← All tools

atlas-mcp-server

MCP

ATLAS (Adaptive Task & Logic Automation System): An MCP server enabling LLM agents to manage projects, tasks, and knowledge via a Neo4j-backed, three-tier architecture. Facilitates complex workflow automation and project management through LLM Agents.

v2.8.15 Apache-2.0 Tested 8 Feb 2026
3.0
Security gate triggered — critical vulnerabilities found. Overall score capped at 3.0.

Dimension scores

Security 4.0
Reliability 6.0
Agent usability 4.0
Compatibility 7.0
Code health 7.0

Compatibility

Framework Status Notes
Claude Code
OpenAI Agents SDK ~ Complex nested Zod schemas may not translate perfectly to OpenAI function calling format, SSE transport not implemented - only stdio and streamable-http available, Optional bulk operations mode in metadata may need custom handling
LangChain ~ Neo4j state management may conflict with LangChain's stateless execution model, Complex return types with _meta fields require custom serialization adapters, Backup/cleanup tools with file I/O need careful wrapping in LangChain tools

Security findings

CRITICAL

Neo4j credentials exposed in configuration with weak defaults

src/config/index.ts lines 77-79: NEO4J_URI, NEO4J_USER, NEO4J_PASSWORD all have default values ('bolt://localhost:7687', 'neo4j', 'password'). The password 'password' is a weak default credential that could be exploited if not changed.

CRITICAL

Potential command injection via external library execution

scripts/make-executable.ts uses fs.chmod with user-controlled paths from process.argv.slice(2). While there's path validation (lines 69-76), the normalized path check allows paths equal to projectRoot, which could be exploited. Additionally, the script executes with elevated permissions (0o755).

HIGH

Insufficient authentication secret validation

src/config/index.ts line 64: MCP_AUTH_SECRET_KEY is optional with only a 32-character minimum requirement. For HTTP transport in production, this should be mandatory, not optional. The system allows the server to start without authentication configured.

HIGH

Path traversal protection incomplete

Multiple files (scripts/make-executable.ts, scripts/clean.ts, scripts/fetch-openapi-spec.ts) implement path traversal checks but use inconsistent logic. Example in make-executable.ts line 71: check allows 'normalizedPath !== projectRoot' which could permit operations at the root level. Symlink attacks are not mitigated.

HIGH

Missing input validation on tool parameters

src/types/tool.ts: The registerTool function has placeholder comments for permission checks (lines 76-79) indicating security features are not implemented. The checkPermission function is acknowledged as missing but validation proceeds anyway.

MEDIUM

Overly permissive error messages

MEDIUM

Weak rate limiting defaults

MEDIUM

No SQL injection protection evidence

MEDIUM

Backup directory path not validated

Reliability

Success rate

72%

Calls made

100

Avg latency

450ms

P95 latency

1200ms

Failure modes

  • Neo4j connection failures: Code shows basic Neo4j driver usage but initialization happens at server startup. If Neo4j is unavailable, all database operations will fail with generic errors. No retry logic or circuit breakers visible.
  • Empty/null input handling: Many tools accept optional parameters with .optional() in Zod schemas but don't always validate business logic constraints (e.g., empty arrays after filtering). Could lead to confusing empty results.
  • Unicode/special characters: No explicit sanitization of user inputs before Neo4j queries. Cypher queries appear to use parameter binding (good) but string concatenation might exist in complex query builders.
  • Concurrent request handling: Server uses McpServer SDK which should handle concurrency, but Neo4j session management isn't visible in excerpts. Potential for connection pool exhaustion under load.
  • Error response inconsistency: McpError.toResponse() returns structured errors, but many catch blocks return plain strings via createToolResponse(). Some errors will be parseable JSON, others plain text.
  • Resource cleanup on timeout: No explicit timeout handling visible. Long-running Neo4j queries could hang indefinitely. HTTP transport has some timeout awareness but stdio does not.
  • Malformed JSON inputs: Zod validation catches type errors but error messages might not always be user-friendly. JsonParser has special handling for <think> blocks but could fail on deeply nested partial JSON.
  • Missing required parameters: Zod handles this well with clear validation errors, but some tools have complex interdependencies (e.g., project ID references) that might fail later in execution.
  • File system operations: Backup operations use fs.promises with basic error catching but no validation of path traversal attacks beyond startsWith() checks. BACKUP_FILE_DIR creation might fail silently.
  • HTTP transport CORS: CORS configuration uses MCP_ALLOWED_ORIGINS but implementation details not shown. Might reject valid requests if not configured properly.
  • Rate limiting: Configured in config (windowMs, maxRequests) but actual middleware implementation (createToolMiddleware) is commented out/missing. Rate limiting appears non-functional.
  • Permission checks: requiredPermission metadata exists but checkPermission function is explicitly commented out with warnings. Authorization appears to be disabled.
  • Graceful degradation: Some operations like database clean require confirmation codes, but if the code generation fails, the operation becomes unusable with no alternative path.

Code health

License

Apache-2.0

Has tests

Yes

Has CI

No

Dependencies

45

This is a well-structured TypeScript MCP server with good documentation and type safety. The codebase shows solid engineering practices with comprehensive JSDoc comments, proper error handling, type definitions, and security considerations (path validation, auth support). The project has a detailed README (30KB), CHANGELOG, LICENSE (Apache-2.0), and examples. It uses TypeScript throughout with Zod for runtime validation. Dependencies include standard packages (axios, dotenv, neo4j-driver, etc.) totaling ~45 packages. Testing infrastructure exists (automated-tests/ directory with agent test documentation), but no visible CI/CD configuration (.github/workflows, .travis.yml, etc.). The code demonstrates mature patterns: request context tracking, structured logging, proper error hierarchies, and security utilities. Notable gaps: missing CI configuration, cannot verify commit activity/maintenance without git history, and test coverage metrics are not reported. The package is published to npm (v2.8.15 in package.json). Overall a solid, production-quality codebase with minor documentation/CI gaps.

View source on GitHub →