Content
# MCP DevTools
A single, high-performance MCP server that replaces many Node.js and Python-based MCP servers with one efficient Go binary, providing access to essential developer tools through a unified, modular interface that can be easily extended with new tools.
```mermaid
graph LR
A[MCP DevTools<br>Server]
A --> B[Search &<br>Discovery]
A --> C[Document<br>Processing]
A --> D[Security<br>Analysis]
A --> E[Intelligence &<br>Memory]
A --> F[Utilities]
A --> G[Agents]
B --> B_Tools[🌐 Internet Search<br>📡 Web Fetch<br>📦 Package Search<br>📚 Package Documentation<br>🐙 GitHub<br>🎨 ShadCN UI Components<br>🔌 API Integration<br>☁️ AWS Documentation<br📝>Terraform Documentation]
C --> C_Tools[📄 Document Processing<br>📑 PDF Processing]
D --> D_Tools[📋 SBOM Generation<br>🛡️ Vulnerability Scan<br>🔒 Security Framework<br>🛠️ Security Override]
E --> E_Tools[🧠 Think Tool<br>🔢 Sequential Thinking<br>🕸️ Memory Graph]
F --> F_Tools[🧮 Calculator<br>🇬🇧 American→English<br>📁 Filesystem<br>📝 Changelog Generation]
G --> G_Tools[🤖 Claude Code<br>✨ Gemini CLI<br>🅰️ Q Developer]
classDef inputOutput fill:#FEE0D2,stroke:#E6550D,color:#E6550D
classDef llm fill:#E5F5E0,stroke:#31A354,color:#31A354
classDef components fill:#E6E6FA,stroke:#756BB1,color:#756BB1
classDef process fill:#EAF5EA,stroke:#C6E7C6,color:#77AD77
classDef stop fill:#E5E1F2,stroke:#C7C0DE,color:#8471BF
classDef data fill:#EFF3FF,stroke:#9ECAE1,color:#3182BD
classDef decision fill:#FFF5EB,stroke:#FD8D3C,color:#E6550D
classDef storage fill:#F2F0F7,stroke:#BCBDDC,color:#756BB1
classDef api fill:#FFF5F0,stroke:#FD9272,color:#A63603
classDef error fill:#FCBBA1,stroke:#FB6A4A,color:#CB181D
class A components
class B,B_Tools decision
class C,C_Tools api
class D,D_Tools error
class E,E_Tools data
class F,F_Tools process
class G,G_Tools llm
```
## Why I Built MCP DevTools
**🚀 Single Binary Solution**
- Replace multiple potentially resource-heavy Node.js/Python MCP servers, each spawned for every client tool you use
- One binary, one configuration, consistent performance
- Built in Go for speed and efficiency and because I'm not smart enough to write Rust
- Minimal memory footprint compared to multiple separate servers
- Fast startup and response times
- Download one binary, configure once - or compile from source
- Optional dependencies only for specific tools
- Works out of the box for most tools
**🛠 Comprehensive Tool Suite**
- 16+ essential developer tools in one package
- No need to manage multiple MCP server installations
- Consistent API across all tools
- Modular design with tool registry allowing for easy addition of new tools
## Quickstart
You must have a recent version of Go installed.
1. Install the latest MCP DevTools binary:
```shell
go install github.com/sammcj/mcp-devtools@HEAD
echo "${GOPATH}/bin/mcp-devtools" # Use this path in your MCP configuration, if your GOPATH is not set, please check your Go installation / configuration.
# If you're on macOS, you'll also need to run the following command to allow the downloaded binary to run:
xattr -r -d com.apple.quarantine ${GOPATH}/bin/mcp-devtools
```
1. Update your MCP client to add the MCP DevTools server configuration, replacing `/path/to/mcp-devtools` with the actual path to the binary (e.g. `/Users/samm/go/bin/mcp-devtools`):
```json
{
"mcpServers": {
"dev-tools": {
"type": "stdio",
"command": "/path/to/mcp-devtools",
"env": {
"DISABLED_FUNCTIONS": "think", // Optional, disable specific tools if not needed
"ENABLE_ADDITIONAL_TOOLS": "security,security_override,sbom,vulnerability_scan,memory" // Optional, enable security and analysis tools
}
}
}
}
```
See below for various environment variables you can set to configure specific features.
