chelydra
/
mcp-browser
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: harden ngrok helper defaults

This commit is contained in:
gpt-5-codex 2025-10-11 07:37:42 +02:00 committed by Andre Heinecke
parent 1d1dd262c6
commit 49963ca58f
2 changed files with 54 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/NGROK.md
View File

@ -1,9 +1,10 @@
# Publishing mcp-browser with ngrok # Publishing mcp-browser with ngrok
The `scripts/run_mcp_ngrok.sh` helper launches `mcp-browser` in The `scripts/run_mcp_ngrok.sh` helper launches `mcp-browser` in
streamable-http mode and exposes it through an ngrok tunnel. By default it uses streamable-http mode and exposes it through an ngrok tunnel. If you do not
whatever server is marked as default in your configuration (or you can specify provide `--config`, the script spins up an ephemeral config that exposes only
one explicitly with `--server`). the built-in tools. Otherwise it will respect your chosen server (or the
default entry in your config).
```bash ```bash
./scripts/run_mcp_ngrok.sh \ ./scripts/run_mcp_ngrok.sh \
@ -23,8 +24,8 @@ tunnel is ready.
Useful options: Useful options:
- `--server chrome` publish a different server entry from your config. - `--config ~/.claude/mcp-browser/config.yaml` point at your own config file
- `--config ~/.claude/mcp-browser/config.yaml` point at a custom config file. (often combined with `--server <name>`).
- `--ngrok-region eu` or `--ngrok-domain your-name.ngrok.app` choose a region - `--ngrok-region eu` or `--ngrok-domain your-name.ngrok.app` choose a region
or reserved domain. or reserved domain.
- `--ngrok-oauth-provider google --ngrok-oauth-allow-email you@example.com` - `--ngrok-oauth-provider google --ngrok-oauth-allow-email you@example.com`

64
scripts/run_mcp_ngrok.sh
View File

@ -6,8 +6,9 @@ usage() {
Usage: run_mcp_ngrok.sh [options] [-- additional mcp-browser args] Usage: run_mcp_ngrok.sh [options] [-- additional mcp-browser args]
Launch mcp-browser in streamable-http mode and expose it via an ngrok HTTPS Launch mcp-browser in streamable-http mode and expose it via an ngrok HTTPS
endpoint. By default it uses the configured default MCP server, but you can endpoint. By default the script uses a minimal temporary configuration that
override that with --server if needed. only exposes the built-in tools; pass --config/--server if you want something
else.
Options: Options:
--config PATH Path to mcp-browser config file. --config PATH Path to mcp-browser config file.
@ -53,6 +54,7 @@ NGROK_OAUTH_SCOPES=()
NGROK_INSPECT="false" NGROK_INSPECT="false"
MCP_EXTRA_ARGS=() MCP_EXTRA_ARGS=()
NGROK_EXTRA_ARGS=() NGROK_EXTRA_ARGS=()
TEMP_CONFIG=""
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case "$1" in case "$1" in
@ -103,6 +105,21 @@ while [[ $# -gt 0 ]]; do
esac esac
done done
if [[ -z "$CONFIG_PATH" ]]; then
TEMP_CONFIG=$(mktemp -t mcp-ngrok-config.XXXXXX.yaml)
cat <<'EOF' > "$TEMP_CONFIG"
servers:
builtin-only:
name: builtin-only
command: null
default_server: builtin-only
sparse_mode: true
enable_builtin_servers: true
EOF
CONFIG_PATH="$TEMP_CONFIG"
[[ -z "$SERVER_NAME" ]] && SERVER_NAME="builtin-only"
fi
if ! command -v "$MCP_BIN" >/dev/null 2>&1; then if ! command -v "$MCP_BIN" >/dev/null 2>&1; then
echo "Error: mcp-browser binary '$MCP_BIN' not found" >&2 echo "Error: mcp-browser binary '$MCP_BIN' not found" >&2
exit 1 exit 1
@ -113,15 +130,20 @@ if ! command -v "$NGROK_BIN" >/dev/null 2>&1; then
fi fi
if [[ -z "$HTTP_PORT" ]]; then if [[ -z "$HTTP_PORT" ]]; then
HTTP_PORT=$(python3 - <<'PY' if ! HTTP_PORT=$(python3 - <<'PY'
import socket import socket
try:
s = socket.socket() s = socket.socket()
s.bind(('127.0.0.1', 0)) s.bind(('127.0.0.1', 0))
port = s.getsockname()[1] port = s.getsockname()[1]
s.close() s.close()
print(port) print(port)
except Exception:
raise SystemExit(1)
PY PY
) ); then
HTTP_PORT=39129
fi
fi fi
HTTP_PATH="/${HTTP_PATH#/}" HTTP_PATH="/${HTTP_PATH#/}"
@ -143,29 +165,28 @@ NGROK_LOG=$(mktemp -t ngrok-mcp.XXXXXX.log)
cleanup() { cleanup() {
[[ -n "${NGROK_PID:-}" ]] && kill "$NGROK_PID" >/dev/null 2>&1 || true [[ -n "${NGROK_PID:-}" ]] && kill "$NGROK_PID" >/dev/null 2>&1 || true
[[ -n "${MCP_PID:-}" ]] && kill "$MCP_PID" >/dev/null 2>&1 || true [[ -n "${MCP_PID:-}" ]] && kill "$MCP_PID" >/dev/null 2>&1 || true
[[ -n "$TEMP_CONFIG" && -f "$TEMP_CONFIG" ]] && rm -f "$TEMP_CONFIG"
} }
trap cleanup EXIT INT TERM trap cleanup EXIT INT TERM
"${MCP_CMD[@]}" >"$MCP_LOG" 2>&1 & "${MCP_CMD[@]}" >"$MCP_LOG" 2>&1 &
MCP_PID=$! MCP_PID=$!
python3 - "$HTTP_HOST" "$HTTP_PORT" <<'PY' ready=0
import socket, time, sys for _ in {1..60}; do
host, port = sys.argv[1], int(sys.argv[2]) if ! kill -0 "$MCP_PID" >/dev/null 2>&1; then
for _ in range(200): echo "mcp-browser exited early. See $MCP_LOG" >&2
sock = socket.socket() exit 1
try: fi
sock.connect((host, port)) if grep -q "Streamable HTTP gateway listening" "$MCP_LOG"; then
sock.close() ready=1
sys.exit(0) break
except OSError: fi
sock.close() sleep 0.5
time.sleep(0.05) done
print('Port not ready', file=sys.stderr)
sys.exit(1) if [[ $ready -ne 1 ]]; then
PY echo "Gateway did not become ready. See $MCP_LOG" >&2
if [[ $? -ne 0 ]]; then
echo "Failed to start mcp-browser gateway. See $MCP_LOG" >&2
exit 1 exit 1
fi fi
@ -234,3 +255,4 @@ Local logs:
ngrok: $NGROK_LOG ngrok: $NGROK_LOG
Press Ctrl+C to stop. Press Ctrl+C to stop.
EOF