Code-MCP

# Code-MCP Deployment Guide ## Quick Deploy to Railway [](https://railway.app/template/code-mcp) > **Need help deploying?** Join our [Discord Community](https://discord.gg/UzP2fRefKh)! --- ## 1. First-Time Setup ### Step 1: Deploy & Add PostgreSQL 1. Click "Deploy on Railway" or create a new project 2. Add a **PostgreSQL** service from "Add Service" menu 3. Wait for PostgreSQL to be ready (green status) ### Step 2: Link Services (IMPORTANT!) Railway requires you to explicitly link services for internal networking: 1. Click on your **Code-MCP service** 2. Go to **Settings** → **Networking** 3. Under "Service Links" or "Connect", **link to your PostgreSQL service** 4. This enables `postgres.railway.internal` hostname resolution > Without this step, your app cannot reach the database on the internal network! ### Step 3: Set Environment Variables In your Code-MCP service, add these variables: | Variable | Value | Description | | -------------- | ----------------------------------- | ------------------------------------ | | `DATABASE_URL` | `${{ Postgres-XXXX.DATABASE_URL }}` | Replace XXXX with your service ID | | `ADMIN_KEY` | `sk-your-admin-key-here` | Generate with `openssl rand -hex 32` | | `NODE_ENV` | `production` | Production mode | > **Finding your service name:** In Railway dashboard, click on your Postgres service - the name includes a unique ID like `Postgres-Un95`. Use that exact name! ### Step 4: Deploy 1. Click "Deploy" - Railway builds and starts your app 2. On first boot, Code-MCP: - Creates database tables (`api_keys`, `memories`, `usage_logs`) - Hashes your `ADMIN_KEY` and stores it in PostgreSQL - Logs: `"Admin Key ensured (hashed)."` --- ## 2. Generate Your Admin Key Before deploying, generate a secure admin key: ```bash # Linux/Mac openssl rand -hex 32 # Windows PowerShell [System.Guid]::NewGuid().ToString() + [System.Guid]::NewGuid().ToString() # Example output: sk-8a7f3d2e1b9c4a5f6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c ``` **⚠️ SAVE THIS KEY!** You cannot recover it - only its hash is stored. --- ## 3. Connect with Admin Key ### Configure Claude Desktop / MCP Client Add to your `claude_desktop_config.json`: ```json { "mcpServers": { "code-mcp": { "command": "node", "args": [ "C:/path/to/code-mcp/dist/bridge.js", "--url", "https://your-app.railway.app", "--key", "sk-your-admin-key-here" ] } } } ``` Replace: - `C:/path/to/code-mcp` → Your local Code-MCP repo path - `https://your-app.railway.app` → Your Railway app URL - `sk-your-admin-key-here` → Your ADMIN_KEY --- ## 4. Generate User Keys Once connected as admin, create keys for your team: ### Using the generate_api_key tool: ``` Tool: generate_api_key Input: { "role": "user", "description": "API key for John" } ``` **Output:** ``` # API Key Generated **Key:** sk-a1b2c3d4e5f6... ⚠️ SAVE THIS KEY NOW! It will only be shown once. Only the hash is stored in the database. **Role:** user **Description:** API key for John ``` ### Give the key to the user They add it to their MCP config the same way you did, using their key instead of the admin key. --- ## 5. List & Revoke Keys (Admin Only) ### List all keys (shows prefixes only): ``` Tool: list_api_keys ``` ### Revoke a key: ``` Tool: revoke_api_key Input: { "key": "sk-full-key-to-revoke" } ``` --- ## 6. Local Development For local development without Railway: ```bash # Clone and install git clone https://github.com/millsydotdev/code-mcp.git cd code-mcp npm install npm run build # Run locally (no auth needed) npm start ``` Local MCP config (`claude_desktop_config.json`): ```json { "mcpServers": { "code-mcp-local": { "command": "node", "args": ["C:/path/to/code-mcp/dist/index.js"] } } } ``` --- ## Environment Variables Reference | Variable | Required | Default | Description | | ------------------- | ----------- | ----------- | ---------------------------- | | `DATABASE_URL` | Yes (cloud) | - | PostgreSQL connection string | | `ADMIN_KEY` | Yes (cloud) | - | Root admin API key | | `NODE_ENV` | No | development | `production` for cloud | | `PORT` | No | 3000 | Server port | | `RATE_LIMIT_WINDOW` | No | 900000 | Rate limit window (ms) | | `RATE_LIMIT_MAX` | No | 100 | Max requests per window | --- ## Security Notes - ✅ All API keys stored as **SHA-256 hashes** (never plaintext) - ✅ Admin keys bypass rate limiting - ✅ User keys subject to rate limiting (100 req/15min default) - ✅ `list_api_keys` only shows key prefixes - ✅ Filesystem tools block sensitive files (`.env`, `.pem`, etc.)