@silver886/mcp-proxy 0.1.1

package/README.md

@@ -0,0 +1,178 @@
+# MCP Proxy
+
+MCP proxy bridge that forwards [Model Context Protocol](https://modelcontextprotocol.io/) requests across network boundaries via [Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/).
+
+Works with any MCP client (Claude Code, Cursor, Windsurf, Cline, etc.) and any OS.
+
+## Why
+
+MCP servers that need local resources (Chrome browser, filesystem, GPU, etc.) can't run inside containers or remote environments. This proxy bridges the gap:
+
+```
+MCP Client (container/remote)
+    |  stdio
+Proxy Server (same machine as client)
+    |  HTTP via Cloudflare Tunnel
+Host Agent (machine with the resources)
+    |  stdio
+Real MCP Servers (chrome-devtools, filesystem, etc.)
+```
+
+## Quick start
+
+### 1. Start the host agent
+
+On the machine where your MCP servers run:
+
+```bash
+npx -p @silver886/mcp-proxy host --config config.json --tunnel
+```
+
+Example `config.json`:
+
+```json
+{
+  "servers": {
+    "chrome-devtools": {
+      "command": "npx",
+      "args": ["-y", "chrome-devtools-mcp@latest"],
+      "shell": true
+    },
+    "filesystem": {
+      "command": "npx",
+      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/path/to/dir"],
+      "shell": true
+    }
+  }
+}
+```
+
+The host agent prints a tunnel URL and auth token. Keep it running.
+
+### 2. Configure your MCP client
+
+Add the proxy as a stdio MCP server. The client launches it automatically.
+
+**Claude Code** (`claude mcp add` or `.claude.json`):
+
+```json
+{
+  "mcpServers": {
+    "chrome-devtools": {
+      "type": "stdio",
+      "command": "npx",
+      "args": ["-y", "-p", "@silver886/mcp-proxy", "proxy"]
+    }
+  }
+}
+```
+
+**Cursor / Windsurf / other MCP clients** — same pattern, add as a stdio server with `npx -p @silver886/mcp-proxy proxy` as the command.
+
+### 3. Pair
+
+When the MCP client spawns the proxy, the proxy prints a setup URL to stderr:
+
+```
+Configure at: https://mcp-proxy.pages.dev/setup.html#code=...&key=...
+```
+
+Open the URL in a browser. Enter the tunnel URL and auth token from step 1, discover servers, and select tools. The proxy picks up the config automatically and starts forwarding MCP requests.
+
+## Architecture
+
+### Components
+
+| Component | Role | Runs on |
+|-----------|------|---------|
+| **Host Agent** (`host`) | HTTP-to-stdio bridge. Spawns MCP servers, manages sessions, serves MCP Streamable HTTP. | Machine with resources |
+| **Proxy Server** (`proxy`) | Stdio MCP server that forwards requests to the host agent via tunnel. | Machine with MCP client |
+| **Config Page** (Cloudflare Pages) | Device-code pairing. Stores encrypted config in KV with 15-min TTL. | Cloudflare edge |
+
+### Pairing flow
+
+```
+1. MCP client spawns the proxy (stdio)
+2. Proxy generates pairing code + encryption key, polls Pages RPC
+3. User opens setup URL in browser (code + key in URL hash, never sent to server)
+4. User enters tunnel URL + auth token, discovers servers, selects tools
+5. Setup page encrypts config client-side, stores ciphertext in KV via RPC
+6. Proxy polls, decrypts config, discovers servers, starts forwarding
+```
+
+### Protocol
+
+- **Client <-> Proxy**: stdio (JSON-RPC, newline-delimited)
+- **Proxy <-> Host Agent**: HTTP via Cloudflare Tunnel (MCP Streamable HTTP)
+- **Host Agent <-> MCP Servers**: stdio (JSON-RPC, newline-delimited)
+- **Session management**: `Mcp-Session-Id` header between proxy and host agent
+
+## Configuration
+
+### Host agent config
+
+```json
+{
+  "servers": {
+    "server-name": {
+      "command": "node",
+      "args": ["path/to/server.js"],
+      "env": { "API_KEY": "..." },
+      "shell": false
+    }
+  },
+  "host": "127.0.0.1",
+  "port": 6270
+}
+```
+
+| Field | Default | Description |
+|-------|---------|-------------|
+| `servers` | _(required)_ | Map of server name to spawn config |
+| `servers.*.command` | _(required)_ | Executable to spawn |
+| `servers.*.args` | `[]` | Command arguments |
+| `servers.*.env` | `{}` | Extra environment variables |
+| `servers.*.shell` | `false` | Use shell for PATH resolution (set `true` for `npx`, etc.) |
+| `host` | `127.0.0.1` | Listen address |
+| `port` | `6270` | Listen port |
+
+### CLI
+
+**Host agent:**
+
+```
+host [options]
+
+--config <path>    Config file (default: config.json)
+--tunnel           Start a Cloudflare quick tunnel
+--timeout <ms>     MCP request timeout (default: 120000)
+```
+
+**Proxy server:**
+
+```
+proxy [options]
+
+--pages-url <url>   Config page URL (default: https://mcp-proxy.pages.dev)
+```
+
+Also reads `MCP_PROXY_PAGES_URL` environment variable.
+
+## Error codes
+
+| Code | Name | Meaning |
+|------|------|---------|
+| `-32603` | `INTERNAL` | Unhandled server error |
+| `-32001` | `PROXY_NOT_CONFIGURED` | Proxy hasn't been paired yet |
+| `-32002` | `HOST_UNREACHABLE` | Can't reach host agent via tunnel |
+| `-32003` | `PROCESS_EXITED` | MCP server child process died |
+| `-32004` | `PROCESS_NOT_RUNNING` | Child process isn't running |
+| `-32005` | `REQUEST_TIMEOUT` | MCP server didn't respond in time |
+
+## Development
+
+```bash
+pnpm install
+pnpm run build
+pnpm publish --access public --no-git-checks
+```

