acuvity/mcp-server-context-7
Context7 MCP - Up-to-date Docs For Any Cursor Prompt.
4.5K
acuvity/mcp-server-context-7 repository overview
What is mcp-server-context-7?
Description: Context7 MCP - Up-to-date Docs For Any Cursor Prompt.
Packaged by Acuvity and published to our curated MCP server registry from @upstash/context7-mcp original sources.
Quick links:
Why We Built This
At Acuvity, security is central to our mission—especially for critical systems like MCP servers and integration in agentic systems. To address this need, we've created a secure and robust Docker image designed to ensure @upstash/context7-mcp run reliably and safely.
🔐 Key Security Features
📦 Isolated Immutable Sandbox
| Feature | Description |
|---|---|
| Isolated Execution | All tools run within secure, containerized sandboxes to enforce process isolation and prevent lateral movement. |
| Non-root by Default | Enforces least-privilege principles, minimizing the impact of potential security breaches. |
| Read-only Filesystem | Ensures runtime immutability, preventing unauthorized modification. |
| Version Pinning | Guarantees consistency and reproducibility across deployments by locking tool and dependency versions. |
| CVE Scanning | Continuously scans images for known vulnerabilities using Docker Scout to support proactive mitigation. |
| SBOM & Provenance | Delivers full supply chain transparency by embedding metadata and traceable build information. |
| Container Signing (Cosign) | Implements image signing using Cosign to ensure integrity and authenticity of container images. |
🛡️ Runtime Security and Guardrails
Minibridge Integration: Minibridge establishes secure Agent-to-MCP connectivity, supports Rego/HTTP-based policy enforcement 🕵️, and simplifies orchestration.
The ARC container includes a built-in Rego policy that enables a set of runtime guardrails to help enforce security, privacy, and correct usage of your services. Below is list of each guardrail provided.
| Guardrail | Summary |
|---|---|
resource integrity | Embeds a hash of all exposed resources to ensure their authenticity and prevent unauthorized modifications, guarding against supply chain attacks and dynamic alterations of tool metadata. |
covert-instruction-detection | Detects hidden or obfuscated directives in requests. |
sensitive-pattern-detection | Flags patterns suggesting sensitive data or filesystem exposure. |
shadowing-pattern-detection | Identifies tool descriptions that override or influence others. |
schema-misuse-prevention | Enforces strict schema compliance on input data. |
cross-origin-tool-access | Controls calls to external services or APIs. |
secrets-redaction | Prevents exposure of credentials or sensitive values. |
basic authentication | Enables the configuration of a shared secret to restrict unauthorized access to the MCP server and ensure only approved clients can connect. |
These controls ensure robust runtime integrity, prevent unauthorized behavior, and provide a foundation for secure-by-design system operations.
Note
By default, all guardrails except `resource integrity` are turned off. You can enable or disable each one individually, ensuring that only the protections your environment needs are active.
Quick reference
Maintained by:
- Acuvity team for packaging
- abdush for original source application
Where to get help:
Where to file issues:
Supported architectures:
amd64arm64
Base image:
node:23.11.0-alpine3.21
Resources:
Latest tags:
latest->1.0.0-2.1.0->2.1.0- older tags
Verify signature with cosign:
cosign verify --certificate-oidc-issuer "https://token.actions.githubusercontent.com" --certificate-identity "https://github.com/acuvity/mcp-servers-registry/.github/workflows/release.yaml@refs/heads/main" docker.io/acuvity/mcp-server-context-7:latestcosign verify --certificate-oidc-issuer "https://token.actions.githubusercontent.com" --certificate-identity "https://github.com/acuvity/mcp-servers-registry/.github/workflows/release.yaml@refs/heads/main" docker.io/acuvity/mcp-server-context-7:2.1.0cosign verify --certificate-oidc-issuer "https://token.actions.githubusercontent.com" --certificate-identity "https://github.com/acuvity/mcp-servers-registry/.github/workflows/release.yaml@refs/heads/main" docker.io/acuvity/mcp-server-context-7:1.0.0-2.1.0
📦 How to Install
Tip
Given mcp-server-context-7 scope of operation it can be hosted anywhere.
For more information and extra configuration you can consult the package documentation.
🧰 Clients Integrations
Below are the steps for configuring most clients that use MCP to elevate their Copilot experience.
Note
These integrations function natively across all Minibridge modes. To keep things brief, only the docker local-run setup is covered here.
Visual Studio Code
To get started immediately, you can use the "one-click" link below:
Global scope
Press ctrl + shift + p and type Preferences: Open User Settings JSON to add the following section:
{
"mcp": {
"servers": {
"acuvity-mcp-server-context-7": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--read-only",
"docker.io/acuvity/mcp-server-context-7:2.1.0"
]
}
}
}
}
Workspace scope
In your workspace create a file called .vscode/mcp.json and add the following section:
{
"servers": {
"acuvity-mcp-server-context-7": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--read-only",
"docker.io/acuvity/mcp-server-context-7:2.1.0"
]
}
}
}
To pass secrets you should use the
promptStringinput type described in the Visual Studio Code documentation.
