Automate mcp-remote OAuth token-cache bootstrap#20
Merged
Conversation
Remote, OAuth-protected providers are bridged with `npx -y mcp-remote <url>` and cache tokens under MCP_REMOTE_CONFIG_DIR. The first grant needs a browser once; this automates everything around it so a host shell is rarely needed. - Startup warm-up (server.py): on boot, introspect each mcp-remote bridge once so valid tokens refresh silently and any required re-auth URL is surfaced via pending_auth_urls/logs instead of failing on the first tool call. Gated by MCPPROXY_WARM_REMOTE (default on). - In-browser terminal (frontend/app.py): a PTY-over-WebSocket endpoint (/ws/terminal) plus an xterm.js modal. Wizard "Bootstrap / Authorize in terminal" button and a per-provider "Re-authorize" button run the mcp-remote flow live from the UI. Gated by MCPPROXY_WEB_TERMINAL (default on); /api/config exposes the flag so the UI hides the feature when disabled. - Pending-auth banner: the UI polls /api/pending-auth and shows a global "authorization required" banner with clickable links. - Host helper (bootstrap_auth.py + run_local.sh --bootstrap-auth): derives the mcp-remote URLs from configured providers and runs the flow per provider, writing the cache to MCP_REMOTE_CONFIG_DIR (default ./.mcp-auth). - README Part 3.25 updated; tests added for the config flag, the terminal gate, command extraction, and the warm-up helpers. https://claude.ai/code/session_01XsiNca5mh3BwPMaDhBnuWW
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Remote, OAuth-protected providers are bridged with
npx -y mcp-remote <url>and cache tokens under MCP_REMOTE_CONFIG_DIR. The first grant needs a browser
once; this automates everything around it so a host shell is rarely needed.
so valid tokens refresh silently and any required re-auth URL is surfaced via
pending_auth_urls/logs instead of failing on the first tool call. Gated by
MCPPROXY_WARM_REMOTE (default on).
(/ws/terminal) plus an xterm.js modal. Wizard "Bootstrap / Authorize in
terminal" button and a per-provider "Re-authorize" button run the mcp-remote
flow live from the UI. Gated by MCPPROXY_WEB_TERMINAL (default on); /api/config
exposes the flag so the UI hides the feature when disabled.
"authorization required" banner with clickable links.
mcp-remote URLs from configured providers and runs the flow per provider,
writing the cache to MCP_REMOTE_CONFIG_DIR (default ./.mcp-auth).
command extraction, and the warm-up helpers.
https://claude.ai/code/session_01XsiNca5mh3BwPMaDhBnuWW