Skip to main content

Remote MCP

Coding Tools MCP can run as a Streamable HTTP MCP server. Remote access is useful for hosted workspaces, development containers, and clients that cannot launch a local subprocess.

Endpoint

The JSON-RPC endpoint is: 
/mcp
Server-card metadata is also available at: 
/.well-known/mcp.json
/.well-known/mcp/server-card.json

Bind locally first

The safest default is local loopback: 
coding-tools-mcp --workspace /repo --host 127.0.0.1 --port 8000
Use a reverse proxy, SSH tunnel, or development tunnel if the client needs to reach that local service.

Bind remotely with auth

The implementation refuses non-loopback HTTP binding without Bearer auth, OAuth, or explicit CODING_TOOLS_MCP_AUTH_MODE=noauth. Bearer example: 
export CODING_TOOLS_MCP_AUTH_TOKEN="replace-with-a-strong-token"
coding-tools-mcp --workspace /repo --host 0.0.0.0 --port 8000 --auth-token "$CODING_TOOLS_MCP_AUTH_TOKEN"
OAuth example: 
export CODING_TOOLS_MCP_SERVER_URL="https://mcp.example.com"
export CODING_TOOLS_MCP_OAUTH_PASSWORD="replace-with-login-password"
coding-tools-mcp --workspace /repo --host 0.0.0.0 --port 8000 --oauth-mode

Origin and request limits

The HTTP handler checks Origin when present and only allows origins compatible with the active auth posture. JSON-RPC POST bodies are limited to 1 MiB, and JSON-RPC batches are limited to 50 items.

Tunnel scripts and port defaults

Repository helper scripts and install/tunnel docs may use port 8765, while the direct server CLI defaults to port 8000. When troubleshooting a tunnel, verify which layer selected the port:
  • direct CLI: --port or CODING_TOOLS_MCP_PORT, default 8000
  • wrapper or tunnel script: check the script arguments and exported environment
  • client config: ensure the URL path ends in /mcp

Deployment checklist

  • Run the server in the smallest workspace that still supports the task.
  • Use --tool-profile read-only when the remote client only needs inspection.
  • Use Bearer auth or OAuth for every non-loopback deployment.
  • Put the process behind TLS when crossing machine or network boundaries.
  • Prefer container or VM isolation before enabling --permission-mode dangerous.
  • Treat remote exec_command as remote code execution inside the configured workspace boundary.