulnerability exists within the 'get_file_structure' tool where the 'file_path' argument is directly interpolated into a shell command without any sanitization or escaping. This allows for arbitrary command execution. While 'query' and 'text' arguments have basic single-quote escaping, it is not robust enough to prevent all potential shell injections for general user-controlled input. The 'PYTHON_CORE_DIR' is hardcoded as an absolute path, requiring manual modification.
Similar Servers
treesitter-mcp
Provides a Model Context Protocol (MCP) server and CLI for static code analysis using Tree-sitter.
codebase-RAG
A Retrieval-Augmented Generation (RAG) server designed to assist AI agents and developers in understanding and navigating codebases through semantic search.
viberag
Local codebase semantic search (RAG) for AI coding assistants via MCP server.
codeweaver
A code intelligence platform that provides semantically rich, context-aware code search for AI agents, aimed at reducing cognitive load and token costs for coding tasks.