mcp
by zuplo
Overview
A TypeScript SDK for building and interacting with Model Context Protocol (MCP) servers, facilitating AI agent interaction through exposed tools, prompts, and resources via JSON-RPC over HTTP/SSE.
Installation
npm install && npm run build && npm startEnvironment Variables
- NODE_ENV
- BASE_URL
- NODE_OPTIONS
Security Notes
The `HTTPStreamableTransport` in `src/transport/httpstreamable.ts` contains a critical vulnerability where the `isValidOrigin` function always returns `true`. This disables all origin validation, making the server susceptible to DNS rebinding attacks and other origin-based spoofing if exposed publicly. Additionally, the `CustomValidator` and `ResourceReader` types are designed to be user-implemented; if developers do not implement robust input sanitization and access controls for these components (e.g., restricting file paths in a `ResourceReader`), they could inadvertently introduce severe vulnerabilities such as arbitrary file access.
Similar Servers
mcp-openapi-server
Exposes OpenAPI endpoints as Model Context Protocol (MCP) tools, enabling Large Language Models (LLMs) to discover and interact with REST APIs through a standardized protocol.
boilerplate-mcp-server
This boilerplate provides a production-ready foundation for developing custom Model Context Protocol (MCP) servers in TypeScript to connect AI assistants with external APIs and data sources, exemplified by an IP geolocation lookup tool.
mcp-typescript-template
This server acts as a template for building remote Model Context Protocol (MCP) servers using TypeScript, handling MCP tool registration and session management over HTTP.
php-mcp-sdk
A PHP SDK for building Model Context Protocol (MCP) servers that expose AI capabilities (tools, prompts, sampling) and data resources to clients, facilitating AI agent orchestration and structured human-AI interaction.