Security warning: devMCP can read files, write files, run development commands, control Docker, and perform remote SSH operations. Do not expose it publicly. Run it only on trusted machines and networks. Dangerous operations are denied or confirmation-gated by default.
devMCP is a modular local MCP server for AI-assisted development operations. It keeps server.py as the FastMCP entry point and exposes tool modules under tools/ plus higher-level workflows under skills/.
- Secrets are redacted before they are returned, written to audit logs, sent to Telegram, or stored in memory.
- Dangerous operations are controlled by
permissions.json. - Remote shell access is allowlisted by default and raw shell is disabled unless explicitly enabled in
config.json. - Telegram no longer forwards unknown messages to Codex by default.
~/mcp-dev-server/permissions.json controls read, write, git, docker, deploy, remote, dangerous, network, database, agents, install, and telegram_codex_fallback.
Project paths are constrained under ~/workspaces. Absolute paths and .. traversal are rejected. Sensitive files such as .env and SSH private keys are blocked unless the call explicitly allows sensitive reads.
remote_exec now accepts an allowlisted action instead of arbitrary shell by default. Raw remote shell is disabled unless config.json enables it and the permission policy also allows dangerous actions.
- Unknown messages return a help error by default.
codex:runs without dangerous bypass.codex-danger:only works ifallow_codex_dangerous_bypassis enabled.deploy,remote deploy, andgit pushrequire--confirm.- Telegram output is sent without Markdown parsing.
Memory now lives under ~/mcp-dev-server/memory/ with one JSON file per namespace. The legacy memory.json store is migrated into memory/general.json on first use.
/home/$user/mcp-dev-server/.venv/bin/python3 telegram_bot.pyTool activity is appended to ~/mcp-dev-server/logs/audit.jsonl as JSONL.
Use confirm=True and dry_run=True for write/deploy/remote/git operations to preview actions safely.
Automatic tool installation is disabled by default. Set DEVMCP_AUTO_INSTALL=1 to allow installs, subject to permission policy.
Agent profiles live under agents/. Use agent_profiles() to list them, route_profiled_task() to run a profiled task, and consensus_task() to collect multiple agent responses.
JSON workflows live under workflows/. Use workflow_list() and workflow_run(name, project, dry_run=True).
Task records are stored in ~/mcp-dev-server/tasks.sqlite3. Use task_create, task_list, task_get, task_complete, and task_fail.