wanaku
by wanaku-ai
Overview
A Model Context Protocol (MCP) Router that centralizes routing and resource management for AI agents, connecting them to various enterprise systems and tools via pluggable capabilities.
Installation
wanaku start local --capabilities-client-secret=<your-keycloak-client-secret>Environment Variables
- AUTH_SERVER
- QUARKUS_OIDC_CLIENT_CREDENTIALS_SECRET
- WANAKU_SECRETS_ENCRYPTION_PASSWORD
- WANAKU_SECRETS_ENCRYPTION_SALT
Security Notes
CRITICAL RISK: The 'wanaku-tool-service-exec' capability, included in the source, allows arbitrary command execution via `ProcessRunner.runWithOutput(arguments)` with explicitly no input validation. This is a severe vulnerability if an attacker can control the input URI to an 'exec' type tool. Developers are warned to 'use carefully', but this inherent danger in a provided component significantly reduces overall system safety. Other risks include default/hardcoded secrets in development/test configurations (e.g., Keycloak admin credentials, OIDC client secret) and disabling TLS verification for OIDC in development, both requiring careful handling in production. The system relies on an external Keycloak instance, and its misconfiguration could introduce further vulnerabilities. Currently, authenticated users have admin access to all tools and resources without fine-grained control.
Similar Servers
fastmcp
FastMCP is a Python framework for building and interacting with Model Context Protocol (MCP) servers. It provides client and server capabilities, enabling the creation of AI agents and services through definable tools, resources, and prompts. It supports various transports, authentication methods, logging, and background task execution, with strong integration for OpenAPI specifications.
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers for integration with LLM agents and other applications.
mcp-context-forge
A comprehensive Model Context Protocol (MCP) gateway and proxy that unifies REST, MCP, and A2A services, providing features like federation, virtual servers, rate-limiting, security, and an optional admin UI for managing web content and file conversions to markdown.
tmcp
Build Model Context Protocol (MCP) servers for AI agents, providing schema-agnostic tools, resources, and prompts, with optional OAuth 2.1 authentication and distributed session management.