API Server - MCP + REST API

A comprehensive API server providing Model Context Protocol (MCP) support, RESTful endpoints for file operations, command execution, project management, and AI integration.

Features

• MCP Server: Model Context Protocol compatible server for AI assistants

• REST API: RESTful endpoints for remote development control

• Real-time Communication: Server-Sent Events (SSE) for MCP

• Security: API key authentication, rate limiting, input validation

• Monitoring: Request logging and statistics dashboard

• Documentation: Interactive Swagger/OpenAPI documentation

Quick Start

1. Set Up API Key

The API key is stored in Replit Secrets as API_KEY. All authenticated endpoints require this key.

2. Access the Dashboard

Visit the root URL (/) to access the API dashboard with:

• Real-time statistics

• Request logs

• Endpoint documentation

• Security information

3. View API Documentation

Visit /docs for interactive Swagger documentation.

Authentication

All API endpoints (except /, /docs, /api/stats, /api/logs) require authentication via either:

1. HTTP Header (recommended for REST API):

2. Query Parameter (for SSE connections):

REST API Endpoints

File Operations

Create/Update File

Read File

Delete File

Command Execution

Execute safe shell commands (whitelisted commands only):

Allowed Commands: ls, cat, head, tail, wc, grep, find, echo, pwd, date, whoami, env, node, npm, npx, pnpm, yarn, git, which, mkdir, touch, cp, mv, rm

Project Structure

AI Prompts

MCP Server

The MCP (Model Context Protocol) server is available at /mcp and supports:

SSE Connection (GET /mcp)

Connect via Server-Sent Events for real-time MCP communication:

Note: The SSE endpoint supports api_key query parameter since EventSource API doesn't support custom headers.

JSON-RPC Tool Calls (POST /mcp)

Send MCP tool calls via HTTP:

Available MCP Tools

SSH Access Setup

Replit supports SSH access for remote development with VSCode, Cursor, or any SSH client.

Step 1: Generate SSH Keys

If you don't have SSH keys, generate them:

Step 2: Add Public Key to Replit

1. Go to Replit Account Settings

2. Navigate to "SSH Keys" section

3. Click "Add SSH Key"

4. Paste your public key (~/.ssh/id_ed25519.pub)

5. Save the key

Step 3: Get Your Repl's SSH Address

1. Open your Repl

2. Click on the three dots menu

3. Select "Connect via SSH"

4. Copy the SSH address (format: ssh <repl-id>@ssh.replit.com)

Step 4: Configure SSH Client

Add to your ~/.ssh/config:

Replace YOUR_REPL_ID with your actual Repl ID.

Step 5: Connect

VSCode/Cursor Setup

1. Install "Remote - SSH" extension

2. Press Ctrl+Shift+P → "Remote-SSH: Connect to Host"

3. Select "replit" from the list

4. VSCode will open a new window connected to your Repl

Security Features

Rate Limiting

• 100 requests per 15 minutes per IP

• Returns 429 Too Many Requests when exceeded

Input Validation

• All inputs validated with Zod schemas

• File paths sanitized to prevent directory traversal

• Commands whitelisted for safe execution

Path Traversal Protection

• Paths normalized and validated

• .. patterns rejected

• All file operations confined to project directory

Command Sandboxing

• Only whitelisted commands allowed

• Shell operators (|, ;, &&, etc.) blocked

• Timeout enforcement on all commands

Monitoring

API Statistics

Returns:

• Total requests

• Success/failure counts

• Average response time

• Server uptime

Request Logs

Returns recent API requests with:

• Timestamp

• Method and path

• Status code

• Response time

Error Handling

All errors return JSON responses:

Common status codes:

• 400 - Bad Request (invalid input)

• 401 - Unauthorized (missing API key)

• 403 - Forbidden (invalid API key)

• 404 - Not Found (resource doesn't exist)

• 429 - Too Many Requests (rate limited)

• 500 - Internal Server Error

Development

Running Locally

Project Structure

License

MIT License