vector_mcp
mcp
Basarisiz
Health Gecti
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 13 GitHub stars
Code Basarisiz
- rm -rf — Recursive force deletion command in .claude/hooks/branch-protection.sh
- rm -rf — Recursive force deletion command in .claude/hooks/security-check.sh
- rm -rf — Recursive force deletion command in .claude/hooks/security-logger.sh
Permissions Gecti
- Permissions — No dangerous permissions requested
Purpose
This tool is a Ruby gem that provides a framework for creating servers implementing the Model Context Protocol (MCP). It allows developers to easily expose tools, data resources, and prompts to LLM clients.
Security Assessment
Overall Risk: Medium. The core library itself does not request dangerous permissions, make unsolicited network requests, or contain hardcoded secrets. However, the repository contains several shell scripts (`.claude/hooks/`) that utilize recursive force deletion commands (`rm -rf`). While these scripts might solely be intended for local developer environment cleanup or CI tasks, executing unknown force-deletion scripts inherently poses a risk to your system. The tool itself is designed to execute code based on inputs, so as with any MCP server, it inherently processes data that will be passed to an LLM.
Quality Assessment
Overall Quality: Good. The project is quite new and currently has a low community trust footprint with 13 GitHub stars. Despite this, it appears to be actively maintained, having received updates as recently as today. It utilizes the standard, permissive MIT license, includes comprehensive documentation, and maintains an automated test suite, indicating a professional and reliable foundation.
Verdict
Use with caution. While the core Ruby gem is safe and well-structured, you should carefully review and avoid running the included `.claude/hooks/` shell scripts unless you fully verify their deletion targets.
This tool is a Ruby gem that provides a framework for creating servers implementing the Model Context Protocol (MCP). It allows developers to easily expose tools, data resources, and prompts to LLM clients.
Security Assessment
Overall Risk: Medium. The core library itself does not request dangerous permissions, make unsolicited network requests, or contain hardcoded secrets. However, the repository contains several shell scripts (`.claude/hooks/`) that utilize recursive force deletion commands (`rm -rf`). While these scripts might solely be intended for local developer environment cleanup or CI tasks, executing unknown force-deletion scripts inherently poses a risk to your system. The tool itself is designed to execute code based on inputs, so as with any MCP server, it inherently processes data that will be passed to an LLM.
Quality Assessment
Overall Quality: Good. The project is quite new and currently has a low community trust footprint with 13 GitHub stars. Despite this, it appears to be actively maintained, having received updates as recently as today. It utilizes the standard, permissive MIT license, includes comprehensive documentation, and maintains an automated test suite, indicating a professional and reliable foundation.
Verdict
Use with caution. While the core Ruby gem is safe and well-structured, you should carefully review and avoid running the included `.claude/hooks/` shell scripts unless you fully verify their deletion targets.
A server implementation for the Model Context Protocol (MCP) in Ruby.
README.md
VectorMCP
VectorMCP is a Ruby gem implementing the Model Context Protocol (MCP) server-side specification. It provides a framework for creating MCP servers that expose tools, resources, prompts, and roots to LLM clients.
Why VectorMCP?
- 🛡️ Security-First: Built-in input validation and schema checking prevent injection attacks
- ⚡ Production-Ready: Robust error handling, comprehensive test suite, and proven reliability
- 🔌 Streamable HTTP Transport: MCP-compliant HTTP transport with session management and resumability
- 📦 Zero Configuration: Works out of the box with sensible defaults
- 🔄 Fully Compatible: Implements the complete MCP specification
Quick Start
gem install vector_mcp
require 'vector_mcp'
# Create a server
server = VectorMCP.new(name: 'MyApp', version: '1.0.0')
# Add a tool
server.register_tool(
name: 'greet',
description: 'Says hello to someone',
input_schema: {
type: 'object',
properties: { name: { type: 'string' } },
required: ['name']
}
) { |args| "Hello, #{args['name']}!" }
# Start the server
server.run # Uses HTTP stream transport by default
That's it! Your MCP server is ready to connect with Claude Desktop, custom clients, or any MCP-compatible application.
