openclaw-mcp 1.3.1 → 1.4.1

package/README.md

@@ -1,3 +1,5 @@
+<!-- mcp-name: io.github.freema/openclaw-mcp -->
+
 # OpenClaw MCP Server
 
 [![npm version](https://badge.fury.io/js/openclaw-mcp.svg)](https://www.npmjs.com/package/openclaw-mcp)

package/dist/index.js

@@ -5,7 +5,7 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
 
 // src/config/constants.ts
 var SERVER_NAME = "openclaw-mcp";
-var SERVER_VERSION = "1.3.1";
+var SERVER_VERSION = "1.4.1";
 var DEFAULT_OPENCLAW_URL = "http://127.0.0.1:18789";
 var DEFAULT_MODEL = "openclaw";
 var SERVER_ICON_SVG_BASE64 = "PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxMjgiIGhlaWdodD0iMTI4IiB2aWV3Qm94PSIwIDAgMTI4IDEyOCIgZmlsbD0ibm9uZSI+PGRlZnM+PGxpbmVhckdyYWRpZW50IGlkPSJiZyIgeDE9IjAlIiB5MT0iMCUiIHgyPSIxMDAlIiB5Mj0iMTAwJSI+PHN0b3Agb2Zmc2V0PSIwJSIgc3RvcC1jb2xvcj0iIzFhMWEyZSIvPjxzdG9wIG9mZnNldD0iMTAwJSIgc3RvcC1jb2xvcj0iIzE2MjEzZSIvPjwvbGluZWFyR3JhZGllbnQ+PGxpbmVhckdyYWRpZW50IGlkPSJjbGF3IiB4MT0iMCUiIHkxPSIwJSIgeDI9IjEwMCUiIHkyPSIxMDAlIj48c3RvcCBvZmZzZXQ9IjAlIiBzdG9wLWNvbG9yPSIjZmYzMzMzIi8+PHN0b3Agb2Zmc2V0PSIxMDAlIiBzdG9wLWNvbG9yPSIjY2MwMDAwIi8+PC9saW5lYXJHcmFkaWVudD48L2RlZnM+PHJlY3Qgd2lkdGg9IjEyOCIgaGVpZ2h0PSIxMjgiIHJ4PSIyNCIgZmlsbD0idXJsKCNiZykiLz48ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSg2NCA2NCkiIHN0cm9rZT0idXJsKCNjbGF3KSIgc3Ryb2tlLXdpZHRoPSI3IiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiIGZpbGw9Im5vbmUiPjxwYXRoIGQ9Ik0tMjggLTM4YzAgMCAtMTAgMjAgMCAzMiIvPjxwYXRoIGQ9Ik0tMTIgLTQwYzAgMCAtNiAyMiA0IDM0Ii8+PHBhdGggZD0iTTI4IC0zOGMwIDAgMTAgMjAgMCAzMiIvPjxwYXRoIGQ9Ik0xMiAtNDBjMCAwIDYgMjIgLTQgMzQiLz48Y2lyY2xlIGN4PSIwIiBjeT0iMTAiIHI9IjIwIiBzdHJva2Utd2lkdGg9IjYiLz48cGF0aCBkPSJNLTEwIDR2LTQiIHN0cm9rZS13aWR0aD0iNCIvPjxwYXRoIGQ9Ik0xMCA0di00IiBzdHJva2Utd2lkdGg9IjQiLz48cGF0aCBkPSJNLTggMjBjNCA2IDEyIDYgMTYgMCIgc3Ryb2tlLXdpZHRoPSIzIi8+PC9nPjwvc3ZnPg==";
@@ -114,6 +114,10 @@ function parseArguments(version) {
     type: "string",
     description: "Allowed OAuth redirect URIs (comma-separated)",
     default: process.env.MCP_REDIRECT_URIS || void 0
+  }).option("allow-dcr", {
+    type: "boolean",
+    description: "Allow OAuth Dynamic Client Registration (Cursor/Windsurf compatibility, dev-only)",
+    default: process.env.MCP_DANGEROUSLY_ALLOW_DCR === "true"
   }).help().parseSync();
   let instances;
   const instancesEnv = process.env.OPENCLAW_INSTANCES;
@@ -168,6 +172,7 @@ function parseArguments(version) {
     clientSecret: argv["client-secret"],
     issuerUrl: argv["issuer-url"],
     redirectUris: argv["redirect-uris"] ? argv["redirect-uris"].split(",").map((s) => s.trim()).filter(Boolean) : void 0,
+    allowDcr: argv["allow-dcr"],
     instances
   };
 }
@@ -1172,8 +1177,15 @@ var ALLOW_ANY_REDIRECT = new Proxy([], {
     return Reflect.get(target, prop);
   }
 });
+var MAX_DYNAMIC_CLIENTS = 100;
 var OpenClawClientsStore = class {
   client;
+  dynamicClients = /* @__PURE__ */ new Map();
+  // Assigned conditionally in the constructor. The MCP SDK probes
+  // `clientsStore.registerClient` at router-setup time and only advertises
+  // `/register` when the property is defined, so we must NOT define a no-op
+  // method on the prototype — it has to be instance-level and gated on config.
+  registerClient;
   constructor(config) {
     if (config.clientId && config.clientSecret) {
       const redirectUris = config.redirectUris && config.redirectUris.length > 0 ? config.redirectUris : ALLOW_ANY_REDIRECT;
@@ -1188,16 +1200,25 @@ var OpenClawClientsStore = class {
         client_id_issued_at: Math.floor(Date.now() / 1e3)
       };
     }
+    if (config.allowDynamicRegistration) {
+      this.registerClient = (client) => {
+        if (this.dynamicClients.size >= MAX_DYNAMIC_CLIENTS) {
+          const oldestKey = this.dynamicClients.keys().next().value;
+          if (oldestKey !== void 0) {
+            this.dynamicClients.delete(oldestKey);
+          }
+        }
+        this.dynamicClients.set(client.client_id, client);
+        return client;
+      };
+    }
   }
   async getClient(clientId) {
     if (this.client && this.client.client_id === clientId) {
       return this.client;
     }
-    return void 0;
+    return this.dynamicClients.get(clientId);
   }
-  // No registerClient — dynamic client registration is intentionally disabled.
-  // Only the pre-configured client from MCP_CLIENT_ID + MCP_CLIENT_SECRET can authenticate.
-  // This prevents anyone who knows the server URL from self-registering and bypassing auth.
 };
 var OpenClawAuthProvider = class {
   clientsStore;
@@ -1336,9 +1357,15 @@ var OpenClawAuthProvider = class {
       resource: tokenData.resource
     };
   }
-  async revokeToken(_client, request) {
-    this.tokens.delete(request.token);
-    this.refreshTokens.delete(request.token);
+  async revokeToken(client, request) {
+    const tokenData = this.tokens.get(request.token);
+    if (tokenData && tokenData.clientId === client.client_id) {
+      this.tokens.delete(request.token);
+    }
+    const refreshData = this.refreshTokens.get(request.token);
+    if (refreshData && refreshData.clientId === client.client_id) {
+      this.refreshTokens.delete(request.token);
+    }
   }
 };
 
@@ -1627,7 +1654,8 @@ async function main() {
       sseConfig.authConfig = {
         clientId: args.clientId,
         clientSecret: args.clientSecret,
-        redirectUris: args.redirectUris
+        redirectUris: args.redirectUris,
+        allowDynamicRegistration: args.allowDcr
       };
       log(`OAuth client ID: ${args.clientId}`);
       if (!args.redirectUris || args.redirectUris.length === 0) {
@@ -1635,6 +1663,24 @@ async function main() {
           "WARNING: MCP_REDIRECT_URIS not set \u2014 any redirect_uri will be accepted. Set MCP_REDIRECT_URIS for production."
         );
       }
+      if (args.allowDcr) {
+        const isLoopback = args.host === "127.0.0.1" || args.host === "localhost" || args.host === "::1";
+        const publicOptIn = process.env.MCP_DANGEROUSLY_ALLOW_DCR_PUBLIC === "true";
+        if (!isLoopback && !publicOptIn) {
+          logError(
+            `MCP_DANGEROUSLY_ALLOW_DCR=true is set but HOST="${args.host}" is not loopback. Dynamic Client Registration combined with a publicly reachable bind allows anyone on the network to obtain a token. Bind to 127.0.0.1, or set MCP_DANGEROUSLY_ALLOW_DCR_PUBLIC=true to override. Refusing to start.`
+          );
+          process.exit(1);
+        }
+        log(
+          "WARNING: MCP_DANGEROUSLY_ALLOW_DCR is enabled \u2014 OAuth Dynamic Client Registration is open. Any client that can reach this server may self-register and obtain tokens. Use for local development only."
+        );
+        if (publicOptIn) {
+          log(
+            "WARNING: MCP_DANGEROUSLY_ALLOW_DCR_PUBLIC=true \u2014 DCR is exposed on a non-loopback bind. You have explicitly accepted the risk."
+          );
+        }
+      }
     } else if (args.authEnabled && !args.clientId) {
       logError("AUTH_ENABLED=true but MCP_CLIENT_ID is not set. Refusing to start without auth.");
       process.exit(1);

package/docs/configuration.md

@@ -133,6 +133,8 @@ The server uses the MCP SDK's built-in OAuth 2.1 server with authorization code
 | `MCP_CLIENT_SECRET` | OAuth client secret                                         | When auth enabled          |
 | `MCP_ISSUER_URL`    | OAuth issuer URL override (e.g., `https://mcp.example.com`) | When behind HTTPS proxy    |
 | `MCP_REDIRECT_URIS` | Allowed redirect URIs (comma-separated)                     | Recommended for production |
+| `MCP_DANGEROUSLY_ALLOW_DCR`        | Enable Dynamic Client Registration (`true`/`false`)         | Dev only (see below)       |
+| `MCP_DANGEROUSLY_ALLOW_DCR_PUBLIC` | Escape hatch to allow DCR on non-loopback binds             | Never, unless you mean it  |
 
 **Client ID validation rules:**
 
@@ -153,4 +155,14 @@ When auth is enabled, the server exposes these OAuth 2.1 endpoints:
 - `POST /token` — Token exchange (requires client_secret)
 - `POST /revoke` — Token revocation
 
-Dynamic client registration is **disabled** — only the pre-configured client (from `MCP_CLIENT_ID` + `MCP_CLIENT_SECRET`) can authenticate. This prevents anyone who knows the server URL from self-registering and bypassing auth.
+Dynamic client registration is **disabled by default** — only the pre-configured client (from `MCP_CLIENT_ID` + `MCP_CLIENT_SECRET`) can authenticate. This prevents anyone who knows the server URL from self-registering and bypassing auth.
+
+#### Cursor / Windsurf compatibility (dev only)
+
+Cursor and Windsurf only support MCP servers that expose OAuth 2.0 Dynamic Client Registration (RFC 7591). To let them connect, set `MCP_DANGEROUSLY_ALLOW_DCR=true`. The server will then advertise a `/register` endpoint and accept ad-hoc client registrations (kept in an in-memory FIFO store, capped at 100 entries).
+
+`MCP_CLIENT_ID` and `MCP_CLIENT_SECRET` are still required — DCR augments the pre-configured client, it does not replace it. If you are only running Cursor locally you can use any valid values for them; they simply remain unused.
+
+**This is dev-only.** With DCR enabled alongside the server's auto-approve authorization flow, any client that can reach the server can register itself and obtain a token. To prevent accidental exposure the server refuses to start when `MCP_DANGEROUSLY_ALLOW_DCR=true` and `HOST` is not loopback (`127.0.0.1`, `localhost`, or `::1`). If you genuinely need DCR on a non-loopback bind (e.g., inside a trusted private network), also set `MCP_DANGEROUSLY_ALLOW_DCR_PUBLIC=true`.
+
+For production with Claude.ai, keep DCR disabled and use the pre-configured `MCP_CLIENT_ID` / `MCP_CLIENT_SECRET`.

package/package.json

@@ -1,6 +1,7 @@
 {
   "name": "openclaw-mcp",
-  "version": "1.3.1",
+  "version": "1.4.1",
+  "mcpName": "io.github.freema/openclaw-mcp",
   "description": "Model Context Protocol (MCP) server for OpenClaw AI assistant integration",
   "author": "Tomáš Grasl <https://www.tomasgrasl.cz/>",
   "license": "MIT",