Skillget

mcp

mcp
Guvenlik Denetimi
Uyari
Health Uyari
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 6 GitHub stars
Code Uyari
  • network request — Outbound network request in src/api.ts
  • process.env — Environment variable access in src/index.ts
  • network request — Outbound network request in src/index.ts
  • process.env — Environment variable access in src/oauth.ts
  • network request — Outbound network request in src/oauth.ts
Permissions Gecti
  • Permissions — No dangerous permissions requested
Purpose
This is a remote server that exposes the Sevalla platform API to AI agents. It uses an efficient "Code Mode" pattern, allowing the AI to search for API endpoints and execute JavaScript code inside a secure sandbox rather than requiring hundreds of individual tools.

Security Assessment
Risk Rating: Low
The tool does not request any dangerous local system permissions. It reads environment variables and makes outbound network requests, which are standard and expected behaviors for an API client. The README notes that authentication is handled via standard OAuth, meaning you do not have to paste hardcoded API keys directly into your configuration files. Because the tool operates as a remote server, the code execution and sandbox environments are managed on the vendor's infrastructure rather than running locally on your machine.

Quality Assessment
The project is highly transparent and actively maintained, with repository updates pushed as recently as today. It is covered by the permissive and widely accepted MIT license. The only notable warning is its low community visibility; it currently has only 6 GitHub stars. While this means the tool has not been extensively vetted by a broad open-source audience, it is explicitly marked as the vendor's official server. Furthermore, its core architecture is based on a well-documented open-source pattern originally developed by Cloudflare.

Verdict
Safe to use.
SUMMARY

Official remote MCP server for the Sevalla public API.

README.md

Sevalla MCP Server

Give AI agents full access to the Sevalla PaaS API. Just 2 tools.

CI
License: MIT
Node.js
MCP
Hosted at

A remote Model Context Protocol server that exposes the entire Sevalla PaaS API through just 2 tools instead of ~200. AI agents write JavaScript that runs in sandboxed V8 isolates to discover and call any API endpoint on demand.

  • search - query the OpenAPI spec to discover endpoints, parameters, and schemas
  • execute - run JavaScript in a sandboxed V8 isolate that calls the API via sevalla.request()

This reduces context window usage by ~99% compared to traditional one-tool-per-endpoint approaches.

Sevalla server MCP server

Background

Cloudflare came up with the Code Mode MCP pattern: instead of registering one tool per API endpoint, you give the agent two tools. One to search the API spec, one to execute code against it. Simple idea, massive difference in practice.

As a Cloudflare partner, we took this pattern and built it for the Sevalla PaaS API. The sandbox architecture and tool design are inspired by codemode, an open-source implementation of the same pattern.

Any MCP client can now manage Sevalla infrastructure through conversation. The AI writes and runs API calls in a secure V8 sandbox. No SDK needed, no boilerplate, no 200-tool context window.

Quick Start

Connect your MCP client to the hosted server at https://mcp.sevalla.com/mcp. Authentication is handled via OAuth — your client will open a browser to log in with your Sevalla account. No API keys needed in the config.

Claude Code

claude mcp add --transport http sevalla https://mcp.sevalla.com/mcp

Then type /mcp inside Claude Code and select Authenticate to complete the OAuth flow.

Claude Code MCP docs

Claude Desktop

Add via Settings → Connectors → Add Connector and enter https://mcp.sevalla.com/mcp as the URL. Claude Desktop handles OAuth automatically.

Claude Desktop MCP docs

Cursor

Add to .cursor/mcp.json in your project root:

{
  "mcpServers": {
    "sevalla": {
      "url": "https://mcp.sevalla.com/mcp"
    }
  }
}

Cursor MCP docs

Windsurf

Add to ~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "sevalla": {
      "serverUrl": "https://mcp.sevalla.com/mcp"
    }
  }
}

Windsurf MCP docs

OpenCode

Add to opencode.json in your project root:

{
  "$schema": "https://opencode.ai/config.json",
  "mcp": {
    "sevalla": {
      "type": "remote",
      "url": "https://mcp.sevalla.com/mcp"
    }
  }
}

Then run opencode mcp auth sevalla to complete the OAuth flow.

OpenCode MCP docs

Sevalla API keys support granular permissions — you can create a read-only key if you want your agent to query infrastructure without modifying it. Full API reference at api-docs.sevalla.com (base URL: api.sevalla.com/v3).

Uninstall

To fully remove the Sevalla MCP server, delete the server configuration and clear stored OAuth credentials.

Removing the MCP server does not delete your API key on Sevalla. To revoke it, go to app.sevalla.com/api-keys.

Claude Code

claude mcp remove sevalla

Then clear the stored OAuth token: run /mcp inside Claude Code, select sevalla, and choose Clear authentication.

If the server was added at a non-default scope, specify it explicitly:

claude mcp remove --scope user sevalla
claude mcp remove --scope project sevalla

Claude Code MCP reference

Claude Desktop

Open Settings → Connectors, find the Sevalla connector, and remove it. Then fully quit and restart Claude Desktop.

OAuth tokens are stored in the operating system keychain (macOS Keychain / Windows Credential Manager). To remove them, delete the Sevalla entry from your keychain manually.

Claude Desktop MCP docs

Cursor

Delete the sevalla entry from .cursor/mcp.json (project) or ~/.cursor/mcp.json (global). Then clear cached OAuth tokens:

rm -rf ~/.mcp-auth

Cursor MCP docs

Windsurf

Delete the sevalla entry from ~/.codeium/windsurf/mcp_config.json.

Windsurf MCP docs

OpenCode

opencode mcp logout sevalla

Then delete the sevalla entry from opencode.json in your project root.

OpenCode MCP docs

How It Works

MCP Client (Claude, Cursor, etc.)
       │
       │  POST /mcp
       │  Authorization: Bearer <sevalla-api-key>
       ▼
┌─────────────────────────────┐
│  Sevalla MCP Server         │
│  (Hono + StreamableHTTP)    │
│                             │
│  ┌───────────────────────┐  │
│  │  CodeMode             │  │
│  │  • search tool        │  │
│  │  • execute tool       │  │
│  │  • V8 sandboxed JS    │  │
│  └───────────────────────┘  │
└──────────────┬──────────────┘
               │  fetch() with Bearer token
               ▼
     https://api.sevalla.com/v3

Each request creates an isolated MCP session bound to the caller's API key. The server is fully stateless.

Example

Once connected, the AI agent discovers and calls APIs on your behalf:

// Search for the right endpoint
const endpoints = await sevalla.search('list all applications')

// Execute an API call in the V8 sandbox
const apps = await sevalla.request({
  method: 'GET',
  path: '/applications',
})

Self-Hosting

Requirements: Node.js 24+ (TypeScript runs natively, no build step)

git clone https://github.com/sevalla-hosting/mcp.git
cd mcp
pnpm install
pnpm start

Or with Docker:

docker build -t sevalla-mcp .
docker run -p 3000:3000 sevalla-mcp

Development

pnpm dev           # Hot reload (node --watch)
pnpm test          # Run tests (node:test)
pnpm check:code    # tsc + oxlint + oxfmt

License

MIT

Yorumlar (0)

Sonuc bulunamadi