## Available Tools
These tools can be disabled by adding their function name to the `DISABLED_FUNCTIONS` environment variable in your MCP configuration.
| Tool | Purpose | Dependencies | Example Usage |
|------------------------------------------------------------------|------------------------------------|-------------------------------|---------------------------------|
| **[Internet Search](docs/tools/internet-search.md)** | Multi-provider web search | None (Provider keys optional) | Web, image, news, video search |
| **[Web Fetch](docs/tools/web-fetch.md)** | Retrieve web content as Markdown | None | Documentation and articles |
| **[GitHub](docs/tools/github.md)** | GitHub repositories and data | None (GitHub token optional) | Issues, PRs, repos, cloning |
| **[Package Documentation](docs/tools/package-documentation.md)** | Library documentation lookup | None | React, Django, TensorFlow docs |
| **[Package Search](docs/tools/package-search.md)** | Check package versions | None | NPM, Python, Go, Java, Docker |
| **[Think](docs/tools/think.md)** | Structured reasoning space | None | Complex problem analysis |
| **[Find Long Files](docs/tools/find_long_files.md)** | Identify files needing refactoring | None | Find files over 700 lines |
| **[Calculator](docs/tools/calculator.md)** | Basic arithmetic calculations | None | 2 + 3 * 4, batch processing |
| **[DevTools Help](docs/tools/devtools_help.md)** | Extended info about DevTools tools | None | Usage examples, troubleshooting |
These tools can be enabled by setting the `ENABLE_ADDITIONAL_TOOLS` environment variable in your MCP configuration.
| Tool | Purpose | `ENABLE_ADDITIONAL_TOOLS` | Example Usage |
|----------------------------------------------------------------------|--------------------------------------------------------------------|---------------------------|---------------------------------------------|
| **[American→English](docs/tools/american-to-english.md)** | Convert to British spelling | `murican_to_english` | Organise, colour, centre |
| **[ShadCN UI Component Library](docs/tools/shadcn-ui.md)** | Component information | `shadcn` | Button, Dialog, Form components |
| **[Memory](docs/tools/memory.md)** | Persistent knowledge graphs | `memory` | Store entities and relationships |
| **[SBOM Generation](docs/tools/sbom.md)** | Generate Software Bill of Materials | `sbom` | Analyse project dependencies |
| **[Vulnerability Scan](docs/tools/vulnerability_scan.md)** | Security vulnerability scanning | `vulnerability_scan` | Find security issues |
| **[Generate Changelog](docs/tools/changelog.md)** | Generate changelogs from git commits | `generate_changelog` | Release notes from local/remote repos |
| **[Document Processing](docs/tools/document-processing.md)** | Convert documents to Markdown | `process_document` | PDF, DOCX → Markdown with OCR |
| **[PDF Processing](docs/tools/pdf-processing.md)** | Fast PDF text extraction | `pdf` | Quick PDF to Markdown |
| **[AWS Documentation](docs/tools/aws_documentation.md)** | AWS documentation search and retrieval | `aws_documentation` | Search and read AWS docs, recommendations |
| **[Terraform Documentation](docs/tools/terraform-documentation.md)** | Terraform Registry API access for providers, modules, and policies | `terraform_documentation` | Provider docs, module search, policy lookup |
| **[Security Framework](docs/security.md)** (BETA) | Context injection security protections | `security` | Content analysis, access control |
| **[Security Override](docs/security.md)** | Agent managed security warning overrides | `security_override` | Bypass false positives |
| **[Sequential Thinking](docs/tools/sequential-thinking.md)** | Dynamic problem-solving through structured thoughts | `sequential-thinking` | Step-by-step analysis, revision, branching |
| **[API to MCP](docs/tools/api.md)** | Dynamic REST API integration | `api` | Configure any REST API via YAML |
| **[Filesystem](docs/tools/filesystem.md)** | File and directory operations | `filesystem` | Read, write, edit, search files |
**Agents as Tools** - In addition to the above tools, MCP DevTools can provide access to AI agents as tools by integrating with external LLMs.
| Agent | Purpose | `ENABLE_ADDITIONAL_TOOLS` |
|----------------------------------------------------------|---------------------------|---------------------------|
| **[Claude Agent](docs/tools/claude-agent.md)** | Claude Code CLI Agent | `claude-agent` |
| **[Gemini Agent](docs/tools/gemini-agent.md)** | Gemini CLI Agent | `gemini-agent` |
| **[Q Developer Agent](docs/tools/q-developer-agent.md)** | AWS Q Developer CLI Agent | `q-developer-agent` |
👉 **[See detailed tool documentation](docs/tools/overview.md)**
## Quick Start
### Installation
**Option 1: Go Install** (recommended)
```bash
go install github.com/sammcj/mcp-devtools@HEAD
```
**Option 2: Build from Source**
```bash
git clone https://github.com/sammcj/mcp-devtools.git
cd mcp-devtools
make build
```
**Option 4: Download Release**
Download the latest binary from [releases](https://github.com/sammcj/mcp-devtools/releases) and place in your PATH and remember to check for updates!
