webserver-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@webserver-mcpadd a new blog post titled 'Hello World' to the site"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
webserver-mcp
Simple Python MCP server that lets agents edit a hosted website with natural
language. It exposes file tools over MCP and serves ./files/ over HTTP.
All file operations are sandboxed to <cwd>/files/ — paths are sanitized and
any attempt to escape (.., absolute paths) is rejected.
MCP tools
Tool | Purpose |
| List files under |
| Read full file or a line range |
| Regex search, returns |
| Full write or line-range replace/insert (creates file) |
| Delete file or dir |
| Move/rename |
Related MCP server: brewpage-mcp
Run
The server always runs as one HTTP app (uvicorn) serving both:
/— the public static site from./files/(no auth, end users view it)/mcp— the OAuth-protected MCP admin channel agents use to edit it
Auth (OAuth 2.0)
/mcp is guarded by a built-in, in-memory OAuth 2.0 provider so clients that
require OAuth (e.g. Claude.ai web) can connect. It implements metadata
discovery (RFC 8414 / 9728), Dynamic Client Registration (RFC 7591), and the
authorization-code grant with PKCE. Login is a single shared password
(MCP_PASSWORD) entered on a small web form. State is in memory, so a restart
just forces clients to re-authorize.
Run directly
pip install .
export MCP_PASSWORD=<shared-login-password> # required, server exits without it
export PUBLIC_URL=https://mcp.example.com # https origin clients reach (no trailing /)
export HOST=0.0.0.0 PORT=8000 # optional, defaults 127.0.0.1:8000
python server.pyRun with Docker
docker build -t webserver-mcp .
docker run -p 8000:8000 \
-e MCP_PASSWORD=<shared-login-password> \
-e PUBLIC_URL=https://mcp.example.com \
-v "$PWD/files:/app/files" \
webserver-mcpThe ./files volume persists site edits across container restarts.
Remote MCP client config (streamable-http)
Point the client at the /mcp URL with no Authorization header — it will
run the OAuth flow itself and open the login form in a browser:
{
"mcpServers": {
"webserver-mcp": {
"type": "streamable-http",
"url": "https://mcp.example.com/mcp"
}
}
}For Claude.ai web: add it as a custom connector with the same /mcp URL.
Config via env:
Var | Default | Meaning |
| — | shared OAuth login password, required (server exits without it) |
| derived from request | public https origin; required behind TLS/a proxy so OAuth metadata advertises correct URLs and the host passes DNS-rebinding checks |
|
| access-token lifetime (seconds) |
|
| bind address |
|
| bind port |
Production: terminate TLS in front (nginx/Caddy) and set PUBLIC_URL to the
public https URL. The password is compared with hmac.compare_digest
(constant-time). Tokens live only in memory.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/M4GNV5/website-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server