mcp-local-gateway
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-local-gatewayrun the date command"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mcp-local-gateway
P0 goal: run a minimal local MCP server that exposes exactly one tool, run_date, through a Streamable HTTP /mcp endpoint.
This project is intentionally small. It does not expose arbitrary Bash. It does not use an OpenAI API key. It is designed for this validation chain:
ChatGPT Web
-> HTTPS /mcp
-> Cloudflare Tunnel or another HTTPS tunnel
-> 127.0.0.1:8787
-> Hono
-> MCP Server
-> policy layer
-> fixed date commandTerms
MCP: Model Context Protocol, 模型上下文协议,用来让 AI Host 通过标准协议发现并调用外部工具。
Streamable HTTP: 可流式 HTTP 传输,适合远程 MCP server。
Hono: 轻量 HTTP framework,HTTP 框架。
OAuth: Open Authorization,开放授权。P0 只预留结构,不实现完整授权码流程。
Policy layer: 策略层,本项目中用于拒绝任意命令,只允许
run_date -> date。
Related MCP server: DateTime-LocalMCPServer
Requirements
Node.js >= 20.11
npm
Linux / WSL recommended
Install
cd ~/project/mcp-local-gateway
npm install
cp .env.example .envStart
npm run devExpected startup lines:
mcp-local-gateway listening on http://127.0.0.1:8787
health: http://127.0.0.1:8787/healthz
mcp: http://127.0.0.1:8787/mcp
auth: offLocal validation
In another terminal:
cd ~/project/mcp-local-gateway
npm run typecheck
npm run build
npm test
npm run test:localThe tools/list response should include run_date. The tools/call response should include JSON text containing stdout from the local date command.
Persistent user service / 用户级常驻服务
Use the user-level systemd service when you want the gateway to keep running after the terminal closes.
npm run service:install
npm run service:status
npm run service:logs
npm run service:uninstallservice:install runs npm run build and starts dist/index.js; it does not use npm run dev.
The service keeps running after the terminal exits.
Cloudflare Tunnel access to mcp.songlei.me depends on this service listening on 127.0.0.1:8787.
Static bearer mode
Use this before exposing through a tunnel if you are not using OAuth yet.
cat > .env <<'ENDENV'
HOST=127.0.0.1
PORT=8787
MCP_AUTH_MODE=static_bearer
MCP_STATIC_BEARER_TOKEN=replace-this-with-a-long-random-token
MCP_ALLOWED_ORIGINS=http://127.0.0.1:8787,http://localhost:8787,https://chatgpt.com
AUDIT_TO_STDOUT=true
AUDIT_LOG_FILE=logs/audit.jsonl
ENDENV
npm run devValidation with token:
MCP_STATIC_BEARER_TOKEN='replace-this-with-a-long-random-token' npm run test:localCloudflare Tunnel sketch
Do not bind this server to 0.0.0.0. Keep HOST=127.0.0.1 and publish it with a tunnel.
Example target mapping:
https://mcp.songlei.me/mcp -> http://127.0.0.1:8787/mcpAfter that, create a ChatGPT connector and set Connector URL to:
https://mcp.songlei.me/mcpP0 recommendation: use static bearer only for a private short-lived test. P1 should implement OAuth / OIDC token validation or put the MCP server behind a compatible identity-aware proxy.
Security constraints in P0
No arbitrary Bash.
run_dateaccepts no arguments.Command execution uses
spawnwithshell: false.Server refuses
HOST=0.0.0.0./mcpchecks Origin when Origin is present./mcpcan enforce static Bearer token.Each tool call writes JSONL audit records.
File map
src/index.ts entry point
src/config.ts environment config and startup safety checks
src/http/app.ts Hono app, health endpoint, /mcp route
src/http/origin.ts Origin allowlist guard
src/auth/auth.ts off/static_bearer/oauth_placeholder auth middleware
src/mcp/server.ts MCP server creation and tool registration
src/mcp/transport.ts Streamable HTTP transport creation
src/tools/run-date.ts run_date MCP tool
src/policy/policy.ts P0 allow/deny logic
src/shell/exec-fixed.ts fixed date command execution
src/audit/audit.ts JSONL audit logger
scripts/local-validate.sh curl-based validation script
test/*.test.ts minimal unit testsThis server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/SongLei75/homelab_mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server