node-red-mcp
by ziv-daniel
Overview
The MCP Node-RED Server enables AI agents to manage, monitor, and troubleshoot Node-RED automation flows in real-time by translating Model Context Protocol requests to Node-RED Admin API calls and providing live event streams.
Installation
node dist/index.mjsEnvironment Variables
- NODE_ENV
- PORT
- MCP_TRANSPORT
- HTTP_ENABLED
- NODERED_URL
- NODERED_USERNAME
- NODERED_PASSWORD
- NODERED_API_TOKEN
- JWT_SECRET
- API_KEY
- CORS_ORIGIN
- RATE_LIMIT_WINDOW
- RATE_LIMIT_MAX
- LOG_LEVEL
- CLAUDE_COMPATIBLE_MODE
- CLAUDE_AUTH_REQUIRED
- ACCEPT_ANY_BEARER_TOKEN
- DEBUG_CLAUDE_CONNECTIONS
- AUTH_FALLBACK_ENABLED
- DATABASE_URL
- REDIS_URL
- ENABLE_METRICS
- ENABLE_TRACING
- OTEL_EXPORTER_OTLP_ENDPOINT
Security Notes
The server includes robust security features like Zod for input validation, Helmet.js for security headers, CORS configuration, and rate limiting. It also performs checks in the Docker entrypoint (e.g., non-root user). However, it contains hardcoded fallback secrets for `JWT_SECRET` ('your-secret-key' / 'dev-secret-change-in-production-min-32-chars') and `API_KEY` ('your-api-key'), which, if not overridden in production, represent critical vulnerabilities. While `envSchema` validates `JWT_SECRET` length, the default values undermine security until explicitly changed.
Similar Servers
mcp-typescript-template
This server acts as a template for building remote Model Context Protocol (MCP) servers using TypeScript, handling MCP tool registration and session management over HTTP.
claude-faf-mcp
Provides AI-optimized context for software projects to large language models, enhancing collaboration and project understanding via 50+ specialized tools within Claude Desktop workflows.
uml-mcp-server
Image and UML diagram generation via Google Gemini API, exposed as a Model Context Protocol (MCP) server.
mcp_server
This server implements the Model Context Protocol (MCP) to expose developer-defined tools as a HTTP API, specifically demonstrating a task creation tool.