Skip to main content
Glama
TeaBambooNGU

mcp-redis-allowlist

by TeaBambooNGU

mcp-redis-allowlist

Read-only Redis MCP server with a configurable command allowlist.

This project is a fixed local variant for production diagnostics. It keeps the small tool surface from @infoinlet/mcp-redis and adds an environment-driven allowlist for exact read-only diagnostic subcommands such as CLIENT LIST, SLOWLOG GET, and LATENCY LATEST.

Tools

  • redis_get: get a string key and TTL.

  • redis_scan: scan keys with SCAN.

  • redis_inspect: inspect type, TTL, size, and preview for string/hash/list/set/zset keys.

  • redis_command: run a Redis command if it passes the read-only guard.

  • redis_info: run INFO, optionally with a section.

Related MCP server: aws-safe-mcp

Security Model

By default, writes are blocked at the MCP layer.

  • REDIS_WRITE_ALLOWED=false keeps the read-only guard enabled.

  • REDIS_EXTRA_READONLY_COMMANDS appends exact read-only command specs.

  • REDIS_WRITE_ALLOWED=true bypasses the guard and should not be used for production diagnostics.

Extra command specs are comma or whitespace separated:

REDIS_EXTRA_READONLY_COMMANDS=client:list,slowlog:get,latency:latest

Redis ACL style syntax is also accepted:

REDIS_EXTRA_READONLY_COMMANDS='client|list slowlog|get latency|latest'

Known dangerous subcommands remain blocked unless REDIS_WRITE_ALLOWED=true, including:

  • CLIENT KILL

  • CLIENT PAUSE

  • CLIENT UNPAUSE

  • CLIENT UNBLOCK

  • CLIENT SETNAME

  • SLOWLOG RESET

  • LATENCY RESET

  • CONFIG SET

  • CONFIG RESETSTAT

  • CONFIG REWRITE

Use a Redis read-only or diagnostic ACL user as an additional safety boundary whenever possible.

Install

npm install
npm run build

Run

REDIS_URL='redis://localhost:6379' \
REDIS_WRITE_ALLOWED=false \
REDIS_EXTRA_READONLY_COMMANDS='client:list,slowlog:get,latency:latest' \
node dist/server.js

Codex MCP Config

[mcp_servers.redis_yesorno_prod]
command = "/Users/jason/.local/nodejs/current/bin/node"
args = ["/Users/jason/workspace/mcp-redis-allowlist/dist/server.js"]
startup_timeout_sec = 30.0

[mcp_servers.redis_yesorno_prod.env]
REDIS_URL = "redis://USER:PASSWORD@HOST:PORT/DB"
REDIS_WRITE_ALLOWED = "false"
REDIS_EXTRA_READONLY_COMMANDS = "client:list,slowlog:get,latency:latest"
PATH = "/Users/jason/.local/nodejs/current/bin:/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin"

Do not commit real Redis URLs, passwords, or production hostnames.

Diagnostic Examples

Use redis_command with exact subcommands:

{ "command": "CLIENT", "args": ["LIST"] }
{ "command": "SLOWLOG", "args": ["GET", "128"] }
{ "command": "LATENCY", "args": ["LATEST"] }

Development

npm install
npm run build
npm test

The tests verify that the diagnostic commands above can be allowlisted while dangerous related subcommands remain blocked.

Attribution

This server is inspired by the read-only guard and tool shape from @infoinlet/mcp-redis, which is MIT licensed.

Install Server
A
license - permissive license
B
quality
C
maintenance

Maintenance

Maintainers
Response time
Release cycle
Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/TeaBambooNGU/mcp-redis-allowlist'

If you have feedback or need assistance with the MCP directory API, please join our Discord server