{"id":"sigil-mcp-server","name":"sigil-mcp-server","homepage":"https://pypi.org/project/sigil-mcp-server/","repo_url":"https://github.com/Superuser666-Sigil/SigilDERG-Custom-MCP","category":"search","subcategories":[],"tags":["mcp","code-search","repository-indexing","symbol-search","ctags","trigram-index","rocksdb","lancedb","embeddings","oauth2","python"],"what_it_does":"sigil-mcp-server is a Python Model Context Protocol (MCP) server that indexes local repositories and exposes code navigation/search tools (symbol lookup, trigram-based substring search, and optional semantic search via vector embeddings) along with health/admin endpoints.","use_cases":["Index local source code for IDE-like symbol navigation and code search in an AI assistant","Fast substring search across multiple repositories using trigram indexing","Go-to-definition and symbol listing for functions/classes/methods/variables","Semantic/natural-language code search using embeddings (e.g., local llama.cpp or other embedding providers)","Operational management of indexing (rebuilds, stats, logs) via an admin API","Provide an MCP tool surface to other systems that can connect via MCP + OAuth"],"not_for":["Publicly exposed, unauthenticated code search endpoints","Environments that forbid disabling DNS rebinding and strict header/content-type validation for ChatGPT compatibility","Use cases requiring strict multi-tenant data isolation without additional deployment controls"],"best_when":"You want an AI assistant connected through MCP to explore codebases on your own machine or a controlled network, with optional OAuth-based remote access and indexing that can be maintained over time.","avoid_when":"You need a minimal/fully documented REST/OpenAPI service for third-party programmatic consumption (this is primarily an MCP server) or you cannot accept the stated tradeoffs in ChatGPT connector compatibility (DNS rebinding/header/content-type validation behavior).","alternatives":["Other MCP servers for code search/navigation (varies by implementation)","Self-hosted code search tools like Sourcegraph/Zoekt-style search (non-MCP)","Embedding-based code search stacks using vector DB + custom API (non-MCP)","GitHub code search and ctags-based local tooling combined with your own agent integration"],"af_score":54.8,"security_score":67.2,"reliability_score":27.5,"package_type":"mcp_server","discovery_source":["pypi"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T21:44:38.647835+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["OAuth 2.0 (with PKCE)","Local connection bypass (localhost)","API key fallback","IP whitelisting (optional)"],"oauth":true,"scopes":false,"notes":"Docs mention OAuth 2.0 with PKCE and token expiry (~1 hour) plus refresh support, and also mention a localhost bypass and API key/IP whitelist fallbacks."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No hosted pricing indicated; appears self-hosted (AGPL/commercial licensing). Costs depend on indexing and embedding runtime (e.g., local models or paid providers like OpenAI if used)."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":54.8,"security_score":67.2,"reliability_score":27.5,"mcp_server_quality":86.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":65.0,"rate_limit_clarity":10.0,"tls_enforcement":85.0,"auth_strength":80.0,"scope_granularity":40.0,"dependency_hygiene":55.0,"secret_handling":70.0,"security_notes":"Security documentation mentions path traversal protection, OAuth 2.0 with PKCE, localhost bypass, API key fallback, and optional IP whitelisting. It also explicitly states DNS rebinding protection and certain validations are disabled for ChatGPT compatibility (host/header and content-type validation). OAuth token expiration is enforced (~1 hour) and OAuth credentials are stored with 0600 permissions.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":20.0,"error_recovery":55.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["ChatGPT compatibility notes indicate some security validations are disabled (e.g., DNS rebinding protection and certain header/content-type validation), so agents should assume the server is tuned for ChatGPT connector behavior.","Indexing operations may be compute/storage heavy; agents should avoid repeatedly rebuilding indexes without checking index stats/logs.","Embedding/vector indexing is optional but may require additional local services/models; agent workflows should branch accordingly."]}}