terminal-mcp
terminal-mcp (tmcp) is a minimal terminal CLI client for Model Context Protocol (MCP) servers. It can connect to MCP servers via stdio (local) or via streamable HTTP (remote), discover tools from configured servers, generate a tools.json allowlist, and let agents list and call only enabled tools via terminal commands.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
The README highlights an 'agent-safe binary' allowlisting behavior (only listing/calling enabled preconfigured tools) and blocks developer operations (init/direct/upgrade/configpath) in that mode, which is a meaningful safety control for agent use. Authentication is limited to custom headers/env vars (no OAuth). The README does not describe TLS enforcement details, secret redaction, audit logs, or rate-limit handling; secret-handling score is therefore reduced. Dependency hygiene can’t be fully verified from provided data (only that @modelcontextprotocol/sdk is used).
⚡ Reliability
Best When
You want a simple, agent-friendly way to call MCP tools with an explicit allowlist (enabled tools only) and minimal runtime dependencies.
Avoid When
You need first-class OAuth authorization, fine-grained audit logging guarantees, or standardized HTTP API contracts (OpenAPI) for programmatic integration beyond the CLI.
Use Cases
- • Enable coding agents (e.g., Codex) to use MCP tools from servers that don’t have native MCP support
- • Tool discovery and allowlisting via tmcp init + tools.json generation
- • Remote MCP access by configuring server URLs and custom headers
- • Controlled execution of pre-configured MCP tools for agent workflows
Not For
- • Running untrusted/auto-discovered MCP servers without an explicit allowlist
- • Applications needing a full programmable REST/GraphQL API surface instead of a CLI wrapper
- • Use cases requiring OAuth flows (explicitly noted as not supported)
Interface
Authentication
Auth is described as custom headers and env vars; OAuth is explicitly not supported. Scope granularity appears to be primarily at the tool allowlist level (enabled/disabled), not at OAuth scopes.
Pricing
No pricing information provided; project appears to be distributed as code/CLI (MIT). Any costs would come from your MCP servers or external services you connect to.
Agent Metadata
Known Gotchas
- ⚠ Agents must format tool parameters as valid JSON strings and follow tool alias naming (server__tool-name).
- ⚠ If tool outputs are large, the CLI claims to enforce line-size limits; still, tool parameter/result formatting issues can break calls.
- ⚠ Remote MCP calls may require correct custom headers/env vars; OAuth is not supported.
- ⚠ The agent-safe binary blocks init/direct/upgrade/config switching; ensure your setup script installs the correct binary for the intended capability set.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for terminal-mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.