package/mcp/dist/host.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/mcp/dist/host.js

@@ -0,0 +1,307 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_fs_1 = require("node:fs");
+const node_child_process_1 = require("node:child_process");
+const node_crypto_1 = require("node:crypto");
+const cloudflared_1 = require("cloudflared");
+const protocol_js_1 = require("./shared/protocol.js");
+// A session manages one MCP server child process + request/response matching
+class McpSession {
+    name;
+    timeout;
+    process;
+    stdoutBuffer = new protocol_js_1.LineBuffer();
+    pending = new Map();
+    notifications = [];
+    destroyed = false;
+    constructor(name, config, timeout) {
+        this.name = name;
+        this.timeout = timeout;
+        console.log(`[${name}] Spawning: ${config.command} ${config.args.join(" ")}`);
+        this.process = (0, node_child_process_1.spawn)(config.command, config.args, {
+            stdio: ["pipe", "pipe", "pipe"],
+            env: { ...process.env, ...config.env },
+            shell: config.shell ?? false,
+        });
+        this.process.stdout.on("data", (chunk) => {
+            const lines = this.stdoutBuffer.push(chunk.toString("utf-8"));
+            for (const line of lines) {
+                this.handleLine(line);
+            }
+        });
+        this.process.stderr.on("data", (chunk) => {
+            console.error(`[${name}] stderr: ${chunk.toString("utf-8").trimEnd()}`);
+        });
+        this.process.on("exit", (code) => {
+            console.log(`[${name}] Process exited (code=${code})`);
+            this.destroyed = true;
+            // Reject all pending
+            for (const [, p] of this.pending) {
+                clearTimeout(p.timer);
+                p.resolve((0, protocol_js_1.jsonRpcError)(protocol_js_1.ErrorCode.PROCESS_EXITED, `code=${code}`));
+            }
+            this.pending.clear();
+        });
+        this.process.on("error", (err) => {
+            console.error(`[${name}] Process error: ${err.message}`);
+            this.destroyed = true;
+        });
+    }
+    handleLine(line) {
+        // Try to extract the id to match with a pending request
+        let parsed;
+        try {
+            parsed = JSON.parse(line);
+        }
+        catch {
+            return; // Not valid JSON, skip
+        }
+        // If it has an id and matches a pending request, resolve it
+        if (parsed.id !== undefined && this.pending.has(parsed.id)) {
+            const p = this.pending.get(parsed.id);
+            clearTimeout(p.timer);
+            this.pending.delete(parsed.id);
+            p.resolve(line);
+            return;
+        }
+        // Otherwise it's a notification — queue it
+        this.notifications.push(line);
+    }
+    sendRequest(jsonRpcLine) {
+        if (this.destroyed || !this.process.stdin?.writable) {
+            return Promise.resolve((0, protocol_js_1.jsonRpcError)(protocol_js_1.ErrorCode.PROCESS_NOT_RUNNING));
+        }
+        // Extract id for matching
+        let id;
+        try {
+            id = JSON.parse(jsonRpcLine).id;
+        }
+        catch {
+            // If we can't parse, just send it and hope for the best
+        }
+        this.process.stdin.write(jsonRpcLine + "\n");
+        if (id === undefined) {
+            // It's a notification from client — no response expected
+            return Promise.resolve("");
+        }
+        return new Promise((resolve) => {
+            const timer = setTimeout(() => {
+                this.pending.delete(id);
+                resolve((0, protocol_js_1.jsonRpcError)(protocol_js_1.ErrorCode.REQUEST_TIMEOUT, undefined, id));
+            }, this.timeout);
+            this.pending.set(id, { resolve, timer });
+        });
+    }
+    drainNotifications() {
+        const n = this.notifications;
+        this.notifications = [];
+        return n;
+    }
+    get serverName() {
+        return this.name;
+    }
+    get isAlive() {
+        return !this.destroyed;
+    }
+    destroy() {
+        if (this.destroyed)
+            return;
+        this.destroyed = true;
+        if (!this.process.killed)
+            this.process.kill();
+    }
+}
+function sendSessionMismatchError(res, session, serverName) {
+    res.writeHead(400, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ error: `Session belongs to server '${session.serverName}', not '${serverName}'` }));
+}
+// Main server
+class HostAgent {
+    config;
+    sessions = new Map();
+    timeout;
+    authToken;
+    constructor(configPath, timeout) {
+        const raw = (0, node_fs_1.readFileSync)(configPath, "utf-8");
+        this.config = JSON.parse(raw);
+        this.timeout = timeout;
+        this.authToken = (0, node_crypto_1.randomBytes)(32).toString("base64url"); // 256-bit token
+    }
+    get port() {
+        return this.config.port ?? protocol_js_1.DEFAULT_PORT;
+    }
+    start() {
+        const host = this.config.host ?? protocol_js_1.DEFAULT_HOST;
+        const server = (0, protocol_js_1.createServer)((req, res) => this.handleRequest(req, res));
+        server.listen(this.port, host, () => {
+            console.log(`MCP Host Agent listening on http://${host}:${this.port}`);
+            console.log(`Available servers: ${Object.keys(this.config.servers).join(", ")}`);
+            console.error(`Auth token: ${this.authToken}`);
+        });
+    }
+    async handleRequest(req, res) {
+        // Auth: validate Bearer token (constant-time comparison)
+        const auth = req.headers.authorization ?? "";
+        const expected = `Bearer ${this.authToken}`;
+        const authBuf = Buffer.from(auth);
+        const expectedBuf = Buffer.from(expected);
+        const authorized = authBuf.length === expectedBuf.length && (0, node_crypto_1.timingSafeEqual)(authBuf, expectedBuf);
+        if (!authorized) {
