Skip to main content
Glama
enesjakozh

Atrax

by metcalfc
GitHub
TypeScript
5
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
SECURITY.md2.35 kB
# Atrax Security Considerations v0.1.0 ## Architecture Security Atrax operates with a security-focused architecture: 1. **Secure Interface Exposure**: - Atrax connects to MCP servers via stdio (process-based servers) - Atrax ONLY exposes proxy functionality via HTTP, never directly via stdio - This prevents direct access to the underlying MCP servers 2. **Server Isolation**: - Each underlying MCP server runs in its own process space - Servers cannot directly communicate with each other - Resource conflicts are handled safely within Atrax 3. **Capability Handling**: - Atrax detects server capabilities dynamically - Prevents calls to unsupported methods - Graceful handling of missing capabilities ## Security Best Practices 1. **Never expose the MCP server directly**: - Always use the HTTP interface provided by the `serve` command - Never use the `connectStdio()` method in production 2. **Configure with Appropriate Permissions**: - Run servers with minimal required permissions - For example, filesystem MCP servers should only have access to specific directories 3. **Validate Client Requests**: - All requests through Atrax are validated before being forwarded - Request validation prevents security vulnerabilities like path traversal ## Secure Deployment Guidelines 1. **Run Behind a Reverse Proxy**: - Use NGINX, Apache, or a cloud load balancer - Configure TLS/SSL for secure communication - Implement proper authentication if required 2. **Use Docker Containers**: - Each MCP server should run in its own container - Limit container privileges based on server needs - Use volume mounts to restrict file access 3. **Monitor and Log**: - Enable detailed logging for security analysis - Monitor for unusual access patterns - Regularly review logs for security issues ## Reporting Security Issues If you discover a security vulnerability in Atrax, please report it responsibly by: 1. **DO NOT** disclose the issue publicly 2. Submit details to [security@example.com] 3. Allow time for the issue to be addressed before disclosure ## Security Updates Atrax is regularly updated to address security concerns. Make sure to: 1. Keep Atrax updated to the latest version 2. Subscribe to security announcements 3. Regularly update all dependencies

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/metcalfc/atrax'

If you have feedback or need assistance with the MCP directory API, please join our Discord server