mcp-browser/scripts/run_mcp_ngrok.sh

#!/usr/bin/env bash
set -euo pipefail

usage() {
  cat <<'USAGE'
Usage: run_mcp_ngrok.sh [options] [-- additional mcp-browser args]

Launch mcp-browser in streamable-http mode and expose it via an ngrok HTTPS
endpoint. By default the script uses a minimal temporary configuration that
only exposes the built-in tools; pass --config/--server if you want something
else.

Options:
  --config PATH            Path to mcp-browser config file.
  --server NAME            Server entry to use (optional).
  --http-host HOST         Local interface for the gateway (default: 127.0.0.1).
  --http-port PORT         Local port for the gateway (default: auto).
  --http-path PATH         HTTP path prefix (default: /mcp).
  --allow-origin ORIGIN    Value for Access-Control-Allow-Origin header
                           (default: https://platform.openai.com).
  --ngrok-domain DOMAIN    Reserved ngrok domain to use (optional).
  --ngrok-region REGION    ngrok region code (optional).
  --ngrok-oauth-policy-file PROVIDER   Enable ngrok OAuth (e.g. google, github).
  --ngrok-inspect true|false    Enable ngrok inspector (default: false).
  --mcp-arg ARG             Extra argument passed to mcp-browser (repeatable).
  --ngrok-arg ARG           Extra argument passed to ngrok (repeatable).
  -h, --help                Show this help message.

Environment overrides:
  MCP_BROWSER_BIN  (default: mcp-browser)
  NGROK_BIN        (default: ngrok)

The script keeps both processes running and forwards termination signals.
USAGE
}

MCP_BIN=${MCP_BROWSER_BIN:-mcp-browser}
NGROK_BIN=${NGROK_BIN:-ngrok}
CONFIG_PATH=""
SERVER_NAME=""
HTTP_HOST="127.0.0.1"
HTTP_PORT=""
HTTP_PATH="/mcp"
ALLOW_ORIGIN="https://platform.openai.com"
NGROK_DOMAIN=""
NGROK_REGION=""
NGROK_OAUTH_POLICY_FILE=""
#""$(dirname $0)/oauth_policy.yml"
NGROK_INSPECT="true"
MCP_EXTRA_ARGS=()
NGROK_EXTRA_ARGS=()

while [[ $# -gt 0 ]]; do
  case "$1" in
    --config)
      CONFIG_PATH=$2; shift 2;;
    --server)
      SERVER_NAME=$2; shift 2;;
    --http-host)
      HTTP_HOST=$2; shift 2;;
    --http-port)
      HTTP_PORT=$2; shift 2;;
    --http-path)
      HTTP_PATH=$2; shift 2;;
    --allow-origin)
      ALLOW_ORIGIN=$2; shift 2;;
    --ngrok-domain)
      NGROK_DOMAIN=$2; shift 2;;
    --ngrok-region)
      NGROK_REGION=$2; shift 2;;
    --ngrok-oauth-policy-file)
      NGROK_OAUTH_POLICY_FILE=$2; shift 2;;
    --ngrok-inspect)
      NGROK_INSPECT=$2; shift 2;;
    --mcp-arg)
      MCP_EXTRA_ARGS+=("$2"); shift 2;;
    --ngrok-arg)
      NGROK_EXTRA_ARGS+=("$2"); shift 2;;
    -h|--help)
      usage; exit 0;;
    --)
      shift
      if [[ $# -gt 0 ]]; then
        for arg in "$@"; do
          MCP_EXTRA_ARGS+=("$arg")
        done
      fi
      break;;
    *)
      echo "Unknown option: $1" >&2
      usage
      exit 1;;
  esac
done

if ! command -v "$MCP_BIN" >/dev/null 2>&1; then
  echo "Error: mcp-browser binary '$MCP_BIN' not found" >&2
  exit 1
fi
if ! command -v "$NGROK_BIN" >/dev/null 2>&1; then
  echo "Error: ngrok binary '$NGROK_BIN' not found" >&2
  exit 1
fi

if [[ -z "$HTTP_PORT" ]]; then
  if ! HTTP_PORT=$(python3 - <<'PY'
import socket
try:
    s = socket.socket()
    s.bind(('127.0.0.1', 0))
    port = s.getsockname()[1]
    s.close()
    print(port)
except Exception:
    raise SystemExit(1)
PY
  ); then
    HTTP_PORT=39129
  fi
fi

