Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

Secure Server Template

БесплатноНе проверен

Provides secure, read-only database queries, HTTP GET requests with anti-SSRF protection, and file reading within a restricted directory.

GitHubEmbed

Описание

Provides secure, read-only database queries, HTTP GET requests with anti-SSRF protection, and file reading within a restricted directory.

README

A minimal, correct, and security-first Model Context Protocol (MCP) server in Python. It exposes three example tools to any MCP client (Claude Desktop, Claude Code, etc.) — each one shipped with the security guard it actually needs.

Most "MCP server" tutorials show you how to expose a tool. They skip the part that matters once a model has real hands on your database, network, and disk. This template is built around that gap: how to give an LLM capabilities without opening a hole.

LLM client ──MCP──> this server ──> [ PostgreSQL | HTTP | filesystem ]
                         │
                         └── every tool passes through guards.py (tested)

What is MCP, in one paragraph

MCP is an open protocol that lets an AI client call external "tools" (functions) and read "resources" through a standard interface. You run a small server that declares tools; the client (Claude Desktop, Claude Code, …) discovers them and the model calls them during a conversation. It's the clean way to give a model access to your data and actions instead of pasting everything into the prompt.

Tools

Tool What it does Guard
db_query(sql) Run a read-only SQL query against DATABASE_URL, returns rows as JSON SELECT/WITH only and a real READ ONLY Postgres session
http_get(url) HTTP GET, returns the body as text http/https only + host allowlist, deny-by-default (anti-SSRF)
read_file(path) Read a text file under MCP_FILES_ROOT Path resolved inside the root, blocks ../ traversal & absolute paths

Security design (the point of this template)

  • db_query can't write. Two layers: a static check (is_safe_select — rejects writes, DDL, and stacked ; statements) and the connection is opened READ ONLY, so even a clever bypass can't mutate data.
  • http_get can't be turned into an SSRF. Only http(s), and the host must be in MCP_URL_ALLOWLIST. Empty allowlist = nothing allowed (deny-by-default), so a misconfigured server isn't an open proxy.
  • read_file can't escape its root. Paths are resolved and checked to live inside MCP_FILES_ROOT; ../, absolute paths, and symlink escapes raise.

All three guards live in guards.py (zero dependencies) and are covered by tests/test_guards.py, so they run without even installing MCP.

Quickstart

git clone <this repo> && cd mcp-server-template
python -m venv .venv && . .venv/Scripts/activate   # (Linux/mac: . .venv/bin/activate)
pip install -e .            # add: pip install -e ".[db]" for PostgreSQL
cp .env.example .env        # edit with your values
python server.py            # runs over stdio

Use it from Claude Desktop

Add to your claude_desktop_config.json (see claude_desktop_config.example.json):

{
  "mcpServers": {
    "atelier-template": {
      "command": "python",
      "args": ["/absolute/path/to/server.py"],
      "env": { "MCP_URL_ALLOWLIST": "api.github.com", "MCP_FILES_ROOT": "/safe/dir" }
    }
  }
}

Restart Claude Desktop; the three tools appear. (For Claude Code: claude mcp add atelier-template -- python /abs/path/server.py.)

Add your own tool (the 5-line version)

@mcp.tool()
def word_count(text: str) -> str:
    """Count words in a string."""   # <- this docstring is what the model reads
    return str(len(text.split()))

That's the whole loop: decorate a function, write a clear docstring (the model uses it to decide when/how to call), return a string. If the tool touches data/network/disk, add a guard — that's the habit this template is trying to teach.

Layout

server.py     # the MCP server + 3 example tools
guards.py     # pure, dependency-free security helpers (tested)
tests/        # pytest for the guards (run without mcp installed)
.env.example  # configuration

Tests

pip install pytest && pytest -q

License

MIT © 2026 Eduardo Pérez Ignacio

from github.com/EduardoDknight/mcp-server-template

Установка Secure Server Template

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/EduardoDknight/mcp-server-template

FAQ

Secure Server Template MCP бесплатный?

Да, Secure Server Template MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для Secure Server Template?

Нет, Secure Server Template работает без API-ключей и переменных окружения.

Secure Server Template — hosted или self-hosted?

Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.

Как установить Secure Server Template в Claude Desktop, Claude Code или Cursor?

Открой Secure Server Template на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare Secure Server Template with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории data