npm - mcpbox - Versions diffs - 0.2.0 → 0.2.1 - Mend

mcpbox 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -7,12 +7,15 @@
 **MCPBox** is a lightweight gateway that exposes local stdio-based MCP (Model Context Protocol) servers via Streamable HTTP, enabling Claude and other AI agents to connect from anywhere.
-- Aggregate multiple local stdio servers behind a single HTTP endpoint
+- Runs multiple MCP stdio servers behind a single HTTP endpoint
 - Exposes Tools, Resources & Prompts
-- Namespaces with `servername__` prefix to avoid collisions (e.g., `github__create_issue`)
+- Namespaces with `servername__` prefix to avoid collisions
 - OAuth or API key authentication
-![mcpbox diagram](assets/diagram.excalidraw.png)
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="assets/diagram-dark.excalidraw.png">
+  <img src="assets/diagram.excalidraw.png" alt="mcpbox diagram">
+</picture>
 ## Quick Start
@@ -70,10 +73,10 @@ See [`mcpbox.example.jsonc`](mcpbox.example.jsonc) for all options. All string v
 To expose MCPBox remotely, put it behind a TLS-terminating reverse proxy.
-Before deploying:
-- [ ] Use `storage.type: "sqlite"` for persistence across restarts
-- [ ] Set `auth.issuer` to your public URL when using OAuth
-- [ ] Use bcrypt hashes for passwords
+Before deploying with OAuth:
+- [ ] Use sqlite storage for persistence across restarts
+- [ ] Set issuer to your public URL
+- [ ] Use bcrypt hashes for local passwords
 > [!NOTE]
 > MCPBox is single-instance only — don't run multiple instances behind a load balancer.
@@ -93,7 +96,9 @@ Then update your config with the generated public URL:
   "auth": {
     "type": "oauth",
     "issuer": "https://<tunnel-id>.trycloudflare.com",
-    "users": [{ "username": "admin", "password": "${MCPBOX_PASSWORD}" }],
+    "identityProviders": [
+      { "type": "local", "users": [{ "username": "admin", "password": "${MCPBOX_PASSWORD}" }] }
+    ],
     "dynamicRegistration": true
   },
   "storage": {
@@ -126,12 +131,28 @@ claude mcp add --transport http mcpbox https://your-mcpbox-url.com
 Requires `dynamicRegistration: true` in your config.
-### MCP clients with JSON config
+### Other MCP clients
+**With dynamic registration (OAuth)** — just provide the URL:
 ```json
 {
   "mcpServers": {
     "mcpbox": {
+      "type": "http",
+      "url": "https://your-mcpbox-url.com"
+    }
+  }
+}
+```
+**With API key:**
+```json
+{
+  "mcpServers": {
+    "mcpbox": {
+      "type": "http",
       "url": "https://your-mcpbox-url.com",
       "headers": {
         "Authorization": "Bearer YOUR_API_KEY"

package/dist/auth/oauth.js CHANGED Viewed

@@ -63,7 +63,7 @@ export class OAuthServer {
         return {
             resource: this.config.issuer,
             authorization_servers: [this.config.issuer],
-            scopes_supported: ["mcp:tools"],
+            scopes_supported: ["mcp"],
             bearer_methods_supported: ["header"],
             // Non-standard: logo for client display
             logo_uri: `${this.config.issuer}/logo.png`,
@@ -87,7 +87,7 @@ export class OAuthServer {
             token_endpoint: `${this.config.issuer}/token`,
             grant_types_supported: grantTypes,
             token_endpoint_auth_methods_supported: ["none", "client_secret_post"],
-            scopes_supported: ["mcp:tools"],
+            scopes_supported: ["mcp"],
         };
         // Only advertise authorization endpoint if identity providers are configured
         if (hasProviders) {
@@ -656,7 +656,7 @@ export class OAuthServer {
         this.store.saveAccessToken({
             token: hashSecret(accessToken),
             clientId,
-            scope: "mcp:tools",
+            scope: "mcp",
             expiresAt: Date.now() + expiresIn * 1000,
             userId: `client:${clientId}`, // Mark as client-authenticated
         });
@@ -666,7 +666,7 @@ export class OAuthServer {
             access_token: accessToken, // Return unhashed token to client
             token_type: "Bearer",
             expires_in: expiresIn,
-            scope: "mcp:tools",
+            scope: "mcp",
         });
     }
     // RFC 6749 Section 4.1: Authorization Code Grant

package/dist/index.js CHANGED Viewed

@@ -1,4 +1,5 @@
 #!/usr/bin/env node
+import { existsSync } from "node:fs";
 import { loadConfig, resolveConfigPath, } from "./config/loader.js";
 import { configureLogger, logger } from "./logger.js";
 import { createServer } from "./server.js";
@@ -33,10 +34,6 @@ function parseArgs(args) {
         else if (arg === "-c" || arg === "--config") {
             result.config = args[++i];
         }
-        else if (!arg.startsWith("-")) {
-            // Positional arg = config path (backwards compat)
-            result.config = arg;
-        }
     }
     return result;
 }
@@ -50,6 +47,10 @@ if (args.version) {
     process.exit(0);
 }
 const configPath = resolveConfigPath(args.config);
+if (args.config && !existsSync(configPath)) {
+    console.error(`Config file not found: ${configPath}`);
+    process.exit(1);
+}
 let config;
 let warnings;
 try {
@@ -57,7 +58,6 @@ try {
 }
 catch (error) {
     const message = error instanceof Error ? error.message : String(error);
-    // Log to stderr directly since logger config isn't loaded yet
     console.error(`Failed to load config from ${configPath}:\n${message}`);
     process.exit(1);
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mcpbox",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "A lightweight gateway that exposes local stdio-based MCP servers via Streamable HTTP",
   "main": "dist/index.js",
   "bin": {