### Basic MCP Configuration
**STDIO**
```json
{
"mcpServers": {
"dev-tools": {
"type": "stdio",
"command": "/path/to/mcp-devtools",
"env": {
"BRAVE_API_KEY": "This is optional ",
}
}
}
}
```
Replacing `/path/to/mcp-devtools` with your actual binary path (e.g., `/Users/yourname/go/bin/mcp-devtools`).
_Note: The `BRAVE_API_KEY` is optional and only needed if you want to use the Brave Search provider, there are other providers available, see the various tools documentation for more details._
**Streamable HTTP**
```shell
mcp-devtools --transport http --port 8080
```
```json
{
"mcpServers": {
"dev-tools": {
"type": "streamableHttp",
"url": "http://localhost:8080/http"
}
}
}
```
## Transport Options
MCP DevTools supports three transport modes for different use cases:
### STDIO Transport (Default)
**Best for**: Simple, local use with MCP clients like Claude Desktop, Cline, etc.
```json
{
"mcpServers": {
"dev-tools": {
"type": "stdio",
"command": "/path/to/mcp-devtools",
"env": {
"BRAVE_API_KEY": "your-api-key-if-needed"
}
}
}
}
```
### Streamable HTTP Transport
**Best for**: Production deployments, shared use, centralised configuration
```bash
# Basic HTTP mode
mcp-devtools --transport http --port 8080
# With authentication
mcp-devtools --transport http --port 8080 --auth-token mysecrettoken
# With OAuth (see OAuth documentation)
mcp-devtools --transport http --port 8080 --oauth-enabled
```
**Client Configuration:**
```json
{
"mcpServers": {
"dev-tools": {
"type": "streamableHttp",
"url": "http://localhost:8080/http",
"headers": {
"Authorization": "Bearer mysecrettoken"
}
}
}
}
```
### SSE Transport
**Best for**: Real-time applications, web dashboards
```bash
mcp-devtools --transport sse --port 18080 --base-url http://localhost
```
**Client Configuration:**
```json
{
"mcpServers": {
"dev-tools": {
"type": "sse",
"url": "http://localhost:18080/sse"
}
}
}
```
## Configuration Options
### Environment Variables
All environment variables are optional, but if you want to use specific search providers or document processing features, you may need to provide the the appropriate variables.
**Core Tools:**
- `BRAVE_API_KEY` - Enable Brave Search provider by providing a ([free Brave search API key](https://brave.com/search/api/))
- `SEARXNG_BASE_URL` - Enable SearXNG search provider by providing the base URL (e.g. `https://searxng.example.com`)
- `CONTEXT7_API_KEY` - Optional Context7 API key for higher rate limits and authentication with package documentation tools
- `MEMORY_FILE_PATH` - Memory storage location (default: `~/.mcp-devtools/`)
- `DISABLED_FUNCTIONS` - Comma-separated list of functions to disable (e.g. `think,internet_search`)
**Security-Sensitive Tools:**
- `ENABLE_ADDITIONAL_TOOLS` - Comma-separated list to enable security-sensitive tools (e.g. `security,security_override,sbom,vulnerability_scan,filesystem,claude-agent,gemini-agent,q-developer-agent,generate_changelog,process_document,pdf,memory,terraform_documentation,sequential-thinking`)
- `FILESYSTEM_TOOL_ALLOWED_DIRS` - Colon-separated (Unix) list of allowed directories (only for filesystem tool)
**Document Processing:**
- `DOCLING_PYTHON_PATH` - Python executable path (default: auto-detected)
- `DOCLING_CACHE_ENABLED` - Enable processed document cache (default: `true`)
- `DOCLING_HARDWARE_ACCELERATION` - Hardware acceleration (`auto` (default), `mps`, `cuda`, `cpu`)
### Command-Line Options
- `--transport`, `-t` - Transport type (`stdio`, `sse`, `http`). Default: `stdio`
- `--port` - Port for HTTP transports. Default: `18080`
- `--base-url` - Base URL for HTTP transports. Default: `http://localhost`
- `--auth-token` - Authentication token for HTTP transport
- `--debug`, `-d` - Enable debug logging
## Architecture
MCP DevTools uses a modular architecture:
- **Tool Registry**: Central registry managing tool discovery and registration
- **Tool Interface**: Standardised interface all tools implement
- **Transport Layer**: Supports STDIO, HTTP, and SSE transports
- **Plugin System**: Easy to add new tools following the interface
Each tool is self-contained and registers automatically when the binary starts.

