mcp-redis-allowlist
Provides read-only diagnostic access to a Redis instance, including commands like SCAN, INFO, CLIENT LIST, SLOWLOG GET, and LATENCY LATEST, with a configurable command allowlist and write protection.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-redis-allowlistcheck the slowlog for recent queries"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mcp-redis-allowlist
Read-only Redis MCP server with a configurable command allowlist.
This project is a fixed local variant for production diagnostics. It keeps the small tool surface from @infoinlet/mcp-redis and adds an environment-driven allowlist for exact read-only diagnostic subcommands such as CLIENT LIST, SLOWLOG GET, and LATENCY LATEST.
Tools
redis_get: get a string key and TTL.redis_scan: scan keys withSCAN.redis_inspect: inspect type, TTL, size, and preview for string/hash/list/set/zset keys.redis_command: run a Redis command if it passes the read-only guard.redis_info: runINFO, optionally with a section.
Related MCP server: aws-safe-mcp
Security Model
By default, writes are blocked at the MCP layer.
REDIS_WRITE_ALLOWED=falsekeeps the read-only guard enabled.REDIS_EXTRA_READONLY_COMMANDSappends exact read-only command specs.REDIS_WRITE_ALLOWED=truebypasses the guard and should not be used for production diagnostics.
Extra command specs are comma or whitespace separated:
REDIS_EXTRA_READONLY_COMMANDS=client:list,slowlog:get,latency:latestRedis ACL style syntax is also accepted:
REDIS_EXTRA_READONLY_COMMANDS='client|list slowlog|get latency|latest'Known dangerous subcommands remain blocked unless REDIS_WRITE_ALLOWED=true, including:
CLIENT KILLCLIENT PAUSECLIENT UNPAUSECLIENT UNBLOCKCLIENT SETNAMESLOWLOG RESETLATENCY RESETCONFIG SETCONFIG RESETSTATCONFIG REWRITE
Use a Redis read-only or diagnostic ACL user as an additional safety boundary whenever possible.
Install
npm install
npm run buildRun
REDIS_URL='redis://localhost:6379' \
REDIS_WRITE_ALLOWED=false \
REDIS_EXTRA_READONLY_COMMANDS='client:list,slowlog:get,latency:latest' \
node dist/server.jsCodex MCP Config
[mcp_servers.redis_yesorno_prod]
command = "/Users/jason/.local/nodejs/current/bin/node"
args = ["/Users/jason/workspace/mcp-redis-allowlist/dist/server.js"]
startup_timeout_sec = 30.0
[mcp_servers.redis_yesorno_prod.env]
REDIS_URL = "redis://USER:PASSWORD@HOST:PORT/DB"
REDIS_WRITE_ALLOWED = "false"
REDIS_EXTRA_READONLY_COMMANDS = "client:list,slowlog:get,latency:latest"
PATH = "/Users/jason/.local/nodejs/current/bin:/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin"Do not commit real Redis URLs, passwords, or production hostnames.
Diagnostic Examples
Use redis_command with exact subcommands:
{ "command": "CLIENT", "args": ["LIST"] }{ "command": "SLOWLOG", "args": ["GET", "128"] }{ "command": "LATENCY", "args": ["LATEST"] }Development
npm install
npm run build
npm testThe tests verify that the diagnostic commands above can be allowlisted while dangerous related subcommands remain blocked.
Attribution
This server is inspired by the read-only guard and tool shape from @infoinlet/mcp-redis, which is MIT licensed.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/TeaBambooNGU/mcp-redis-allowlist'
If you have feedback or need assistance with the MCP directory API, please join our Discord server