Windsurf IDE
In ~/.codeium/windsurf/mcp_config.json add the following section:
{
"mcpServers": {
"acuvity-mcp-server-context-7": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--read-only",
"docker.io/acuvity/mcp-server-context-7:2.1.0"
]
}
}
}
See Windsurf documentation for more info.
Cursor IDE
Add the following JSON block to your mcp configuration file:
~/.cursor/mcp.jsonfor global scope.cursor/mcp.jsonfor project scope
{
"mcpServers": {
"acuvity-mcp-server-context-7": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--read-only",
"docker.io/acuvity/mcp-server-context-7:2.1.0"
]
}
}
}
See cursor documentation for more information.
Claude Desktop
In the claude_desktop_config.json configuration file add the following section:
{
"mcpServers": {
"acuvity-mcp-server-context-7": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--read-only",
"docker.io/acuvity/mcp-server-context-7:2.1.0"
]
}
}
}
See Anthropic documentation for more information.
OpenAI python SDK
Running locally
async with MCPServerStdio(
params={
"command": "docker",
"args": ["run","-i","--rm","--read-only","docker.io/acuvity/mcp-server-context-7:2.1.0"]
}
) as server:
tools = await server.list_tools()
Running remotely
async with MCPServerSse(
params={
"url": "http://<ip>:<port>/sse",
}
) as server:
tools = await server.list_tools()
See OpenAI Agents SDK docs for more info.
🐳 Run it with Docker
Locally with STDIO
In your client configuration set:
- command:
docker - arguments:
run -i --rm --read-only docker.io/acuvity/mcp-server-context-7:2.1.0
Locally with HTTP/sse
Simply run as:
docker run -it -p 8000:8000 --rm --read-only docker.io/acuvity/mcp-server-context-7:2.1.0
Then on your application/client, you can configure to use it like:
{
"mcpServers": {
"acuvity-mcp-server-context-7": {
"url": "http://localhost:8000/sse"
}
}
}
You might have to use different ports for different tools.
Remotely with Websocket tunneling and MTLS
This section assume you are familiar with TLS and certificates and will require:
- a server certificate with proper DNS/IP field matching your tool deployment.
- a client-ca used to sign client certificates
- Start the server in
backendmode
- add an environment variable like
-e MINIBRIDGE_MODE=backend - add the TLS certificates (recommended) through a volume let's say
/certsex (-v $PWD/certs:/certs) - instruct minibridge to use those certs with
-e MINIBRIDGE_TLS_SERVER_CERT=/certs/server-cert.pem-e MINIBRIDGE_TLS_SERVER_KEY=/certs/server-key.pem-e MINIBRIDGE_TLS_SERVER_KEY_PASS=optional-e MINIBRIDGE_TLS_SERVER_CLIENT_CA=/certs/client-ca.pem
- Start
minibridgelocally in frontend mode:
- Get minibridge binary for your OS.
In your client configuration, Minibridge works like any other STDIO command.
Example for Claude Desktop:
{
"mcpServers": {
"acuvity-mcp-server-context-7": {
"command": "minibridge",
"args": ["frontend", "--backend", "wss://<remote-url>:8000/ws", "--tls-client-backend-ca", "/path/to/ca/that/signed/the/server-cert.pem/ca.pem", "--tls-client-cert", "/path/to/client-cert.pem", "--tls-client-key", "/path/to/client-key.pem"]
}
}
}
That's it.
Minibridge offers a host of additional features. For step-by-step guidance, please visit the wiki. And if anything’s unclear, don’t hesitate to reach out!
☁️ Deploy On Kubernetes
Deploy using Helm Charts
How to install
You can inspect the chart README:
helm show readme oci://docker.io/acuvity/mcp-server-context-7 --version 1.0.0
You can inspect the values that you can configure:
helm show values oci://docker.io/acuvity/mcp-server-context-7 --version 1.0.0
Install with helm
helm install mcp-server-context-7 oci://docker.io/acuvity/mcp-server-context-7 --version 1.0.0
From there your MCP server mcp-server-context-7 will be reachable by default through http/sse from inside the cluster using the Kubernetes Service mcp-server-context-7 on port 8000 by default. You can change that by looking at the service section of the values.yaml file.
How to Monitor
The deployment will create a Kubernetes service with a healthPort, that is used for liveness probes and readiness probes. This health port can also be used by the monitoring stack of your choice and exposes metrics under the /metrics path.
See full charts Readme for more details about settings and runtime security including guardrails activation.
🧠 Server features
For detailed list of all features, tools, arguments and SBOM hashes provided by this server please consult the readme
🧰 Tools (2)
💬 Questions? Open an issue or contact us [email protected] . 📦 Contributions welcome!
Tag summary
Content type
Image
Digest
sha256:2d1507f0f…
Size
260 Bytes
Last updated
16 days ago
docker pull acuvity/mcp-server-context-7:sha256-7d63d51088f7b59046a31bd9056e01bbad51130d8aa3389e56ca52e25cf89d0b.sig