HTTP_PATH="/${HTTP_PATH#/}"

MCP_CMD=("$MCP_BIN" --mode streamable-http \
         --http-host "$HTTP_HOST" --http-port "$HTTP_PORT" \
         --http-path "$HTTP_PATH" --http-allow-origin "$ALLOW_ORIGIN")
if [[ -n "$SERVER_NAME" ]]; then
  MCP_CMD+=(--server "$SERVER_NAME")
fi
if [[ -n "$CONFIG_PATH" ]]; then
  MCP_CMD+=(--config "$CONFIG_PATH")
fi
[[ ${#MCP_EXTRA_ARGS[@]} -gt 0 ]] && MCP_CMD+=("${MCP_EXTRA_ARGS[@]}")

MCP_LOG=$(mktemp -t mcp-browser-gateway.XXXXXX.log)
NGROK_LOG=$(mktemp -t ngrok-mcp.XXXXXX.log)

cleanup() {
  [[ -n "${NGROK_PID:-}" ]] && kill "$NGROK_PID" >/dev/null 2>&1 || true
  [[ -n "${MCP_PID:-}" ]] && kill "$MCP_PID" >/dev/null 2>&1 || true
}
trap cleanup EXIT INT TERM

"${MCP_CMD[@]}" >"$MCP_LOG" 2>&1 &
MCP_PID=$!

ready=0
for _ in {1..60}; do
  if ! kill -0 "$MCP_PID" >/dev/null 2>&1; then
    echo "mcp-browser exited early. Recent log output:" >&2
    tail -n 40 "$MCP_LOG" >&2 || true
    wait "$MCP_PID" >/dev/null 2>&1 || true
    exit 1
  fi
  if grep -q "Streamable HTTP gateway listening" "$MCP_LOG"; then
    ready=1
    break
  fi
  sleep 0.5
done

if [[ $ready -ne 1 ]]; then
  echo "Gateway did not become ready within timeout. Recent log output:" >&2
  tail -n 40 "$MCP_LOG" >&2 || true
  exit 1
fi

NGROK_CMD=("$NGROK_BIN" http "http://$HTTP_HOST:$HTTP_PORT")
NGROK_CMD+=(--request-header-add "X-MCP-Gateway:true")
NGROK_CMD+=(--request-header-add "ngrok-skip-browser-warning:1")
NGROK_CMD+=(--response-header-add "Cache-Control:no-store")
NGROK_CMD+=(--inspect="$NGROK_INSPECT")
if [[ -n "$NGROK_DOMAIN" ]]; then
  NGROK_CMD+=(--domain "$NGROK_DOMAIN")
fi
if [[ -n "$NGROK_REGION" ]]; then
  NGROK_CMD+=(--region "$NGROK_REGION")
fi
if [[ -n "$NGROK_OAUTH_POLICY_FILE" ]]; then
  NGROK_CMD+=(--traffic-policy-file=$NGROK_OAUTH_POLICY_FILE)
fi

[[ ${#NGROK_EXTRA_ARGS[@]} -gt 0 ]] && NGROK_CMD+=("${NGROK_EXTRA_ARGS[@]}")

"${NGROK_CMD[@]}" >"$NGROK_LOG" 2>&1 &
NGROK_PID=$!

# Wait for ngrok API to report tunnel URL
PUBLIC_URL=""
for _ in {1..60}; do
  sleep 0.5
  PUBLIC_URL=$(python3 - <<'PY'
import json
import sys
import urllib.request
try:
    with urllib.request.urlopen('http://127.0.0.1:4040/api/tunnels') as resp:
        data = json.load(resp)
except Exception:
    sys.exit(1)
for tunnel in data.get('tunnels', []):
    url = tunnel.get('public_url')
    if url:
        print(url)
        sys.exit(0)
sys.exit(1)
PY
) && break
  PUBLIC_URL=""
done

if [[ -z "$PUBLIC_URL" ]]; then
  echo "ngrok tunnel did not start. See $NGROK_LOG" >&2
  exit 1
fi

cat <<EOF
mcp-browser gateway running on http://$HTTP_HOST:$HTTP_PORT$HTTP_PATH
ngrok tunnel available at: $PUBLIC_URL$HTTP_PATH

Local logs:
  mcp-browser: $MCP_LOG
  ngrok:       $NGROK_LOG

Press Ctrl+C to stop.
EOF

echo "Showing log files"
tail -f $MCP_LOG $NGROK_LOG