Server data from the Official MCP Registry
Turn any Express or FastAPI app into an MCP server in 3 minutes. Reversible and secure.
Turn any Express or FastAPI app into an MCP server in 3 minutes. Reversible and secure.
Valid MCP server (1 strong, 1 medium validity signals). 1 known CVE in dependencies Package registry verified. Imported from the Official MCP Registry.
12 files analyzed · 2 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: SPARDA_FLYWHEEL
Environment variable: SPARDA_RECORD_SEQUENCES
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-zyx77550-sparda-mcp": {
"env": {
"SPARDA_FLYWHEEL": "your-sparda-flywheel-here",
"SPARDA_RECORD_SEQUENCES": "your-sparda-record-sequences-here"
},
"args": [
"-y",
"sparda-mcp"
],
"command": "npx"
}
}
}From the project's GitHub README.
Your AI can write code. It still can't operate your app.
Claude, Cursor & friends read your files — not your running product. They can
refactor a controller, but they can't create an order, fetch a real user, or see why
production is failing. And giving an AI real access to your API usually means: write
an OpenAPI spec, build an MCP server, host it, secure it, keep it in sync with every
route change — and pray it never DELETEs the wrong row. Days of glue code, per
project, forever drifting.
SPARDA deletes that work:
npx sparda-mcp init # scan your Express/FastAPI app, inject the MCP router — 3 minutes
npx sparda-mcp dev # connect Claude Desktop / Claude Code. Done.
No OpenAPI spec. No account. No API key. No server to host.
Scan + inject — run once, from your app's directory:
npx sparda-mcp init
SPARDA parses your routes (AST), generates a marked /mcp router, injects it into
your app (with a backup), and writes sparda.json. Every step is reversible.
Start your app, then start the bridge:
npx sparda-mcp dev
Connect your client. init prints a ready-to-paste block for
claude_desktop_config.json, pre-filled with your app's name and path:
{
"mcpServers": {
"your-app": {
"command": "npx",
"args": ["sparda-mcp", "dev"],
"cwd": "/absolute/path/to/your-app"
}
}
}
Claude Code connects to the same bridge. That's it — your running app is now a set of MCP tools your AI can call.
To see SPARDA in action instantly without modifying your codebase:
npx sparda-mcp demo
This runs the entire lifecycle (detect → parse → generate → inject → remove) on a bundled demo app in a temporary folder, illustrating all six guarantees in 10 seconds.
SPARDA is designed as a local organism. To see what it remembers and how much compute it has recycled:
npx sparda-mcp report
This prints a terminal dashboard aggregating your exposed tools, write opt-ins, proof journal decisions, and crystallized composite tools.
To write a self-contained, offline HTML dashboard at .sparda/report.html, append the --html flag:
npx sparda-mcp report --html
To output raw JSON for integration:
npx sparda-mcp report --json
To undo everything: npx sparda-mcp remove restores your code byte-for-byte.
npx sparda-mcp remove restores your code byte-for-byte (tested on JS, TS, Python, even Windows CRLF files). No trace, no lock-in.What we don't promise: the honest limits in docs/SECURITY.md.
npx sparda-mcp init parses your codebase (AST), extracts every route, and injects a tiny marked router (/mcp) into your app — fully reversible with npx sparda-mcp remove.sparda.json + git.sparda.json — your choices survive re-runs.Every route becomes a tool that runs against your live process — real auth, real data,
warm connections. One call to sparda_get_context hands the AI the whole living
picture: enabled tools, suggested workflows, runtime telemetry, quarantine state, and
immune memory — so every session resumes where the last one stopped.
sparda.json; your choice survives every re-init.awaiting_confirmation envelope — a single-use token plus a preview of the action — and commits only after an explicit confirm step.503 with a reason and a retry delay instead of hammering your broken route. After a cooldown it half-opens for a single probe.sparda.json, so the same failure later costs zero tokens. Cloning your code doesn't clone its immune memory.On first connection your AI client's own model (via MCP sampling) rewrites raw routes
into business-language tool descriptions and proposes multi-step workflows — cached in
sparda.json and exposed as MCP prompts. Nothing to configure, nothing to pay.
GET /mcp/stats counts how many calls were answered from SPARDA's own knowledge vs. how many paid the host route. It reads 0% on day one and fills with usage — a measure, never a promise.Turn it on with "labs": { "recordSequences": true } in sparda.json. SPARDA then
notices when one tool's output feeds the next tool's input and records the circuit —
structure only (tool names, argument names, counts), never your data. A read-only
circuit seen enough times crystallizes into a composite tool, announced
mid-session: one call runs the whole chain, auto-feeding each step from the previous
step's real response. Write routes are never absorbed — their per-call confirmation
always stands.
GET /mcp/stats (per-tool calls/errors, tool "purity", quarantine state) and
GET /mcp/events (errors, latency anomalies, cached diagnoses) expose exactly what
your app is doing — surfaced to the AI as live notifications.
SPARDA ships with an Agent Skill (SKILL.md) that teaches any compatible
AI client how to drive a SPARDA server to its full potential — call
sparda_get_context first, exploit response recycling, honor quarantine, prefer
crystallized circuits over re-walking a chain, and follow the two-phase write-confirm
protocol. The live, per-project tool list always comes from sparda_get_context at
runtime, so the guidance never goes stale.
Express 4/5 (JS/TS, ESM/CJS) and FastAPI today. We are actively expanding SPARDA internally to support more Node.js environments (including NestJS, Fastify, and Next.js API routes) in the near future.
npx sparda-mcp remove leaves a clean git diff.Full threat model and known gaps: docs/SECURITY.md.
init, the injected router, and the bridge fit together, plus the sparda.json schema.SPARDA is free, including in production (see License). Team-scale capabilities — fine-grained per-person access policies and a signed, tamper-evident audit log — are planned for a future paid tier. The open core stands on its own; nothing here is crippled to upsell you.
Business Source License 1.1 — free to use, including in production. You may not resell SPARDA or offer it as a competing commercial service. Each version converts to Apache 2.0 four years after its release.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.