+            res.writeHead(401, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ error: "Unauthorized" }));
+            return;
+        }
+        // GET / — list available servers
+        if (req.method === "GET" && req.url === "/") {
+            res.writeHead(200, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({
+                service: "mcp-proxy-host",
+                servers: Object.keys(this.config.servers),
+            }));
+            return;
+        }
+        // Route: /servers/:name
+        const match = req.url?.match(/^\/servers\/([^/?]+)/);
+        if (!match) {
+            res.writeHead(404, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ error: "Not found. Use /servers/<name>" }));
+            return;
+        }
+        const serverName = match[1];
+        const serverConfig = this.config.servers[serverName];
+        if (!serverConfig) {
+            res.writeHead(404, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({
+                error: `Unknown server: ${serverName}`,
+                available: Object.keys(this.config.servers),
+            }));
+            return;
+        }
+        // POST /servers/:name — MCP request
+        if (req.method === "POST") {
+            await this.handleMcpPost(req, res, serverName, serverConfig);
+            return;
+        }
+        // GET /servers/:name — SSE for server notifications
+        if (req.method === "GET") {
+            this.handleSse(req, res, serverName);
+            return;
+        }
+        // DELETE /servers/:name — close session
+        if (req.method === "DELETE") {
+            const sessionId = req.headers["mcp-session-id"];
+            if (sessionId && this.sessions.has(sessionId)) {
+                const session = this.sessions.get(sessionId);
+                if (session.serverName !== serverName) {
+                    sendSessionMismatchError(res, session, serverName);
+                    return;
+                }
+                session.destroy();
+                this.sessions.delete(sessionId);
+            }
+            res.writeHead(200, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ ok: true }));
+            return;
+        }
+        res.writeHead(405);
+        res.end();
+    }
+    async handleMcpPost(req, res, serverName, serverConfig) {
+        const body = await (0, protocol_js_1.readBody)(req);
+        let sessionId = req.headers["mcp-session-id"];
+        // Get or create session
+        let session;
+        if (sessionId && this.sessions.has(sessionId)) {
+            session = this.sessions.get(sessionId);
+            if (session.serverName !== serverName) {
+                sendSessionMismatchError(res, session, serverName);
+                return;
+            }
+            if (!session.isAlive) {
+                // Session dead — clean up and create new
+                this.sessions.delete(sessionId);
+                sessionId = undefined;
+            }
+        }
+        if (!sessionId || !this.sessions.has(sessionId)) {
+            sessionId = (0, node_crypto_1.randomBytes)(16).toString("hex");
+            session = new McpSession(serverName, serverConfig, this.timeout);
+            this.sessions.set(sessionId, session);
+        }
+        else {
+            session = this.sessions.get(sessionId);
+        }
+        // Forward request
+        const response = await session.sendRequest(body);
+        if (!response) {
+            // Client notification — no response body
+            res.writeHead(202, { "Mcp-Session-Id": sessionId });
+            res.end();
+            return;
+        }
+        res.writeHead(200, {
+            "Content-Type": "application/json",
+            "Mcp-Session-Id": sessionId,
+        });
+        res.end(response);
+    }
+    handleSse(req, res, serverName) {
+        const sessionId = req.headers["mcp-session-id"];
+        const session = sessionId ? this.sessions.get(sessionId) : undefined;
+        if (session && session.serverName !== serverName) {
+            sendSessionMismatchError(res, session, serverName);
+            return;
+        }
+        res.writeHead(200, {
+            "Content-Type": "text/event-stream",
+            "Cache-Control": "no-cache",
+            Connection: "keep-alive",
+            ...(sessionId ? { "Mcp-Session-Id": sessionId } : {}),
+        });
+        res.write(": connected\n\n");
+        if (!session) {
+            req.on("close", () => { });
+            return;
+        }
+        // Poll for notifications and send them
+        const interval = setInterval(() => {
+            if (!session.isAlive) {
+                clearInterval(interval);
+                res.end();
+                return;
+            }
+            const notifications = session.drainNotifications();
+            for (const n of notifications) {
+                res.write(`data: ${n}\n\n`);
+            }
+        }, 100);
+        req.on("close", () => clearInterval(interval));
+    }
+}
+function startTunnel(port) {
+    const tunnel = cloudflared_1.Tunnel.quick(`http://localhost:${port}`);
+    tunnel.once("url", (url) => {
+        console.log(`\n  Tunnel URL: ${url}`);
+        console.log(`\n  Enter this URL in the setup page when configuring the proxy.\n`);
+    });
+    tunnel.on("error", (err) => {
+        console.error("Tunnel error:", err.message);
+    });
+    process.on("SIGINT", () => {
+        tunnel.stop();
+        process.exit(0);
+    });
+}
+function main() {
+    const configPath = (0, protocol_js_1.getArg)("--config") ?? "config.json";
+    const timeout = parseInt((0, protocol_js_1.getArg)("--timeout") ?? "120000", 10); // 2min default for long tool calls
+    const useTunnel = process.argv.includes("--tunnel");
+    const agent = new HostAgent(configPath, timeout);
+    agent.start();
+    if (useTunnel) {
+        console.log("Starting Cloudflare tunnel...");
+        startTunnel(agent.port);
+    }
+}
+main();

