Skip to content

feat: add remote MCP server on Cloudflare Workers#26

Merged
ivelin-web merged 1 commit into
mainfrom
feat/remote-mcp-cloudflare
Apr 30, 2026
Merged

feat: add remote MCP server on Cloudflare Workers#26
ivelin-web merged 1 commit into
mainfrom
feat/remote-mcp-cloudflare

Conversation

@ivelin-web

@ivelin-web ivelin-web commented Apr 30, 2026

Copy link
Copy Markdown
Owner

Summary

Hosts a multi-tenant MCP server on Cloudflare Workers alongside the existing stdio binary, so end users can paste a personal URL into Claude.ai or ChatGPT instead of running anything locally.

  • New src/remote/{worker,agent,setup,storage}.ts — Worker entrypoint, per-request McpServer factory, /setup onboarding form, and AES-GCM credential storage in Workers KV.
  • jira.ts and tools.ts refactored onto a per-request Ctx so the same code serves stdio and the Worker without a process-wide config singleton. oauth.ts and the OAuth path stay stdio-only via dynamic import.
  • Hardening: per-IP rate limit on POST /setup (Cloudflare Rate Limiting binding), Cache-Control: no-store + Referrer-Policy: no-referrer on /setup, AES-GCM 256 with per-record IV, 404-on-unknown-id for /mcp/u_<id>.
  • Build split: tsconfig.node.json for the npm CLI, tsconfig.worker.json for the Worker bundle. The npm package still ships only build/.
  • README documents fork-and-deploy, troubleshooting, and the `ENCRYPTION_KEY`-is-permanent caveat. `wrangler.jsonc` is committed with an empty KV id so each deployer wires their own.

Existing stdio users see no behaviour change — same 7 tools, same env vars, same build artefact.

Test plan

  • `npm run build` (Node CLI bundle)
  • `npm run remote:typecheck` (Worker bundle)
  • `npm run lint` (0 errors)
  • `npm run format:check`
  • `npx wrangler deploy --dry-run` — confirms KV + rate-limit bindings
  • Live deploy to Cloudflare and end-to-end test via Claude.ai connector

@ivelin-web
feat: add remote MCP server on Cloudflare Workers
136babc 
Hosts a multi-tenant MCP server alongside the existing stdio binary so
end users can paste a personal URL into Claude.ai or ChatGPT instead of
running anything locally.

- src/remote/{worker,agent,setup,storage}.ts: Worker entrypoint, per-
  request McpServer factory, /setup onboarding form, and AES-GCM
  credential storage in Workers KV.
- Refactor jira.ts and tools.ts onto a per-request Ctx so the same code
  serves stdio and the Worker without a process-wide config singleton.
  oauth.ts and the OAuth path stay stdio-only via a dynamic import.
- Hardening: per-IP rate limit on POST /setup (Cloudflare Rate Limiting
  binding), Cache-Control: no-store + Referrer-Policy: no-referrer on
  /setup responses, AES-GCM 256 with per-record IV, 404-on-unknown-id
  for /mcp/u_<id>.
- Build split: tsconfig.node.json for the npm CLI, tsconfig.worker.json
  for the Worker bundle. npm package still ships only build/.
- README documents fork-and-deploy, troubleshooting, and the
  ENCRYPTION_KEY-is-permanent caveat. wrangler.jsonc is committed with
  an empty KV id so each deployer wires their own.
@ivelin-web ivelin-web merged commit 55b1774 into main Apr 30, 2026
1 check passed
@ivelin-web ivelin-web deleted the feat/remote-mcp-cloudflare branch April 30, 2026 10:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ivelin-web