mcp-devtools by sammcj - MCP Server

MCP DevTools

A single, high-performance MCP server that replaces many Node.js and Python-based MCP servers with one efficient Go binary, providing access to essential developer tools through a unified, modular interface that can be easily extended with new tools.

graph LR
    A[MCP DevTools<br>Server]

    A --> B[Search &<br>Discovery]
    A --> C[Document<br>Processing]
    A --> D[Security<br>Analysis]
    A --> E[Intelligence &<br>Memory]
    A --> F[Utilities]
    A --> G[Agents]

    B --> B_Tools[🌐 Internet Search<br>📡 Web Fetch<br>📦 Package Search<br>📚 Package Documentation<br>🐙 GitHub<br>🎨 ShadCN UI Components<br>🔌 API Integration<br>☁️ AWS Documentation<br📝>Terraform Documentation]

    C --> C_Tools[📄 Document Processing<br>📑 PDF Processing]

    D --> D_Tools[📋 SBOM Generation<br>🛡️ Vulnerability Scan<br>🔒 Security Framework<br>🛠️ Security Override]

    E --> E_Tools[🧠 Think Tool<br>🔢 Sequential Thinking<br>🕸️ Memory Graph]

    F --> F_Tools[🧮 Calculator<br>🇬🇧 American→English<br>📁 Filesystem<br>📝 Changelog Generation]

    G --> G_Tools[🤖 Claude Code<br>✨ Gemini CLI<br>🅰️ Q Developer]

    classDef inputOutput fill:#FEE0D2,stroke:#E6550D,color:#E6550D
    classDef llm fill:#E5F5E0,stroke:#31A354,color:#31A354
    classDef components fill:#E6E6FA,stroke:#756BB1,color:#756BB1
    classDef process fill:#EAF5EA,stroke:#C6E7C6,color:#77AD77
    classDef stop fill:#E5E1F2,stroke:#C7C0DE,color:#8471BF
    classDef data fill:#EFF3FF,stroke:#9ECAE1,color:#3182BD
    classDef decision fill:#FFF5EB,stroke:#FD8D3C,color:#E6550D
    classDef storage fill:#F2F0F7,stroke:#BCBDDC,color:#756BB1
    classDef api fill:#FFF5F0,stroke:#FD9272,color:#A63603
    classDef error fill:#FCBBA1,stroke:#FB6A4A,color:#CB181D

    class A components
    class B,B_Tools decision
    class C,C_Tools api
    class D,D_Tools error
    class E,E_Tools data
    class F,F_Tools process
    class G,G_Tools llm

Why I Built MCP DevTools

🚀 Single Binary Solution

Replace multiple potentially resource-heavy Node.js/Python MCP servers, each spawned for every client tool you use
One binary, one configuration, consistent performance
Built in Go for speed and efficiency and because I'm not smart enough to write Rust
Minimal memory footprint compared to multiple separate servers
Fast startup and response times
Download one binary, configure once - or compile from source
Optional dependencies only for specific tools
Works out of the box for most tools

🛠 Comprehensive Tool Suite

16+ essential developer tools in one package
No need to manage multiple MCP server installations
Consistent API across all tools
Modular design with tool registry allowing for easy addition of new tools

Quickstart

You must have a recent version of Go installed.

Install the latest MCP DevTools binary:

go install github.com/sammcj/mcp-devtools@HEAD
echo "${GOPATH}/bin/mcp-devtools" # Use this path in your MCP configuration, if your GOPATH is not set, please check your Go installation / configuration.

# If you're on macOS, you'll also need to run the following command to allow the downloaded binary to run:
xattr -r -d com.apple.quarantine ${GOPATH}/bin/mcp-devtools

Update your MCP client to add the MCP DevTools server configuration, replacing /path/to/mcp-devtools with the actual path to the binary (e.g. /Users/samm/go/bin/mcp-devtools):

{
  "mcpServers": {
    "dev-tools": {
      "type": "stdio",
      "command": "/path/to/mcp-devtools",
      "env": {
        "DISABLED_FUNCTIONS": "think", // Optional, disable specific tools if not needed
        "ENABLE_ADDITIONAL_TOOLS": "security,security_override,sbom,vulnerability_scan,memory" // Optional, enable security and analysis tools
      }
    }
  }
}

See below for various environment variables you can set to configure specific features.

Available Tools

These tools can be disabled by adding their function name to the DISABLED_FUNCTIONS environment variable in your MCP configuration.