package/mcp/dist/proxy.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/mcp/dist/proxy.js

@@ -0,0 +1,320 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_crypto_1 = require("node:crypto");
+const protocol_js_1 = require("./shared/protocol.js");
+const POLL_INTERVAL = 2000; // ms
+const TOOL_SEPARATOR = "__";
+const subtle = node_crypto_1.webcrypto.subtle;
+// --- Crypto helpers (AES-256-GCM + SHA-256 + HMAC) ---
+async function importAesKey(keyB64) {
+    const raw = Buffer.from(keyB64, "base64url");
+    return subtle.importKey("raw", raw, "AES-GCM", false, ["encrypt", "decrypt"]);
+}
+async function importHmacKey(keyB64) {
+    const raw = Buffer.from(keyB64, "base64url");
+    return subtle.importKey("raw", raw, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
+}
+async function deriveCodeId(code) {
+    const hash = await subtle.digest("SHA-256", new TextEncoder().encode(code));
+    return Buffer.from(hash).toString("base64url");
+}
+async function deriveAuthHash(keyB64, code) {
+    const hmacKey = await importHmacKey(keyB64);
+    const sig = await subtle.sign("HMAC", hmacKey, new TextEncoder().encode(code));
+    return Buffer.from(sig).toString("base64url");
+}
+async function encrypt(key, plaintext) {
+    const iv = (0, node_crypto_1.randomBytes)(12);
+    const encoded = new TextEncoder().encode(plaintext);
+    const ciphertext = new Uint8Array(await subtle.encrypt({ name: "AES-GCM", iv }, key, encoded));
+    const combined = new Uint8Array(iv.length + ciphertext.length);
+    combined.set(iv);
+    combined.set(ciphertext, iv.length);
+    return Buffer.from(combined).toString("base64url");
+}
+async function decrypt(key, data) {
+    const combined = Buffer.from(data, "base64url");
+    const iv = combined.subarray(0, 12);
+    const ciphertext = combined.subarray(12);
+    const plaintext = await subtle.decrypt({ name: "AES-GCM", iv }, key, ciphertext);
+    return new TextDecoder().decode(plaintext);
+}
+// --- RPC client ---
+async function rpc(pagesUrl, codeId, authHash, action, payload) {
+    const resp = await fetch(`${pagesUrl}/api/rpc`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ codeId, authHash, action, payload }),
+    });
+    return (await resp.json());
+}
+// --- Proxy ---
+class ProxyServer {
+    config = null;
+    pagesUrl;
+    code;
+    encKeyB64;
+    aesKey = null;
+    codeId = null;
+    authHash = null;
+    pollTimer = null;
+    servers = new Map();
+    toolRoute = new Map();
+    initialized = false;
+    constructor(pagesUrl) {
+        this.pagesUrl = pagesUrl.replace(/\/+$/, "");
+        this.code = (0, node_crypto_1.randomBytes)(64).toString("base64url");
+        this.encKeyB64 = (0, node_crypto_1.randomBytes)(32).toString("base64url");
+    }
+    get setupUrl() {
+        return `${this.pagesUrl}/setup.html#code=${this.code}&key=${this.encKeyB64}`;
+    }
+    get hostHeaders() {
+        return {
+            "Content-Type": "application/json",
+            Accept: "application/json, text/event-stream",
+            Authorization: `Bearer ${this.config?.authToken ?? ""}`,
+        };
+    }
+    async ensureDerivedKeys() {
+        if (!this.aesKey)
+            this.aesKey = await importAesKey(this.encKeyB64);
+        if (!this.codeId)
+            this.codeId = await deriveCodeId(this.code);
+        if (!this.authHash)
+            this.authHash = await deriveAuthHash(this.encKeyB64, this.code);
+        return { aesKey: this.aesKey, codeId: this.codeId, authHash: this.authHash };
+    }
+    start() {
+        this.startPairing();
+        const stdinBuffer = new protocol_js_1.LineBuffer();
+        process.stdin.setEncoding("utf-8");
+        process.stdin.on("data", (chunk) => {
+            const lines = stdinBuffer.push(chunk);
+            for (const line of lines) {
+                this.handleLine(line).catch((err) => {
+                    process.stderr.write(`Proxy error: ${err.message}\n`);
+                });
+            }
+        });
+        process.stdin.on("end", () => {
+            process.exit(0);
+        });
+    }
+    async handleLine(line) {
+        let parsed;
+        try {
+            parsed = JSON.parse(line);
+        }
+        catch {
+            return;
+        }
+        const id = parsed.id ?? null;
+        if (id === null)
+            return;
+        if (!this.config) {
+            process.stdout.write((0, protocol_js_1.jsonRpcError)(protocol_js_1.ErrorCode.PROXY_NOT_CONFIGURED, `Visit ${this.setupUrl}`, id) + "\n");
