From 2ebe055e69a326af2a0f8c1f536c0f25fd7ab5c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20D=C3=B6tsch?= Date: Fri, 24 Apr 2026 10:30:11 +0200 Subject: [PATCH] Enhance MCP server configuration: add MCP_URL_ONLY environment variable to restrict to URL-based clients --- README.md | 13 +++++++++++++ lib/server.js | 7 +++++++ 2 files changed, 20 insertions(+) diff --git a/README.md b/README.md index 20e2bef..0c5b94f 100644 --- a/README.md +++ b/README.md @@ -154,6 +154,19 @@ npx @typingmind/mcp@latest --- +## Restricting to URL-based MCPs + +By default, MCP Connector can start MCP servers via either a local `command` (stdio transport) or a remote `url`. The stdio path spawns arbitrary local processes on the host — useful, but it means any caller who can present a valid auth token is effectively able to execute commands on the machine running the connector. + +If your deployment only needs to proxy remote MCP servers, you can disable the stdio path entirely by setting the `MCP_URL_ONLY` environment variable to a truthy value (`1`, `true`, or `yes`, case-insensitive). When set, any `/start` or `/restart/:id` request whose config contains a `command` field will be rejected, and only `url`-based MCP clients will be accepted. + +```bash +# Only allow URL-based (remote) MCP servers +MCP_URL_ONLY=true npx @typingmind/mcp@latest +``` + +--- + ## REST API Endpoints All API endpoints require authentication via the Bearer token you provide when starting the server. diff --git a/lib/server.js b/lib/server.js index 383ab9c..b5c0cfa 100644 --- a/lib/server.js +++ b/lib/server.js @@ -68,6 +68,13 @@ async function createClientEntry(clientId, config) { throw new Error('command or url is required'); } + const urlOnly = /^(1|true|yes)$/i.test(process.env.MCP_URL_ONLY || ''); + if (urlOnly && command) { + throw new Error( + 'Stdio (command) MCP clients are disabled: MCP_URL_ONLY is set. Provide a "url" instead.', + ); + } + let client; if (command) {