Back to Directory/Other

Stackbilt MCP Gateway

Stackbilt platform MCP gateway — wireframe generation and stack scaffolding tools

OtherTypeScriptv1.0.0
View on GitHub

Stackbilt MCP Gateway

Stackbilt MCP server

MCP Registry: dev.stackbilt.mcp/gateway — published on the Official MCP Registry

OAuth-authenticated Model Context Protocol (MCP) gateway for Stackbilt platform services. Built as a Cloudflare Worker using @cloudflare/workers-oauth-provider.

What It Does

A single MCP endpoint (mcp.stackbilt.dev/mcp) that routes tool calls to multiple backend product workers:

BackendToolsDescription
TarotScriptscaffold_create, scaffold_classify, scaffold_publish, scaffold_deploy, scaffold_import, scaffold_statusDeterministic project scaffolding, n8n workflow import, GitHub publishing, CF deployment
img-forgeimage_generate, image_list_models, image_check_jobAI image generation (5 quality tiers)
Stackbilderflow_create, flow_status, flow_summary, flow_quality, flow_governance, flow_advance, flow_recoverArchitecture flow orchestration (legacy — migrating to scaffold_*)

The Scaffold Pipeline (E2E)

text
You: "Build a restaurant menu API with D1 storage"
  ↓
scaffold_create → structured facts + 9 deployable project files
  ↓
scaffold_publish → GitHub repo with atomic initial commit
  ↓
git clone → npm install → npx wrangler deploy → live Worker

Zero LLM calls for file generation. ~20ms for structure, ~2s with oracle prose. 21x faster than flow_create.

Key Features

  • OAuth 2.1 with PKCE — GitHub SSO, Google SSO, and email/password authentication
  • Backend adapter pattern — tool catalogs aggregated from multiple service bindings, namespaced to avoid collisions
  • Security Constitution compliance — every tool declares a risk level (READ_ONLY, LOCAL_MUTATION, EXTERNAL_MUTATION); structured audit logging with secret redaction; HMAC-signed identity tokens
  • Coming-soon gatePUBLIC_SIGNUPS_ENABLED flag to control public access
  • MCP JSON-RPC over HTTP — supports both streaming (SSE) and request/response transport

Quick Start

Prerequisites

  • Node.js 18+
  • Wrangler CLI (npm i -g wrangler)
  • Cloudflare account with the required service bindings configured

Install & Run

bash
npm install
npm run dev

Run Tests

bash
npm test

Deploy

bash
npm run deploy

Deploys to the mcp.stackbilt.dev custom domain via Cloudflare Workers.

Environment Variables & Secrets

NameTypeDescription
SERVICE_BINDING_SECRETSecretHMAC-SHA256 key for signing identity tokens
API_BASE_URLVariableBase URL for OAuth redirects (e.g. https://mcp.stackbilt.dev)
AUTH_SERVICEService BindingRPC to stackbilt-auth worker (AuthEntrypoint)
STACKBILDERService BindingRoute to edge-stack-architect-v2 worker
IMG_FORGEService BindingRoute to img-forge-mcp worker
OAUTH_KVKV NamespaceStores social OAuth state (5-min TTL entries)
PLATFORM_EVENTS_QUEUEQueueAudit event pipeline (stackbilt-user-events)
MCP_REGISTRY_AUTHVariableMCP Registry domain verification string (served at /.well-known/mcp-registry-auth)

Set secrets with:

bash
wrangler secret put SERVICE_BINDING_SECRET

Project Structure

text
src/
  index.ts           # Entry point — OAuthProvider setup, CORS, health check, MCP Registry well-known
  gateway.ts         # MCP JSON-RPC transport, session management, tool dispatch
  oauth-handler.ts   # OAuth 2.1 flows: login, signup, social SSO, consent
  tool-registry.ts   # Tool catalog aggregation, namespacing, schema validation
  audit.ts           # Structured audit logging, secret redaction, trace IDs
  auth.ts            # Bearer token extraction & validation
  route-table.ts     # Static routing table, tool-to-backend mapping, risk levels
  types.ts           # Type definitions, RiskLevel enum, interfaces

test/
  audit.test.ts
  auth.test.ts
  gateway.test.ts
  oauth-handler.test.ts
  route-table.test.ts
  tool-registry.test.ts

docs/
  user-guide.md      # End-user guide: account creation, client setup, tool usage
  api-reference.md   # MCP tool surface, authentication flow, tool routing
  architecture.md    # System design, security model, request flow

Test Suite

122 tests across 6 test files covering:

  • OAuth handler — identity token signing/verification, login, signup, social OAuth flows, consent, HTML escaping
  • Gateway — session lifecycle, initialize, tools/list, tools/call, SSE streaming, error handling
  • Audit — secret redaction patterns (API keys, bearer tokens, hex hashes, password fields), trace IDs, queue emission
  • Auth — bearer token extraction, API key vs JWT validation, error mapping
  • Tool registry — catalog building, name mapping, schema validation, risk level enforcement
  • Route table — route resolution, risk level lookup
bash
npm test          # single run
npm run test:watch # watch mode

Documentation

  • User Guide — account creation, client setup, tool usage
  • API Reference — MCP tools, authentication, tool routing
  • Architecture — system design, security model, data flow

License

MIT — see LICENSE

Learn More

Best MCP Servers for DevOps: GitHub, Docker, CloudflareMCPFind indexes 3,141 devtools MCP servers and 164 cloud servers, making DevOps one of the richest categories in the directory. We analyzed both to surface the strongest options for CI/CD automation, container management, and cloud infrastructure operations.Read articleThe Most Popular MCP Servers in 2026, Ranked by Real DataWe analyzed 7,469 MCP servers across MCPFind's 21 categories and ranked the most popular by real GitHub star counts. This is the only data-driven ranking available, updated from live directory data rather than editorial picks or vendor claims.Read articleHow to Set Up MCP Servers in JetBrains IDEs (2026 Guide)JetBrains IDEs added MCP support through their AI Assistant plugin, giving IntelliJ IDEA, WebStorm, PyCharm, and GoLand users access to the same MCP server ecosystem as Cursor and VS Code. This guide covers how to configure MCP in JetBrains, which devtools servers work well, and how the experience compares to other MCP-enabled IDEs.Read article