Purpose	Dependencies	Example Usage
Multi-provider web search	None (Provider keys optional)	Web, image, news, video search
Retrieve web content as Markdown	None	Documentation and articles
GitHub repositories and data	None (GitHub token optional)	Issues, PRs, repos, cloning
Library documentation lookup	None	React, Django, TensorFlow docs
Check package versions	None	NPM, Python, Go, Java, Docker
Structured reasoning space	None	Complex problem analysis
Identify files needing refactoring	None	Find files over 700 lines
Basic arithmetic calculations	None	2 + 3 * 4, batch processing
Extended info about DevTools tools	None	Usage examples, troubleshooting

These tools can be enabled by setting the ENABLE_ADDITIONAL_TOOLS environment variable in your MCP configuration.

Tool	Purpose	`ENABLE_ADDITIONAL_TOOLS`	Example Usage
	Convert to British spelling	`murican_to_english`	Organise, colour, centre
	Component information	`shadcn`	Button, Dialog, Form components
	Persistent knowledge graphs	`memory`	Store entities and relationships
	Generate Software Bill of Materials	`sbom`	Analyse project dependencies
	Security vulnerability scanning	`vulnerability_scan`	Find security issues
	Generate changelogs from git commits	`generate_changelog`	Release notes from local/remote repos
	Convert documents to Markdown	`process_document`	PDF, DOCX → Markdown with OCR
	Fast PDF text extraction	`pdf`	Quick PDF to Markdown
	AWS documentation search and retrieval	`aws_documentation`	Search and read AWS docs, recommendations
	Terraform Registry API access for providers, modules, and policies	`terraform_documentation`	Provider docs, module search, policy lookup
(BETA)	Context injection security protections	`security`	Content analysis, access control
	Agent managed security warning overrides	`security_override`	Bypass false positives
	Dynamic problem-solving through structured thoughts	`sequential-thinking`	Step-by-step analysis, revision, branching
	Dynamic REST API integration	`api`	Configure any REST API via YAML
	File and directory operations	`filesystem`	Read, write, edit, search files

Agents as Tools - In addition to the above tools, MCP DevTools can provide access to AI agents as tools by integrating with external LLMs.

Agent	Purpose	`ENABLE_ADDITIONAL_TOOLS`
	Claude Code CLI Agent	`claude-agent`
	Gemini CLI Agent	`gemini-agent`
	AWS Q Developer CLI Agent	`q-developer-agent`

👉

Quick Start

Installation

Option 1: Go Install (recommended)

go install github.com/sammcj/mcp-devtools@HEAD

Option 2: Build from Source

git clone https://github.com/sammcj/mcp-devtools.git
cd mcp-devtools
make build

Option 4: Download Release Download the latest binary from releases and place in your PATH and remember to check for updates!

Basic MCP Configuration

STDIO

{
  "mcpServers": {
    "dev-tools": {
      "type": "stdio",
      "command": "/path/to/mcp-devtools",
      "env": {
        "BRAVE_API_KEY": "This is optional ",
      }
    }
  }
}

Replacing /path/to/mcp-devtools with your actual binary path (e.g., /Users/yourname/go/bin/mcp-devtools).

Note: The BRAVE_API_KEY is optional and only needed if you want to use the Brave Search provider, there are other providers available, see the various tools documentation for more details.

Streamable HTTP

mcp-devtools --transport http --port 18080

{
  "mcpServers": {
    "dev-tools": {
      "type": "streamableHttp",
      "url": "http://localhost:18080/http"
    }
  }
}

Transport Options

MCP DevTools supports three transport modes for different use cases:

STDIO Transport (Default)

Best for: Simple, local use with MCP clients like Claude Desktop, Cline, etc.

{
  "mcpServers": {
    "dev-tools": {
      "type": "stdio",
      "command": "/path/to/mcp-devtools",
      "env": {
        "BRAVE_API_KEY": "your-api-key-if-needed"
      }
    }
  }
}

Streamable HTTP Transport

Best for: Production deployments, shared use, centralised configuration

# Basic HTTP mode
mcp-devtools --transport http --port 18080

# With authentication
mcp-devtools --transport http --port 18080 --auth-token mysecrettoken

# With OAuth (see OAuth documentation)
mcp-devtools --transport http --port 18080 --oauth-enabled

Client Configuration:

{
  "mcpServers": {
    "dev-tools": {
      "type": "streamableHttp",
      "url": "http://localhost:18080/http",
    }
  }
}

Configuration Options

Environment Variables

All environment variables are optional, but if you want to use specific search providers or document processing features, you may need to provide the the appropriate variables.

