π¦
Stackbilt MCP Gateway
Stackbilt platform MCP gateway β wireframe generation and stack scaffolding tools
0 installs
Trust: 34 β Low
Devtools
Ask AI about Stackbilt MCP Gateway
Powered by Claude Β· Grounded in docs
I know everything about Stackbilt MCP Gateway. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Loading tools...
Reviews
Documentation
Stackbilt MCP Gateway
Two products. One MCP connection. Image generated by img-forge (ultra tier).
MCP Registry:
dev.stackbilt.mcp/gatewayβ published on the Official MCP Registry
OAuth-authenticated Model Context Protocol (MCP) gateway for Stackbilt platform services. Built as a Cloudflare Worker using @cloudflare/workers-oauth-provider.
What It Does
A single MCP endpoint (mcp.stackbilt.dev/mcp) that routes tool calls to multiple backend product workers:
| Backend | Tools | Description |
|---|---|---|
| TarotScript | scaffold_create, scaffold_classify, scaffold_publish, scaffold_deploy, scaffold_import, scaffold_status | Deterministic project scaffolding, n8n workflow import, GitHub publishing, CF deployment |
| img-forge | image_generate, image_list_models, image_check_job | AI image generation (5 quality tiers) |
| Stackbilder (TarotScript backend) | flow_create, flow_status, flow_summary, flow_quality, flow_governance, flow_advance, flow_recover | DEPRECATED β Architecture flow orchestration (migrating to scaffold_*) |
The Scaffold Pipeline (E2E)
You: "Build a restaurant menu API with D1 storage"
β
scaffold_create β structured facts + 9 deployable project files
β
scaffold_publish β GitHub repo with atomic initial commit
β
git clone β npm install β npx wrangler deploy β live Worker
Zero LLM calls for file generation. ~20ms for structure, ~2s with oracle prose. 21x faster than flow_create.
Key Features
- OAuth 2.1 with PKCE β GitHub SSO, Google SSO, and email/password authentication
- Backend adapter pattern β tool catalogs aggregated from multiple service bindings, namespaced to avoid collisions
- Per-tier rate limiting β fixed-window per-tenant limits via
RATELIMIT_KV(free=20/min, hobby=60, pro=300, enterprise=1000); 429 withRetry-AfterandX-RateLimit-*headers - Cost attribution & quota β every tool call carries a credit cost; quota is reserved via
edge-authbefore dispatch and committed/refunded on outcome;image_generatecost scales withquality_tier(1Γ/1Γ/3Γ/5Γ/8Γ for draft/standard/premium/ultra/ultra_plus) - Scope + tier enforcement β
tools/listis filtered by token scopes;tools/callrequires thegeneratescope for mutating tools; expensiveimage_generatequality tiers (premiumand above) are gated to Pro+ plans - Security Constitution compliance β every tool declares a risk level (
READ_ONLY,LOCAL_MUTATION,EXTERNAL_MUTATION); structured audit logging with secret redaction; HMAC-signed identity tokens - Coming-soon gate β
PUBLIC_SIGNUPS_ENABLEDflag to control public access - MCP JSON-RPC over HTTP β supports both streaming (SSE) and request/response transport
Quick Start
Prerequisites
- Node.js 18+
- Wrangler CLI (
npm i -g wrangler) - Cloudflare account with the required service bindings configured
Install & Run
npm install
npm run dev
Run Tests
npm test
Deploy
npm run deploy
Deploys to the mcp.stackbilt.dev custom domain via Cloudflare Workers.
Environment Variables & Secrets
| Name | Type | Description |
|---|---|---|
SERVICE_BINDING_SECRET | Secret | HMAC-SHA256 key for signing identity tokens |
API_BASE_URL | Variable | Base URL for OAuth redirects (e.g. https://mcp.stackbilt.dev) |
AUTH_SERVICE | Service Binding | RPC to edge-auth worker (AuthEntrypoint) |
STACKBILDER | Service Binding | Route to edge-stack-architect-v2 worker |
IMG_FORGE | Service Binding | Route to img-forge-mcp worker |
OAUTH_KV | KV Namespace | Stores social OAuth state (5-min TTL entries) and MCP sessions |
RATELIMIT_KV | KV Namespace | Per-tenant fixed-window rate-limit counters (60s TTL) |
PLATFORM_EVENTS_QUEUE | Queue | Audit event pipeline (stackbilt-user-events) |
MCP_REGISTRY_AUTH | Variable | MCP Registry domain verification string (served at /.well-known/mcp-registry-auth) |
Set secrets with:
wrangler secret put SERVICE_BINDING_SECRET
Project Structure
src/
index.ts # Entry point β OAuthProvider setup, CORS, health check, MCP Registry well-known
gateway.ts # MCP JSON-RPC transport, session management, tool dispatch
oauth-handler.ts # OAuth 2.1 flows: login, signup, social SSO, consent
tool-registry.ts # Tool catalog aggregation, namespacing, schema validation
audit.ts # Structured audit logging, secret redaction, trace IDs
auth.ts # Bearer token extraction & validation
route-table.ts # Static routing table, tool-to-backend mapping, risk levels
types.ts # Type definitions, RiskLevel enum, interfaces
test/
audit.test.ts
auth.test.ts
gateway.test.ts
oauth-handler.test.ts
route-table.test.ts
tool-registry.test.ts
docs/
user-guide.md # End-user guide: account creation, client setup, tool usage
api-reference.md # MCP tool surface, authentication flow, tool routing
architecture.md # System design, security model, request flow
Test Suite
122 tests across 6 test files covering:
- OAuth handler β identity token signing/verification, login, signup, social OAuth flows, consent, HTML escaping
- Gateway β session lifecycle,
initialize,tools/list,tools/call, SSE streaming, error handling - Audit β secret redaction patterns (API keys, bearer tokens, hex hashes, password fields), trace IDs, queue emission
- Auth β bearer token extraction, API key vs JWT validation, error mapping
- Tool registry β catalog building, name mapping, schema validation, risk level enforcement
- Route table β route resolution, risk level lookup
npm test # single run
npm run test:watch # watch mode
Documentation
- User Guide β account creation, client setup, tool usage
- API Reference β MCP tools, authentication, tool routing
- Architecture β system design, security model, data flow
License
MIT β see LICENSE