{"id":"shiahonb777-turn-mcp","name":"turn-mcp","homepage":null,"repo_url":"https://github.com/shiahonb777/turn-mcp","category":"ai-ml","subcategories":[],"tags":["mcp","human-in-the-loop","ai-agent","checkpoint","browser-console","sse","nodejs"],"what_it_does":"turn-mcp-web provides a self-hosted MCP server exposing a human-in-the-loop tool (turn.wait/turn_wait) that pauses an agent and forwards control to an operator via a browser console. It also exposes related REST endpoints for pending waits, responding/canceling/extending waits, and real-time updates via SSE.","use_cases":["Human-in-the-loop checkpoints for agent decisions","Safely requiring confirmation before risky actions (e.g., destructive DB operations)","Interactive workflows where an operator replies to the agent across multiple turns","IDE/agent client integration via MCP (streamable HTTP or stdio)","Operator-visible session history and queue management for agent interventions"],"not_for":["Public internet deployment without additional network controls","Environments requiring strong enterprise auth standards (no OAuth/OIDC described)","Use cases needing guaranteed exactly-once semantics or strict transactional idempotency"],"best_when":"You need a local/self-hosted checkpoint mechanism for agent turns with an operator UI and want to integrate with common MCP-capable clients.","avoid_when":"You cannot control access to the server (operator/viewer API keys) or you need hardened production-grade security like OIDC, IP allowlisting, or audited data handling.","alternatives":["Custom MCP server implementing a wait/approval tool","Third-party human-in-the-loop orchestration platforms (if available for MCP)","DIY REST-based approval gates with your agent framework (without MCP)","Queue/approval systems integrated with agent runtime (custom middleware)"],"af_score":78.5,"security_score":58.2,"reliability_score":36.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:32:24.178598+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"http://127.0.0.1:3737/mcp","has_sdk":true,"sdk_languages":["Python","JavaScript/TypeScript (via node/npm usage and MCP SDK dependency)"],"openapi_spec_url":null,"webhooks":true},"auth":{"methods":["API key via x-turn-mcp-api-key header","Bearer token via Authorization: Bearer <key>"],"oauth":false,"scopes":true,"notes":"Two roles are described: operator (full access) and viewer (read-only + SSE). Auth is disabled by default unless TURN_MCP_API_KEY (and optionally TURN_MCP_VIEWER_API_KEY) is set."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted open-source (MIT). No hosted pricing mentioned."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":78.5,"security_score":58.2,"reliability_score":36.2,"mcp_server_quality":78.0,"documentation_accuracy":82.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":88.0,"rate_limit_clarity":85.0,"tls_enforcement":25.0,"auth_strength":70.0,"scope_granularity":75.0,"dependency_hygiene":45.0,"secret_handling":70.0,"security_notes":"Supports API key auth with operator/viewer roles and HMAC-SHA256 signing for outbound webhooks. TLS enforcement is not stated (README shows localhost HTTP and container host binding), so HTTPS/network protections are assumed to be handled externally. Auth is disabled by default, so secure configuration and network isolation are important. Rate limiting is documented per-IP sliding window.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":50.0,"error_recovery":55.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"count/total + pagination.hasMore (for paginated endpoints per README)","retry_guidance_documented":false,"known_agent_gotchas":["Human replies are required via the browser console; without operator interaction, waits may time out.","Auth is disabled by default unless API keys are configured; unintended exposure can occur if bound to non-local interfaces."]}}