+            return;
+        }
+        switch (parsed.method) {
+            case "initialize":
+                this.sendResult(id, {
+                    protocolVersion: "2024-11-05",
+                    capabilities: { tools: {} },
+                    serverInfo: { name: protocol_js_1.PACKAGE_NAME, version: protocol_js_1.PACKAGE_VERSION },
+                });
+                return;
+            case "tools/list":
+                if (!this.initialized)
+                    await this.discoverServers();
+                this.sendResult(id, { tools: this.getFilteredTools() });
+                return;
+            case "tools/call":
+                await this.handleToolCall(id, parsed.params);
+                return;
+            default:
+                process.stdout.write((0, protocol_js_1.jsonRpcError)(-32601, `Method not found: ${parsed.method}`, id) + "\n");
+        }
+    }
+    async handleToolCall(id, params) {
+        const prefixedName = params.name;
+        const serverName = this.toolRoute.get(prefixedName);
+        if (!serverName) {
+            process.stdout.write((0, protocol_js_1.jsonRpcError)(-32602, `Unknown tool: ${prefixedName}`, id) + "\n");
+            return;
+        }
+        const originalName = prefixedName.slice(serverName.length + TOOL_SEPARATOR.length);
+        const server = this.servers.get(serverName);
+        const targetUrl = `${this.config.tunnelUrl}/servers/${serverName}`;
+        const headers = { ...this.hostHeaders };
+        if (server.sessionId)
+            headers["Mcp-Session-Id"] = server.sessionId;
+        try {
+            const body = JSON.stringify({
+                jsonrpc: "2.0",
+                id,
+                method: "tools/call",
+                params: { name: originalName, arguments: params.arguments },
+            });
+            const upstream = await fetch(targetUrl, { method: "POST", headers, body });
+            server.sessionId = upstream.headers.get("mcp-session-id") ?? server.sessionId;
+            const responseBody = await upstream.text();
+            if (responseBody)
+                process.stdout.write(responseBody + "\n");
+        }
+        catch (err) {
+            process.stdout.write((0, protocol_js_1.jsonRpcError)(protocol_js_1.ErrorCode.HOST_UNREACHABLE, err.message, id) + "\n");
+        }
+    }
+    getFilteredTools() {
+        const selectedSet = this.config?.selectedTools?.length
+            ? new Set(this.config.selectedTools)
+            : null;
+        const tools = [];
+        for (const [serverName, state] of this.servers) {
+            for (const tool of state.tools) {
+                const prefixed = `${serverName}${TOOL_SEPARATOR}${tool.name}`;
+                if (selectedSet && !selectedSet.has(prefixed))
+                    continue;
+                tools.push({
+                    ...tool,
+                    name: prefixed,
+                    description: `[${serverName}] ${tool.description ?? ""}`.trim(),
+                });
+            }
+        }
+        return tools;
+    }
+    async discoverServers() {
+        if (!this.config)
+            return;
+        try {
+            const listResp = await fetch(`${this.config.tunnelUrl}/`, { headers: this.hostHeaders });
+            const listData = (await listResp.json());
+            const serverNames = listData.servers ?? [];
+            // Skip servers whose names contain the tool separator to prevent routing confusion
+            const safeNames = serverNames.filter((name) => {
+                if (name.includes(TOOL_SEPARATOR)) {
+                    process.stderr.write(`  [${name}] skipped: name contains '${TOOL_SEPARATOR}'\n`);
+                    return false;
+                }
+                return true;
+            });
+            process.stderr.write(`  Discovered servers: ${safeNames.join(", ")}\n`);
+            for (const name of safeNames) {
+                await this.initServer(name);
+            }
+            this.toolRoute.clear();
+            for (const [serverName, state] of this.servers) {
+                for (const tool of state.tools) {
+                    this.toolRoute.set(`${serverName}${TOOL_SEPARATOR}${tool.name}`, serverName);
+                }
+            }
+            this.initialized = true;
+            process.stderr.write(`  Total tools: ${this.toolRoute.size}\n\n`);