## Security Framework
MCP DevTools includes a configurable security system that provides multi-layered protection for tools that access files or make HTTP requests.
Important: This feature should be considered in **BETA**, if you find bugs and have solutions please feel free to raise a PR.
### Key Features
- **Access Control**: Prevents tools from accessing sensitive files and domains
- **Content Analysis**: Scans returned content for security threats using pattern matching
- **YAML-Based Configuration**: Easy-to-manage rules with automatic reloading
- **Security Overrides**: Allow bypassing false positives with audit logging
- **Performance Optimised**: Minimal impact when disabled, efficient when enabled
### Built-in Protection
- **Shell Injection Detection**: Command injection, eval execution, backtick commands
- **Data Exfiltration Prevention**: DNS exfiltration, credential theft, keychain access
- **Prompt Injection Mitigation**: "Ignore instructions" attacks, conversation extraction
- **Persistence Mechanism Detection**: Launchctl, systemd, crontab modifications
- **Sensitive File Protection**: SSH keys, AWS credentials, certificates
### Quick Setup
```bash
# Enable security framework and override tool
# You may optionally also add 'security_override' if you want a tool the agent can use to override security warnings
ENABLE_ADDITIONAL_TOOLS="security"
```
Configuration is managed through `~/.mcp-devtools/security.yaml` with sensible defaults.
👉 **[Complete Security Documentation](docs/security.md)**
## Advanced Features
### SBOM/Vulnerability Tools Build (Increases File Size)
Includes all tools including SBOM generation and vulnerability scanning capabilities with Anchore Syft/Grype dependencies (~170MB binary).
```bash
# Build with SBOM and vulnerability tools
make build-sbom-vuln-tools
```
**Additional tools**: `sbom`, `vulnerability_scan`
The SBOM and vulnerability scanning tools are disabled by default in both builds but can be enabled via the `ENABLE_ADDITIONAL_TOOLS` environment variable. In the standard build, these tools will return appropriate error messages indicating they require the SBOM/vulnerability tools build variant.
### OAuth 2.0/2.1 Authentication
For production deployments requiring centralised user authentication:
👉 **[Complete OAuth Setup Guide](docs/oauth/README.md)**
Quick example:
```bash
# Browser-based authentication
mcp-devtools --transport http --oauth-browser-auth --oauth-client-id="your-client"
# Resource server mode
mcp-devtools --transport http --oauth-enabled --oauth-issuer="https://auth.example.com"
```
### Docker Support
```bash
# Pull latest image
docker pull ghcr.io/sammcj/mcp-devtools:latest
# Run with environment variables
docker run -e BRAVE_API_KEY="your-key" ghcr.io/sammcj/mcp-devtools:latest
```
### Creating New Tools
Want to add your own tools? See the **[Development Guide](docs/creating-new-tools.md)**.
## Getting Help
- **Tool Documentation**: [docs/tools/overview.md](docs/tools/overview.md)
- **Security Framework**: [docs/security.md](docs/security.md)
- **OAuth Setup**: [docs/oauth/README.md](docs/oauth/README.md)
- **Development**: [docs/creating-new-tools.md](docs/creating-new-tools.md)
- **Issues**: [GitHub Issues](https://github.com/sammcj/mcp-devtools/issues), please note that I built this tool for my own use and it is not a commercially supported product, so if you can - please raise a PR instead of an issue.
## Contributing
Contributions welcome! This project follows standard Go development practices and includes comprehensive tests.
```bash
# Development setup
git clone https://github.com/sammcj/mcp-devtools.git
cd mcp-devtools
make deps
make test
make build
# Run security checks, see make help
make inspect # launches the MCP inspector tool
```
## Disclaimer
No warranty is provided for this software. Use at your own risk. The author is not responsible for any damages or issues arising from its use.
## License
Apache Public License 2.0 - Copyright 2025 Sam McLeod
You Might Also Like
Ollama
Ollama enables easy access to large language models on various platforms.

n8n
n8n is a secure workflow automation platform for technical teams with 400+...
OpenWebUI
Open WebUI is an extensible web interface for customizable applications.
MiroRL
MiroRL is an MCP-first framework for deep reinforcement learning research.
tinymcp
tinymcp enables LLMs to control embedded devices via MCP, using Golioth API.
antd-components-mcp
MCP server providing Ant Design component documentation for LLMs.