Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-onplana-mcp-server": {
"args": [
"-y",
"github"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Open-source TypeScript Model Context Protocol building blocks, extracted from Onplana's production MCP
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'github' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked github against OSV.dev.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in ai-ml / security
Dynamic problem-solving through sequential thought chains
Persistent memory using a knowledge graph
An autonomous agent that conducts deep research on any data using any LLM providers
🌊 The leading agent orchestration platform for Claude. Deploy intelligent multi-agent swarms, coordinate autonomous workflows, and build conversational AI systems. Features enterprise-grade architecture, distributed swarm intelligence, RAG integration, and native Claude Code / Codex Integration
MCP Security Weekly
Get CVE alerts and security updates for io.github.Onplana/mcp-server and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Open-source TypeScript Model Context Protocol building blocks, extracted from Onplana's production MCP deployment. Two packages:
onplana-mcp-server — server
template. Streamable HTTP transport, Bearer auth, prompt-injection
containment, pluggable dispatcher.onplana-mcp-client — typed TypeScript
client SDK for calling the public Onplana MCP endpoint at
https://api.onplana.com/api/mcp/v1.The transport layer of an MCP server — Streamable HTTP wiring, stateless mode, scoped Bearer auth, prompt-injection containment — done well, separated from the platform-specific tool registry. Use the server template to build your own MCP server with security best practices baked in. Use the client SDK to drive Onplana's hosted MCP from your own code.
The patterns are extracted from Onplana's production deployment (public docs at onplana.com/mcp) — the same layer that handles real Claude Desktop, Cursor, ChatGPT custom connector, and in-house agent traffic against the Onplana platform.
The MCP transport is the same for everyone. Most early MCP servers get the security primitives wrong:
"ignore previous instructions" in their own data and the
next agent that reads it follows along.Onplana solved these in production over six months of MCP-server work. Publishing the patterns is high-leverage:
The dispatcher implementation, tool catalog, plan-gate logic, audit infrastructure, and the rest of Onplana's ~600 LOC closed-source dispatcher stay in the closed monorepo because they encode platform business logic. If you build your own MCP server using this template, you write your own dispatcher — that's the work that matters and the work that's specific to your platform.
onplana-mcp-server/
├── packages/
│ ├── server-template/ # onplana-mcp-server (npm)
│ │ ├── src/
│ │ │ ├── transport.ts # Streamable HTTP wiring
│ │ │ ├── auth.ts # Bearer auth pattern
│ │ │ ├── promptInjection.ts # wrapUserContent + escape
│ │ │ ├── dispatcher.ts # Pluggable Dispatcher interface
│ │ │ └── index.ts
│ │ ├── tests/ # promptInjection + auth + transport
│ │ └── README.md
│ └── client/ # onplana-mcp-client (npm)
│ ├── src/
│ │ ├── client.ts # OnplanaMcpClient class
│ │ ├── types.ts # Public type surface
│ │ └── index.ts
│ ├── tests/ # client.test.ts (stub fetch)
│ └── README.md
├── examples/
│ └── in-memory/ # Runnable demo with 3 toy tools
└── .github/
... [View full README on GitHub](https://github.com/onplana/onplana-mcp-server#readme)