Spaces:
Running
Running
Universal MCP Hub (Sandboxed)
Universal MCP Server running in paranoid mode β built on PyFundaments and licensed under ESOL.
The goal was simple: too many MCP servers out there with no sandboxing, hardcoded keys, and zero security thought. This one is different. No key = no tool = no crash. The Guardian (main.py) controls everything. app/mcp.py gets only what it needs, nothing more.
- MCP_HUB Built with Claude (Anthropic) as a typing tool. Architecture, security decisions
- Pyfundaments by Volkan Sah read ESOL
MCP Client Configuration (SSE)
To connect Claude Desktop or any MCP client to this hub:
{
"mcpServers": {
"pyfundaments-hub": {
"url": "https://YOUR_USERNAME-universal-mcp-hub.hf.space/sse"
}
}
}
Architecture
main.py β Guardian: initializes all services, controls what app/ receives
βββ app/mcp.py β Sandbox: registers only tools with valid keys
βββ LLM tools (Anthropic, Gemini, OpenRouter, HuggingFace)
βββ Search tools (Brave, Tavily)
βββ DB tools (only if DATABASE_URL is set)
βββ System tools (always active)
The Guardian pattern: app/mcp.py never reads os.environ directly.
It receives a fundaments dict from main.py β and only what main.py decides to give it.
Security Notes
- All API keys loaded via Secrets (env vars) β never hardcoded
list_active_toolsreturns key names only, never values- DB tools are read-only by design (
SELECTonly, enforced at application level) - Direct execution of
app/mcp.pyis blocked by design - Built on PyFundaments β a security-first Python architecture for developers
PyFundaments is not perfect. But it's more secure than most of what runs in production.
License
Apache License 2.0 + ESOL 1.1
"I use AI as a tool, not as a replacement for thinking." β Volkan KΓΌcΓΌkbudak