+        }
+        catch (err) {
+            process.stderr.write(`  Discovery failed: ${err.message}\n`);
+        }
+    }
+    async initServer(name) {
+        const targetUrl = `${this.config.tunnelUrl}/servers/${name}`;
+        const headers = { ...this.hostHeaders };
+        try {
+            const initResp = await fetch(targetUrl, {
+                method: "POST",
+                headers,
+                body: JSON.stringify({
+                    jsonrpc: "2.0",
+                    id: `init-${name}`,
+                    method: "initialize",
+                    params: {
+                        protocolVersion: "2024-11-05",
+                        capabilities: {},
+                        clientInfo: { name: protocol_js_1.PACKAGE_NAME, version: protocol_js_1.PACKAGE_VERSION },
+                    },
+                }),
+            });
+            const sessionId = initResp.headers.get("mcp-session-id") ?? undefined;
+            if (sessionId)
+                headers["Mcp-Session-Id"] = sessionId;
+            await fetch(targetUrl, {
+                method: "POST",
+                headers,
+                body: JSON.stringify({ jsonrpc: "2.0", method: "notifications/initialized", params: {} }),
+            });
+            const toolsResp = await fetch(targetUrl, {
+                method: "POST",
+                headers,
+                body: JSON.stringify({ jsonrpc: "2.0", id: `tools-${name}`, method: "tools/list", params: {} }),
+            });
+            const toolsData = (await toolsResp.json());
+            const tools = toolsData.result?.tools ?? [];
+            this.servers.set(name, { sessionId, tools });
+            process.stderr.write(`  [${name}] ${tools.length} tools\n`);
+        }
+        catch (err) {
+            process.stderr.write(`  [${name}] init failed: ${err.message}\n`);
+        }
+    }
+    sendResult(id, result) {
+        process.stdout.write(JSON.stringify({ jsonrpc: "2.0", id, result }) + "\n");
+    }
+    async startPairing() {
+        if (this.pollTimer)
+            clearInterval(this.pollTimer);
+        const previousConfig = this.config;
+        this.code = (0, node_crypto_1.randomBytes)(64).toString("base64url");
+        this.encKeyB64 = (0, node_crypto_1.randomBytes)(32).toString("base64url");
+        this.aesKey = null;
+        this.codeId = null;
+        this.authHash = null;
+        this.config = null;
+        this.initialized = false;
+        this.servers.clear();
+        this.toolRoute.clear();
+        // Seed with encrypted previous config (unsealed) — skip on first pairing
+        if (previousConfig) {
+            try {
+                const { aesKey, codeId, authHash } = await this.ensureDerivedKeys();
+                const payload = await encrypt(aesKey, JSON.stringify({ ...previousConfig, sealed: false }));
+                await rpc(this.pagesUrl, codeId, authHash, "write", payload);
+            }
+            catch {
+                // Non-critical
+            }
+        }
+        process.stderr.write(`\n  Configure at: ${this.setupUrl}\n\n`);
+        process.stderr.write(`  Waiting for configuration...\n`);
+        this.pollTimer = setInterval(() => this.pollConfig(), POLL_INTERVAL);
+    }
+    async pollConfig() {
+        try {
+            const { aesKey, codeId, authHash } = await this.ensureDerivedKeys();
+            const result = await rpc(this.pagesUrl, codeId, authHash, "read");
+            if (result.payload) {
+                const plaintext = await decrypt(aesKey, result.payload);
+                const data = JSON.parse(plaintext);
+                if (data.tunnelUrl && data.authToken && data.serverName && data.sealed) {
+                    data.tunnelUrl = data.tunnelUrl.replace(/\/+$/, "");
+                    this.config = data;
+                    if (this.pollTimer)
+                        clearInterval(this.pollTimer);
+                    this.pollTimer = null;
+                    process.stderr.write(`  Paired! tunnel=${data.tunnelUrl}\n`);
+                    await this.discoverServers();
+                }
+            }
+        }
+        catch {
+            // Silently retry
+        }
+    }
+}
+function main() {
+    const pagesUrl = (0, protocol_js_1.getArg)("--pages-url") ?? process.env.MCP_PROXY_PAGES_URL ?? protocol_js_1.DEFAULT_PAGES_URL;
+    const proxy = new ProxyServer(pagesUrl);
+    proxy.start();
+}
+main();

