📦

Wdrmcp

Wunderio local MCP developer server

0 installs

Trust: 37 — Low

Ask AI about Wdrmcp

I know everything about Wdrmcp. Ask me about installation, configuration, usage, or troubleshooting.

0/500

Loading tools...

Reviews

Documentation

@wunderio/wdrmcp

A generic MCP (Model Context Protocol) server that dynamically loads tool definitions from YAML configuration files and executes them in Docker containers or proxies them to remote MCP servers.

Built with the official MCP TypeScript SDK.

Features

YAML-driven tool definitions — define tools declaratively, no code changes needed
Docker container execution — run commands in Docker containers with security validation
MCP server proxying — proxy tool calls to remote MCP servers via HTTP JSON-RPC / Streamable HTTP MCP
Dynamic tool discovery — automatically fetch and expose tools from remote MCP servers
Security — container ownership validation, command injection prevention, argument validation
DDEV integration — built-in support for DDEV container naming and project scoping

Installation

npm install -g @wunderio/wdrmcp

Or use directly with npx:

npx @wunderio/wdrmcp --tools-config /path/to/tools-config

Usage

CLI

wdrmcp --tools-config /path/to/tools-config [options]

Options:

Flag	Description	Default
`--tools-config <path>`	Path to YAML tool config directory	(required)
`--log-level <level>`	Log level (debug, info, warn, error)	`info`
`--log-file <path>`	Log file path	`/tmp/wdrmcp.log`
`--strict-host-key-checking`	Enforce SSH host key verification	`false`

Environment variables:

Variable	Description	Default
`DDEV_PROJECT`	DDEV project name	`default-project`
`HOST_PROJECT_ROOT`	Host filesystem project root	`/workspace`
`CONTAINER_PROJECT_ROOT`	Container filesystem project root	`/var/www/html`
`SSH_STRICT_HOST_KEY_CHECKING`	Enforce SSH host key verification (`true`/`false`)	`false`

VS Code / GitHub Copilot Configuration

{
  "servers": {
    "wdrmcp": {
      "command": "npx",
      "args": ["-y", "@wunderio/wdrmcp", "--tools-config", "/path/to/tools-config"],
      "env": {
        "DDEV_PROJECT": "my-project"
      }
    }
  }
}

Tool Configuration Format

Tools are defined in YAML files within the tools-config directory. Each file must contain a tools array.

Command Tool

Executes shell commands over SSH:

tools:
  - name: my_tool
    enabled: true
    description: "What this tool does"
    type: command
    command_template: "my-command {arg1} {arg2}"
    ssh_target: "web"
    ssh_user: "${DDEV_SSH_USER}"
    working_dir: "/var/www/html"
    shell: "bash" # Uses /usr/bin/env to resolve the shell
    default_args:
      arg2: "default-value"
    disallowed_commands:
      - "rm"
      - "shutdown"
    validation_rules:
      - pattern: "dangerous-pattern"
        message: "This pattern is not allowed"
    max_arg_length: 4096
    input_schema:
      type: object
      properties:
        arg1:
          type: string
          description: "First argument"
      required:
        - arg1

MCP Server Proxy Tool

Proxies tool calls to a remote MCP server:

tools:
  - name: remote_tools
    enabled: true
    description: "Remote MCP server"
    type: mcp_server
    server_url: "http://localhost:8080"
    expose_remote_tools: true
    tool_prefix: "remote_"
    timeout: 30
    auth_token: "${REMOTE_MCP_TOKEN}"

Notes:

wdrmcp supports both plain JSON-RPC HTTP MCP endpoints and Streamable HTTP MCP endpoints.
For Streamable HTTP servers, wdrmcp performs initialize and notifications/initialized, keeps mcp-session-id, and sends Accept: application/json, text/event-stream.

Architecture

src/
├── index.ts           # CLI entry point
├── server.ts          # MCP server setup (tool registration with Zod schemas)
├── registry.ts        # Tool registry (YAML loading, executor creation)
├── executors/
│   ├── base.ts        # Base executor interface
│   ├── command.ts     # Docker container command executor
│   └── mcp-proxy.ts   # Remote MCP server proxy executor
├── docker.ts          # Docker exec & container validation
├── config.ts          # CLI argument parsing
├── logger.ts          # Stderr-only logger
└── types.ts           # TypeScript type definitions

License

MIT

Security Notes

Argument placeholders in command_template are shell-escaped per argument before execution.
disallowed_commands are matched against both argument values and rendered command strings.
Host key verification is configurable; set --strict-host-key-checking (or SSH_STRICT_HOST_KEY_CHECKING=true) for production-like environments.
Use environment placeholders for credentials (${VAR}) instead of literal secrets in YAML.