API Weaver

API Weaver

A comprehensive MCP server with RESTful API that enables file operations, command execution, project management, and AI integration for remote development control with security features and real-time communication.

Category
访问服务器

README

API Server - MCP + REST API

A comprehensive API server providing Model Context Protocol (MCP) support, RESTful endpoints for file operations, command execution, project management, and AI integration.

Features

  • MCP Server: Model Context Protocol compatible server for AI assistants
  • REST API: RESTful endpoints for remote development control
  • Real-time Communication: Server-Sent Events (SSE) for MCP
  • Security: API key authentication, rate limiting, input validation
  • Monitoring: Request logging and statistics dashboard
  • Documentation: Interactive Swagger/OpenAPI documentation

Quick Start

1. Set Up API Key

The API key is stored in Replit Secrets as API_KEY. All authenticated endpoints require this key.

2. Access the Dashboard

Visit the root URL (/) to access the API dashboard with:

  • Real-time statistics
  • Request logs
  • Endpoint documentation
  • Security information

3. View API Documentation

Visit /docs for interactive Swagger documentation.

Authentication

All API endpoints (except /, /docs, /api/stats, /api/logs) require authentication via either:

  1. HTTP Header (recommended for REST API):
curl -X GET \
  -H "X-API-KEY: your-api-key" \
  https://your-repl.repl.co/api/project
  1. Query Parameter (for SSE connections):
GET /mcp?api_key=your-api-key

REST API Endpoints

File Operations

Create/Update File

POST /api/files
Content-Type: application/json
X-API-KEY: your-api-key

{
  "path": "src/hello.ts",
  "content": "console.log('Hello World');"
}

Read File

GET /api/files/src/hello.ts
X-API-KEY: your-api-key

Delete File

DELETE /api/files/src/hello.ts
X-API-KEY: your-api-key

Command Execution

Execute safe shell commands (whitelisted commands only):

POST /api/execute
Content-Type: application/json
X-API-KEY: your-api-key

{
  "command": "ls -la",
  "timeout": 10000
}

Allowed Commands: ls, cat, head, tail, wc, grep, find, echo, pwd, date, whoami, env, node, npm, npx, pnpm, yarn, git, which, mkdir, touch, cp, mv, rm

Project Structure

GET /api/project?depth=3
X-API-KEY: your-api-key

AI Prompts

POST /api/ai
Content-Type: application/json
X-API-KEY: your-api-key

{
  "prompt": "Explain this code",
  "context": "function add(a, b) { return a + b; }",
  "maxTokens": 1000
}

MCP Server

The MCP (Model Context Protocol) server is available at /mcp and supports:

SSE Connection (GET /mcp)

Connect via Server-Sent Events for real-time MCP communication:

// Use query parameter for authentication (EventSource doesn't support custom headers)
const eventSource = new EventSource('/mcp?api_key=your-api-key');

eventSource.addEventListener('message', (event) => {
  const data = JSON.parse(event.data);
  console.log('Received:', data);
});

// Handle connection open
eventSource.onopen = () => {
  console.log('MCP connection established');
};

// Handle errors
eventSource.onerror = (error) => {
  console.error('MCP connection error:', error);
};

Note: The SSE endpoint supports api_key query parameter since EventSource API doesn't support custom headers.

JSON-RPC Tool Calls (POST /mcp)

Send MCP tool calls via HTTP:

POST /mcp
Content-Type: application/json
X-API-KEY: your-api-key

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/call",
  "params": {
    "name": "read_file",
    "arguments": {
      "path": "package.json"
    }
  }
}

Available MCP Tools

Tool Description
read_file Read file contents
write_file Create or update files
list_files List directory contents
delete_file Delete files or directories
execute_command Run safe shell commands
get_project_structure Get file tree
create_directory Create new directories

SSH Access Setup

Replit supports SSH access for remote development with VSCode, Cursor, or any SSH client.

Step 1: Generate SSH Keys

If you don't have SSH keys, generate them:

ssh-keygen -t ed25519 -C "your_email@example.com"

Step 2: Add Public Key to Replit

  1. Go to Replit Account Settings
  2. Navigate to "SSH Keys" section
  3. Click "Add SSH Key"
  4. Paste your public key (~/.ssh/id_ed25519.pub)
  5. Save the key

Step 3: Get Your Repl's SSH Address

  1. Open your Repl
  2. Click on the three dots menu
  3. Select "Connect via SSH"
  4. Copy the SSH address (format: ssh <repl-id>@ssh.replit.com)

Step 4: Configure SSH Client

Add to your ~/.ssh/config:

Host replit
    HostName ssh.replit.com
    User YOUR_REPL_ID
    IdentityFile ~/.ssh/id_ed25519
    ForwardAgent yes
    ServerAliveInterval 60
    ServerAliveCountMax 3

Replace YOUR_REPL_ID with your actual Repl ID.

Step 5: Connect

ssh replit

VSCode/Cursor Setup

  1. Install "Remote - SSH" extension
  2. Press Ctrl+Shift+P → "Remote-SSH: Connect to Host"
  3. Select "replit" from the list
  4. VSCode will open a new window connected to your Repl

Security Features

Rate Limiting

  • 100 requests per 15 minutes per IP
  • Returns 429 Too Many Requests when exceeded

Input Validation

  • All inputs validated with Zod schemas
  • File paths sanitized to prevent directory traversal
  • Commands whitelisted for safe execution

Path Traversal Protection

  • Paths normalized and validated
  • .. patterns rejected
  • All file operations confined to project directory

Command Sandboxing

  • Only whitelisted commands allowed
  • Shell operators (|, ;, &&, etc.) blocked
  • Timeout enforcement on all commands

Monitoring

API Statistics

GET /api/stats

Returns:

  • Total requests
  • Success/failure counts
  • Average response time
  • Server uptime

Request Logs

GET /api/logs?limit=100

Returns recent API requests with:

  • Timestamp
  • Method and path
  • Status code
  • Response time

Error Handling

All errors return JSON responses:

{
  "error": "Error Type",
  "message": "Detailed error message"
}

Common status codes:

  • 400 - Bad Request (invalid input)
  • 401 - Unauthorized (missing API key)
  • 403 - Forbidden (invalid API key)
  • 404 - Not Found (resource doesn't exist)
  • 429 - Too Many Requests (rate limited)
  • 500 - Internal Server Error

Development

Running Locally

npm run dev

Project Structure

├── client/           # React frontend
│   └── src/
│       ├── pages/    # Page components
│       └── components/
├── server/           # Express backend
│   ├── middleware/   # Auth, logging, security
│   ├── services/     # File, command, MCP services
│   ├── routes.ts     # API routes
│   └── swagger.ts    # OpenAPI spec
├── shared/           # Shared types/schemas
│   └── schema.ts
└── README.md

License

MIT License

推荐服务器

Baidu Map

Baidu Map

百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。

官方
精选
JavaScript
Playwright MCP Server

Playwright MCP Server

一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。

官方
精选
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。

官方
精选
本地
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。

官方
精选
本地
TypeScript
VeyraX

VeyraX

一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。

官方
精选
本地
graphlit-mcp-server

graphlit-mcp-server

模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。

官方
精选
TypeScript
Kagi MCP Server

Kagi MCP Server

一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。

官方
精选
Python
e2b-mcp-server

e2b-mcp-server

使用 MCP 通过 e2b 运行代码。

官方
精选
Neon MCP Server

Neon MCP Server

用于与 Neon 管理 API 和数据库交互的 MCP 服务器

官方
精选
Exa MCP Server

Exa MCP Server

模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。

官方
精选