package/mcp/dist/shared/generated.d.ts

@@ -0,0 +1,2 @@
+export declare const PACKAGE_NAME = "@silver886/mcp-proxy";
+export declare const PACKAGE_VERSION = "0.1.1";

package/mcp/dist/shared/generated.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PACKAGE_VERSION = exports.PACKAGE_NAME = void 0;
+exports.PACKAGE_NAME = "@silver886/mcp-proxy";
+exports.PACKAGE_VERSION = "0.1.1";

package/mcp/dist/shared/protocol.d.ts

@@ -0,0 +1,40 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+export { PACKAGE_NAME, PACKAGE_VERSION } from "./generated.js";
+export declare const DEFAULT_HOST = "127.0.0.1";
+export declare const DEFAULT_PORT = 6270;
+export declare const DEFAULT_PAGES_URL = "https://mcp-proxy.pages.dev";
+export declare const ErrorCode: {
+    readonly INTERNAL: -32603;
+    readonly PROXY_NOT_CONFIGURED: -32001;
+    readonly HOST_UNREACHABLE: -32002;
+    readonly PROCESS_EXITED: -32003;
+    readonly PROCESS_NOT_RUNNING: -32004;
+    readonly REQUEST_TIMEOUT: -32005;
+};
+export declare const ErrorMessage: {
+    readonly [-32603]: "Internal error";
+    readonly [-32001]: "Proxy not configured";
+    readonly [-32002]: "Host agent unreachable";
+    readonly [-32003]: "Server process exited";
+    readonly [-32004]: "Server process not running";
+    readonly [-32005]: "Request timed out";
+};
+export declare function jsonRpcError(code: number, detail?: string, id?: string | number | null): string;
+export declare function readBody(req: IncomingMessage): Promise<string>;
+export declare function getArg(name: string): string | undefined;
+export declare function createServer(handler: (req: IncomingMessage, res: ServerResponse) => Promise<void>): import("http").Server<typeof IncomingMessage, typeof ServerResponse>;
+export declare class LineBuffer {
+    private buffer;
+    push(chunk: string): string[];
+}
+export interface ServerConfig {
+    command: string;
+    args: string[];
+    env?: Record<string, string>;
+    shell?: boolean;
+}
+export interface HostAgentConfig {
+    servers: Record<string, ServerConfig>;
+    host?: string;
+    port?: number;
+}

