npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@wunderio/wdrmcp

v0.1.17

Published

Wunderio local MCP developer server

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

juhaniemijuhaniemi

Keywords

mcpmodel-context-protocoldockerddevai-toolscopilot

Readme

@wunderio/wdrmcp

A generic MCP (Model Context Protocol) server that dynamically loads tool definitions from YAML configuration files and executes them in Docker containers or proxies them to remote MCP servers.

Built with the official MCP TypeScript SDK.

Features

  • YAML-driven tool definitions — define tools declaratively, no code changes needed
  • Docker container execution — run commands in Docker containers with security validation
  • MCP server proxying — proxy tool calls to remote MCP servers via HTTP JSON-RPC / Streamable HTTP MCP
  • Dynamic tool discovery — automatically fetch and expose tools from remote MCP servers
  • Security — container ownership validation, command injection prevention, argument validation
  • DDEV integration — built-in support for DDEV container naming and project scoping

Installation

npm install -g @wunderio/wdrmcp

Or use directly with npx:

npx @wunderio/wdrmcp --tools-config /path/to/tools-config

Usage

CLI

wdrmcp --tools-config /path/to/tools-config [options]

Options:

| Flag | Description | Default | |------|-------------|---------| | --tools-config <path> | Path to YAML tool config directory | (required) | | --log-level <level> | Log level (debug, info, warn, error) | info | | --log-file <path> | Log file path | /tmp/wdrmcp.log | | --strict-host-key-checking | Enforce SSH host key verification | false |

Environment variables:

| Variable | Description | Default | |----------|-------------|---------| | DDEV_PROJECT | DDEV project name | default-project | | HOST_PROJECT_ROOT | Host filesystem project root | /workspace | | CONTAINER_PROJECT_ROOT | Container filesystem project root | /var/www/html | | SSH_STRICT_HOST_KEY_CHECKING | Enforce SSH host key verification (true/false) | false |

VS Code / GitHub Copilot Configuration

{
  "servers": {
    "wdrmcp": {
      "command": "npx",
      "args": ["-y", "@wunderio/wdrmcp", "--tools-config", "/path/to/tools-config"],
      "env": {
        "DDEV_PROJECT": "my-project"
      }
    }
  }
}

Tool Configuration Format

Tools are defined in YAML files within the tools-config directory. Each file must contain a tools array.

Command Tool

Executes shell commands over SSH:

tools:
  - name: my_tool
    enabled: true
    description: "What this tool does"
    type: command
    command_template: "my-command {arg1} {arg2}"
    ssh_target: "web"
    ssh_user: "${DDEV_SSH_USER}"
    working_dir: "/var/www/html"
    shell: "/bin/bash"
    default_args:
      arg2: "default-value"
    disallowed_commands:
      - "rm"
      - "shutdown"
    validation_rules:
      - pattern: "dangerous-pattern"
        message: "This pattern is not allowed"
    max_arg_length: 4096
    input_schema:
      type: object
      properties:
        arg1:
          type: string
          description: "First argument"
      required:
        - arg1

MCP Server Proxy Tool

Proxies tool calls to a remote MCP server:

tools:
  - name: remote_tools
    enabled: true
    description: "Remote MCP server"
    type: mcp_server
    server_url: "http://localhost:8080"
    expose_remote_tools: true
    tool_prefix: "remote_"
    timeout: 30
    auth_token: "${REMOTE_MCP_TOKEN}"

Notes:

  • wdrmcp supports both plain JSON-RPC HTTP MCP endpoints and Streamable HTTP MCP endpoints.
  • For Streamable HTTP servers, wdrmcp performs initialize and notifications/initialized, keeps mcp-session-id, and sends Accept: application/json, text/event-stream.

Architecture

src/
├── index.ts           # CLI entry point
├── server.ts          # MCP server setup (tool registration with Zod schemas)
├── registry.ts        # Tool registry (YAML loading, executor creation)
├── executors/
│   ├── base.ts        # Base executor interface
│   ├── command.ts     # Docker container command executor
│   └── mcp-proxy.ts   # Remote MCP server proxy executor
├── docker.ts          # Docker exec & container validation
├── config.ts          # CLI argument parsing
├── logger.ts          # Stderr-only logger
└── types.ts           # TypeScript type definitions

License

MIT

Security Notes

  • Argument placeholders in command_template are shell-escaped per argument before execution.
  • disallowed_commands are matched against both argument values and rendered command strings.
  • Host key verification is configurable; set --strict-host-key-checking (or SSH_STRICT_HOST_KEY_CHECKING=true) for production-like environments.
  • Use environment placeholders for credentials (${VAR}) instead of literal secrets in YAML.