gopher-mcp-python
mcp
Fail
Health Warn
- License — License: Apache-2.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 7 GitHub stars
Code Fail
- rm -rf — Recursive force deletion command in build.sh
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This tool provides Python bindings for a cross-language MCP (Model Context Protocol) orchestrator, enabling developers to build and manage AI agent workflows using native C++ performance via ctypes FFI bindings.
Security Assessment
The tool handles sensitive data, specifically API keys and MCP server configurations passed directly to the orchestrator. It does not appear to contain hardcoded secrets. However, it relies on executing a shell command (`./build.sh`) during installation. A significant security concern was identified in this build script, which contains a recursive force deletion command (`rm -rf`). While no dangerous permissions are requested at the application level, the destructive build step requires careful review before execution to ensure it doesn't inadvertently delete critical system files. Overall risk is rated as Medium due to the unsafe build script and handling of API keys.
Quality Assessment
The project is licensed under Apache-2.0 and appears to be actively maintained, with its last push occurring very recently. However, it suffers from extremely low community visibility, having only 7 GitHub stars. This indicates a lack of peer review, testing, and community trust. Because of the low visibility, the reliability of the native C++ library and its Python bindings in production environments is uncertain.
Verdict
Use with caution: The project is active and open-source, but the destructive build script, low community adoption, and handling of sensitive API keys warrant a thorough manual code review before use.
This tool provides Python bindings for a cross-language MCP (Model Context Protocol) orchestrator, enabling developers to build and manage AI agent workflows using native C++ performance via ctypes FFI bindings.
Security Assessment
The tool handles sensitive data, specifically API keys and MCP server configurations passed directly to the orchestrator. It does not appear to contain hardcoded secrets. However, it relies on executing a shell command (`./build.sh`) during installation. A significant security concern was identified in this build script, which contains a recursive force deletion command (`rm -rf`). While no dangerous permissions are requested at the application level, the destructive build step requires careful review before execution to ensure it doesn't inadvertently delete critical system files. Overall risk is rated as Medium due to the unsafe build script and handling of API keys.
Quality Assessment
The project is licensed under Apache-2.0 and appears to be actively maintained, with its last push occurring very recently. However, it suffers from extremely low community visibility, having only 7 GitHub stars. This indicates a lack of peer review, testing, and community trust. Because of the low visibility, the reliability of the native C++ library and its Python bindings in production environments is uncertain.
Verdict
Use with caution: The project is active and open-source, but the destructive build script, low community adoption, and handling of sensitive API keys warrant a thorough manual code review before use.
Python bindings for Cross-Language MCP Orchestrator, think of LangChain + Vercel AI kit but for MCP
README.md
gopher-mcp-python Python SDK
Python SDK for gopher-mcp-python, providing AI agent orchestration with native C++ performance through ctypes FFI bindings.
Features
- Python 3.8+ compatibility
- pip/setuptools build system
- ctypes FFI bindings to native library
- GopherAgent class with builder pattern configuration
- Context manager support for automatic resource cleanup
- Typed errors (AgentError, ApiKeyError, ConnectionError, TimeoutError)
- Comprehensive test suite with pytest
Requirements
- Python 3.8 or higher
- Native gopher-mcp-python library (built from source)
Installation
From Source
- Clone the repository:
git clone https://github.com/GopherSecurity/gopher-mcp-python.git
cd gopher-mcp-python
- Build the native library:
./build.sh
- Install the Python package:
pip install -e .
Quick Start
Using API Key
from gopher_mcp_python import GopherAgent, GopherAgentConfig
# Create configuration with API key
config = (GopherAgentConfig.builder()
.provider("AnthropicProvider")
.model("claude-3-haiku-20240307")
.api_key("your-api-key")
.build())
# Create and use agent with context manager
with GopherAgent.create(config) as agent:
response = agent.run("What time is it in Tokyo?")
print(response)
Using JSON Server Configuration
from gopher_mcp_python import GopherAgent, GopherAgentConfig
# Create configuration with server config
config = (GopherAgentConfig.builder()
.provider("AnthropicProvider")
.model("claude-3-haiku-20240307")
.server_config('{"mcpServers": [...]}')
.build())
# Create agent
agent = GopherAgent.create(config)
try:
response = agent.run("What is the weather?")
print(response)
finally:
agent.dispose()
Using Convenience Methods
from gopher_mcp_python import GopherAgent
# Create with API key (shorthand)
agent = GopherAgent.create_with_api_key(
provider="AnthropicProvider",
model="claude-3-haiku-20240307",
api_key="your-api-key"
)
# Or with server config
agent = GopherAgent.create_with_server_config(
provider="AnthropicProvider",
model="claude-3-haiku-20240307",
server_config='{"mcpServers": [...]}'
)
Getting Detailed Results
from gopher_mcp_python import GopherAgent
with GopherAgent.create(config) as agent:
result = agent.run_detailed("What time is it?")
if result.is_success():
print(f"Response: {result.response}")
print(f"Iterations: {result.iteration_count}")
print(f"Tokens used: {result.tokens_used}")
elif result.is_timeout():
print(f"Request timed out: {result.error_message}")
else:
print(f"Error: {result.error_message}")
API Reference
GopherAgent
Main class for interacting with the gopher-mcp-python native library.
Static Methods
GopherAgent.init()- Initialize the library (called automatically)GopherAgent.shutdown()- Shutdown the libraryGopherAgent.is_initialized()- Check if library is initializedGopherAgent.create(config)- Create an agent with configurationGopherAgent.create_with_api_key(provider, model, api_key)- Convenience methodGopherAgent.create_with_server_config(provider, model, server_config)- Convenience method
Instance Methods
agent.run(query, timeout_ms=60000)- Run a query and get response stringagent.run_detailed(query, timeout_ms=60000)- Run a query and get AgentResultagent.dispose()- Release resourcesagent.is_disposed()- Check if agent is disposed
GopherAgentConfig
Configuration class with builder pattern.
config = (GopherAgentConfig.builder()
.provider("AnthropicProvider") # Required
.model("claude-3-haiku-20240307") # Required
.api_key("key") # Either api_key or server_config required
.server_config("{...}") # Either api_key or server_config required
.build())
AgentResult
Result class with status and metadata.
result.response- Response textresult.status- AgentResultStatus enumresult.iteration_count- Number of iterationsresult.tokens_used- Tokens consumedresult.error_message- Error message (if applicable)result.is_success()- Check if successfulresult.is_error()- Check if errorresult.is_timeout()- Check if timeout
Exceptions
AgentError- Base exception for agent errorsApiKeyError- Invalid API keyConnectionError- Connection failedTimeoutError- Operation timed out
Development
Running Tests
pytest
Code Formatting
This project uses Black for code formatting and Ruff for linting.
Format code:
black .
Check formatting without modifying:
black --check .
Run linter:
ruff check .
Fix linting issues:
ruff check --fix .
Building the Native Library
./build.sh
Clean Build
./build.sh --clean
Environment Variables
GOPHER_MCP_PYTHON_LIBRARY_PATH- Custom path to native libraryDEBUG- Enable debug output for library loading
License
See LICENSE file for details.
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found