package/mcp/dist/shared/protocol.js

@@ -0,0 +1,74 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LineBuffer = exports.ErrorMessage = exports.ErrorCode = exports.DEFAULT_PAGES_URL = exports.DEFAULT_PORT = exports.DEFAULT_HOST = exports.PACKAGE_VERSION = exports.PACKAGE_NAME = void 0;
+exports.jsonRpcError = jsonRpcError;
+exports.readBody = readBody;
+exports.getArg = getArg;
+exports.createServer = createServer;
+const node_http_1 = require("node:http");
+var generated_js_1 = require("./generated.js");
+Object.defineProperty(exports, "PACKAGE_NAME", { enumerable: true, get: function () { return generated_js_1.PACKAGE_NAME; } });
+Object.defineProperty(exports, "PACKAGE_VERSION", { enumerable: true, get: function () { return generated_js_1.PACKAGE_VERSION; } });
+exports.DEFAULT_HOST = "127.0.0.1";
+exports.DEFAULT_PORT = 6270;
+exports.DEFAULT_PAGES_URL = "https://mcp-proxy.pages.dev";
+// JSON-RPC error codes (-32000 to -32099 = server-defined, -32603 = spec internal error)
+exports.ErrorCode = {
+    INTERNAL: -32603, // JSON-RPC spec: internal error
+    PROXY_NOT_CONFIGURED: -32001, // Proxy has not been paired yet
+    HOST_UNREACHABLE: -32002, // Cannot reach the host agent via tunnel
+    PROCESS_EXITED: -32003, // MCP server child process exited unexpectedly
+    PROCESS_NOT_RUNNING: -32004, // MCP server child process is not running
+    REQUEST_TIMEOUT: -32005, // MCP server did not respond in time
+};
+exports.ErrorMessage = {
+    [exports.ErrorCode.INTERNAL]: "Internal error",
+    [exports.ErrorCode.PROXY_NOT_CONFIGURED]: "Proxy not configured",
+    [exports.ErrorCode.HOST_UNREACHABLE]: "Host agent unreachable",
+    [exports.ErrorCode.PROCESS_EXITED]: "Server process exited",
+    [exports.ErrorCode.PROCESS_NOT_RUNNING]: "Server process not running",
+    [exports.ErrorCode.REQUEST_TIMEOUT]: "Request timed out",
+};
+// JSON-RPC error response helper
+function jsonRpcError(code, detail, id = null) {
+    const base = exports.ErrorMessage[code] ?? "Unknown error";
+    const message = detail ? `${base}: ${detail}` : base;
+    return JSON.stringify({ jsonrpc: "2.0", error: { code, message }, id });
+}
+// Read full request body as string
+function readBody(req) {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        req.on("data", (c) => chunks.push(c));
+        req.on("end", () => resolve(Buffer.concat(chunks).toString("utf-8")));
+        req.on("error", reject);
+    });
+}
+// Parse CLI argument by name: --flag value
+function getArg(name) {
+    const idx = process.argv.indexOf(name);
+    return idx !== -1 && idx + 1 < process.argv.length ? process.argv[idx + 1] : undefined;
+}
+// Create HTTP server with async handler and error catching
+function createServer(handler) {
+    return (0, node_http_1.createServer)((req, res) => {
+        handler(req, res).catch((err) => {
+            console.error(`Request handler error: ${err.message}`);
+            if (!res.headersSent) {
+                res.writeHead(500, { "Content-Type": "application/json" });
+                res.end(jsonRpcError(exports.ErrorCode.INTERNAL));
+            }
+        });
+    });
+}
+// Line-buffered reader: accumulates chunks and yields complete lines
+class LineBuffer {
+    buffer = "";
+    push(chunk) {
+        this.buffer += chunk;
+        const parts = this.buffer.split("\n");
+        this.buffer = parts.pop(); // Keep incomplete trailing segment
+        return parts.filter((line) => line.trim().length > 0);
+    }
+}
+exports.LineBuffer = LineBuffer;

package/package.json

@@ -0,0 +1,30 @@
+{
+  "name": "@silver886/mcp-proxy",
+  "version": "0.1.1",
+  "description": "MCP proxy bridge: forward MCP requests across network boundaries via Cloudflare tunnel",
+  "license": "MIT",
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "proxy",
+    "tunnel",
+    "cloudflare-tunnel",
+    "remote",
+    "wsl",
+    "docker"
+  ],
+  "bin": {
+    "host": "mcp/dist/host.js",
+    "proxy": "mcp/dist/proxy.js"
+  },
+  "files": [
+    "mcp/dist"
+  ],
+  "dependencies": {
+    "cloudflared": "^0.7.1"
+  },
+  "scripts": {
+    "build": "pnpm --filter @silver886/mcp-proxy-mcp build",
+    "deploy:pages": "pnpm --filter @silver886/mcp-proxy-pages run deploy"
+  }
+}