Core Tools:

BRAVE_API_KEY - Enable Brave Search provider by providing a (free Brave search API key)
SEARXNG_BASE_URL - Enable SearXNG search provider by providing the base URL (e.g. https://searxng.example.com)
CONTEXT7_API_KEY - Optional Context7 API key for higher rate limits and authentication with package documentation tools
MEMORY_FILE_PATH - Memory storage location (default: ~/.mcp-devtools/)
DISABLED_FUNCTIONS - Comma-separated list of functions to disable (e.g. think,internet_search)

Security-Sensitive Tools:

ENABLE_ADDITIONAL_TOOLS - Comma-separated list to enable security-sensitive tools (e.g. security,security_override,sbom,vulnerability_scan,filesystem,claude-agent,gemini-agent,q-developer-agent,generate_changelog,process_document,pdf,memory,terraform_documentation,sequential-thinking)
FILESYSTEM_TOOL_ALLOWED_DIRS - Colon-separated (Unix) list of allowed directories (only for filesystem tool)

Document Processing:

DOCLING_PYTHON_PATH - Python executable path (default: auto-detected)
DOCLING_CACHE_ENABLED - Enable processed document cache (default: true)
DOCLING_HARDWARE_ACCELERATION - Hardware acceleration (auto (default), mps, cuda, cpu)

Command-Line Options

--transport, -t - Transport type (stdio, sse, http). Default: stdio
--port - Port for HTTP transports. Default: 18080
--base-url - Base URL for HTTP transports. Default: http://localhost
--auth-token - Authentication token for HTTP transport
--debug, -d - Enable debug logging

Architecture

MCP DevTools uses a modular architecture:

Tool Registry: Central registry managing tool discovery and registration
Tool Interface: Standardised interface all tools implement
Transport Layer: Supports STDIO, HTTP, and SSE transports
Plugin System: Easy to add new tools following the interface

Each tool is self-contained and registers automatically when the binary starts.

Security Framework

MCP DevTools includes a configurable security system that provides multi-layered protection for tools that access files or make HTTP requests.

Important: This feature should be considered in BETA, if you find bugs and have solutions please feel free to raise a PR.

Key Features

Access Control: Prevents tools from accessing sensitive files and domains
Content Analysis: Scans returned content for security threats using pattern matching
YAML-Based Configuration: Easy-to-manage rules with automatic reloading
Security Overrides: Allow bypassing false positives with audit logging
Performance Optimised: Minimal impact when disabled, efficient when enabled

Built-in Protection

Shell Injection Detection: Command injection, eval execution, backtick commands
Data Exfiltration Prevention: DNS exfiltration, credential theft, keychain access
Prompt Injection Mitigation: "Ignore instructions" attacks, conversation extraction
Persistence Mechanism Detection: Launchctl, systemd, crontab modifications
Sensitive File Protection: SSH keys, AWS credentials, certificates

Quick Setup

# Enable security framework and override tool
# You may optionally also add 'security_override' if you want a tool the agent can use to override security warnings
ENABLE_ADDITIONAL_TOOLS="security"

Configuration is managed through ~/.mcp-devtools/security.yaml with sensible defaults.

👉

Advanced Features

SBOM/Vulnerability Tools Build (Increases File Size)

Includes all tools including SBOM generation and vulnerability scanning capabilities with Anchore Syft/Grype dependencies (~170MB binary).

# Build with SBOM and vulnerability tools
make build-sbom-vuln-tools

Additional tools: sbom, vulnerability_scan

The SBOM and vulnerability scanning tools are disabled by default in both builds but can be enabled via the ENABLE_ADDITIONAL_TOOLS environment variable. In the standard build, these tools will return appropriate error messages indicating they require the SBOM/vulnerability tools build variant.

OAuth 2.0/2.1 Authentication

For production deployments requiring centralised user authentication:

👉

Quick example:

# Browser-based authentication
mcp-devtools --transport http --oauth-browser-auth --oauth-client-id="your-client"

# Resource server mode
mcp-devtools --transport http --oauth-enabled --oauth-issuer="https://auth.example.com"

Docker Support

# Pull the image (main is latest)
docker pull ghcr.io/sammcj/mcp-devtools:main

# Run
docker run -d --name mcp-devtools -p 18080:18080 --restart always ghcr.io/sammcj/mcp-devtools:main

Creating New Tools

Want to add your own tools? See the .

Getting Help

Tool Documentation:
Security Framework:
OAuth Setup:
Development:
Issues: GitHub Issues, please note that I built this tool for my own use and it is not a commercially supported product, so if you can - please raise a PR instead of an issue.

Contributing

Contributions welcome! This project follows standard Go development practices and includes comprehensive tests.

# Development setup
git clone https://github.com/sammcj/mcp-devtools.git
cd mcp-devtools
make deps
make test
make build
# Run security checks, see make help
make inspect # launches the MCP inspector tool

Disclaimer

No warranty is provided for this software. Use at your own risk. The author is not responsible for any damages or issues arising from its use.