Transport
VectorMCP uses the MCP-compliant streamable HTTP transport with session management and resumability:
server.run # Default: http_stream transport
server.run(transport: :http_stream, port: 8080)
Core Features
Tools (Functions)
Expose functions that LLMs can call:
server.register_tool(
name: 'calculate',
description: 'Performs basic math',
input_schema: {
type: 'object',
properties: {
operation: { type: 'string', enum: ['add', 'subtract', 'multiply'] },
a: { type: 'number' },
b: { type: 'number' }
},
required: ['operation', 'a', 'b']
}
) do |args|
case args['operation']
when 'add' then args['a'] + args['b']
when 'subtract' then args['a'] - args['b']
when 'multiply' then args['a'] * args['b']
end
end
Resources (Data Sources)
Provide data that LLMs can read:
server.register_resource(
uri: 'file://config.json',
name: 'App Configuration',
description: 'Current application settings'
) { File.read('config.json') }
Prompts (Templates)
Create reusable prompt templates:
server.register_prompt(
name: 'code_review',
description: 'Reviews code for best practices',
arguments: [
{ name: 'language', description: 'Programming language', required: true },
{ name: 'code', description: 'Code to review', required: true }
]
) do |args|
{
messages: [{
role: 'user',
content: {
type: 'text',
text: "Review this #{args['language']} code:\n\n#{args['code']}"
}
}]
}
end
Security Features
VectorMCP provides comprehensive, opt-in security for production applications:
Built-in Input Validation
All inputs are automatically validated against your schemas:
# This tool is protected against invalid inputs
server.register_tool(
name: 'process_user',
input_schema: {
type: 'object',
properties: {
email: { type: 'string', format: 'email' },
age: { type: 'integer', minimum: 0, maximum: 150 }
},
required: ['email']
}
) { |args| "Processing #{args['email']}" }
# Invalid inputs are automatically rejected:
# ❌ { email: "not-an-email" } -> Validation error
# ❌ { age: -5 } -> Missing required field
# ✅ { email: "[email protected]" } -> Passes validation
Authentication & Authorization
Secure your MCP server with flexible authentication strategies:
# API Key Authentication
server.enable_authentication!(
strategy: :api_key,
keys: ["your-secret-key", "another-key"]
)
# JWT Token Authentication
server.enable_authentication!(
strategy: :jwt,
secret: ENV["JWT_SECRET"]
)
# Custom Authentication Logic
server.enable_authentication!(strategy: :custom) do |request|
api_key = request[:headers]["X-API-Key"]
User.find_by(api_key: api_key) ? { user_id: user.id } : false
end
Fine-Grained Authorization
Control access to tools, resources, and prompts:
server.enable_authorization! do
# Tool-level access control
authorize_tools do |user, action, tool|
case user[:role]
when "admin" then true
when "user" then !tool.name.start_with?("admin_")
else false
end
end
# Resource-level permissions
authorize_resources do |user, action, resource|
user[:tenant_id] == resource.tenant_id
end
end
Transport Security
Security works seamlessly with the HTTP stream transport:
- HTTP Stream: Full HTTP header support with session management
- Request Pipeline: Automatic authentication and authorization checking
Our comprehensive security documentation covers authentication strategies, authorization policies, session management, and real-world examples.
Real-World Examples
File System Server
server.register_tool(
name: 'read_file',
description: 'Reads a text file',
input_schema: {
type: 'object',
properties: { path: { type: 'string' } },
required: ['path']
}
) { |args| File.read(args['path']) }
Database Query Tool
server.register_tool(
name: 'search_users',
description: 'Searches users by name',
input_schema: {
type: 'object',
properties: {
query: { type: 'string', minLength: 1 },
limit: { type: 'integer', minimum: 1, maximum: 100 }
},
required: ['query']
}
) do |args|
User.where('name ILIKE ?', "%#{args['query']}%")
.limit(args['limit'] || 10)
.to_json
end
API Integration
server.register_tool(
name: 'get_weather',
description: 'Gets current weather for a city',
input_schema: {
type: 'object',
properties: { city: { type: 'string' } },
required: ['city']
}
) do |args|
response = HTTP.get("https://api.weather.com/current", params: { city: args['city'] })
response.parse
end
Advanced Usage
Filesystem Roots & SecurityDefine secure filesystem boundaries:
# Register allowed directories
server.register_root_from_path('./src', name: 'Source Code')
server.register_root_from_path('./docs', name: 'Documentation')
# Tools can safely operate within these bounds
server.register_tool(
name: 'list_files',
input_schema: {
type: 'object',
properties: { root_uri: { type: 'string' } },
required: ['root_uri']
}
) do |args|
root = server.roots[args['root_uri']]
raise 'Invalid root' unless root
Dir.entries(root.path).reject { |f| f.start_with?('.') }
end
Make requests to the connected LLM:
server.register_tool(
name: 'generate_summary',
input_schema: {
type: 'object',
properties: { text: { type: 'string' } },
required: ['text']
}
) do |args, session|
result = session.sample(
messages: [{
role: 'user',
content: { type: 'text', text: "Summarize: #{args['text']}" }
}],
max_tokens: 100
)
result.text_content
end
Use proper MCP error types:
server.register_tool(name: 'risky_operation') do |args|
if args['dangerous']
raise VectorMCP::InvalidParamsError.new('Dangerous operation not allowed')
end
begin
perform_operation(args)
rescue SomeError => e
raise VectorMCP::InternalError.new('Operation failed')
end
end
Access client context:
server.register_tool(name: 'client_info') do |args, session|
{
client: session.client_info&.dig('name'),
capabilities: session.client_capabilities,
initialized: session.initialized?
}
end
Integration Examples
Claude Desktop
Add to your Claude Desktop configuration:
{
"mcpServers": {
"my-ruby-server": {
"command": "ruby",
"args": ["path/to/my_server.rb"]
}
}
}
Web Applications
// Send MCP requests via HTTP stream
fetch('http://localhost:8080/mcp', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
jsonrpc: '2.0',
id: 1,
method: 'tools/call',
params: { name: 'greet', arguments: { name: 'World' } }
})
});
Why Choose VectorMCP?
🏆 Battle-Tested: Used in production applications serving thousands of requests
⚡ Performance: Optimized for low latency and high throughput
🛡️ Secure by Default: Comprehensive input validation prevents common attacks
📖 Well-Documented: Extensive examples and clear API documentation
🔧 Extensible: Easy to customize and extend for your specific needs
🤝 Community: Active development and responsive maintainer
Examples & Resources
- Examples Directory - Complete working examples
- File System MCP - Real-world implementation
- MCP Specification - Official protocol documentation
Installation & Setup
gem install vector_mcp
# Or in your Gemfile
gem 'vector_mcp'
Contributing
Bug reports and pull requests welcome on GitHub.
License
Available as open source under the MIT License.
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi