Stackbilt
Supports deployment of scaffolded projects to Cloudflare infrastructure via the scaffold_deploy tool (referred to as CF deployment), enabling automated publishing of live Workers.
Provides deployment capabilities to the Cloudflare Workers platform, serving as both the hosting infrastructure for the gateway and the target for project deployment in the scaffold pipeline.
Enables publishing of scaffolded projects to GitHub repositories with atomic initial commits via the scaffold_publish tool, and supports GitHub SSO for OAuth authentication.
Supports Google SSO as an OAuth 2.1 authentication method for accessing the MCP gateway.
Enables import of n8n workflows via the scaffold_import tool as part of the TarotScript project scaffolding pipeline.
Stackbilt MCP Gateway
MCP Registry:
dev.stackbilt.mcp/gateway— published on the Official MCP Registry
OAuth-authenticated Model Context Protocol (MCP) gateway for Stackbilt platform services. Built as a Cloudflare Worker using @cloudflare/workers-oauth-provider.
What It Does
A single MCP endpoint (mcp.stackbilt.dev/mcp) that routes tool calls to multiple backend product workers:
Backend | Tools | Description |
TarotScript |
| Deterministic project scaffolding, n8n workflow import, GitHub publishing, CF deployment |
img-forge |
| AI image generation (5 quality tiers) |
Stackbilder |
| Architecture flow orchestration (legacy — migrating to scaffold_*) |
The Scaffold Pipeline (E2E)
You: "Build a restaurant menu API with D1 storage"
↓
scaffold_create → structured facts + 9 deployable project files
↓
scaffold_publish → GitHub repo with atomic initial commit
↓
git clone → npm install → npx wrangler deploy → live WorkerZero LLM calls for file generation. ~20ms for structure, ~2s with oracle prose. 21x faster than flow_create.
Key Features
OAuth 2.1 with PKCE — GitHub SSO, Google SSO, and email/password authentication
Backend adapter pattern — tool catalogs aggregated from multiple service bindings, namespaced to avoid collisions
Security Constitution compliance — every tool declares a risk level (
READ_ONLY,LOCAL_MUTATION,EXTERNAL_MUTATION); structured audit logging with secret redaction; HMAC-signed identity tokensComing-soon gate —
PUBLIC_SIGNUPS_ENABLEDflag to control public accessMCP JSON-RPC over HTTP — supports both streaming (SSE) and request/response transport
Quick Start
Prerequisites
Node.js 18+
Wrangler CLI (
npm i -g wrangler)Cloudflare account with the required service bindings configured
Install & Run
npm install
npm run devRun Tests
npm testDeploy
npm run deployDeploys to the mcp.stackbilt.dev custom domain via Cloudflare Workers.
Environment Variables & Secrets
Name | Type | Description |
| Secret | HMAC-SHA256 key for signing identity tokens |
| Variable | Base URL for OAuth redirects (e.g. |
| Service Binding | RPC to |
| Service Binding | Route to |
| Service Binding | Route to |
| KV Namespace | Stores social OAuth state (5-min TTL entries) |
| Queue | Audit event pipeline ( |
| Variable | MCP Registry domain verification string (served at |
Set secrets with:
wrangler secret put SERVICE_BINDING_SECRETProject Structure
src/
index.ts # Entry point — OAuthProvider setup, CORS, health check, MCP Registry well-known
gateway.ts # MCP JSON-RPC transport, session management, tool dispatch
oauth-handler.ts # OAuth 2.1 flows: login, signup, social SSO, consent
tool-registry.ts # Tool catalog aggregation, namespacing, schema validation
audit.ts # Structured audit logging, secret redaction, trace IDs
auth.ts # Bearer token extraction & validation
route-table.ts # Static routing table, tool-to-backend mapping, risk levels
types.ts # Type definitions, RiskLevel enum, interfaces
test/
audit.test.ts
auth.test.ts
gateway.test.ts
oauth-handler.test.ts
route-table.test.ts
tool-registry.test.ts
docs/
user-guide.md # End-user guide: account creation, client setup, tool usage
api-reference.md # MCP tool surface, authentication flow, tool routing
architecture.md # System design, security model, request flowTest Suite
122 tests across 6 test files covering:
OAuth handler — identity token signing/verification, login, signup, social OAuth flows, consent, HTML escaping
Gateway — session lifecycle,
initialize,tools/list,tools/call, SSE streaming, error handlingAudit — secret redaction patterns (API keys, bearer tokens, hex hashes, password fields), trace IDs, queue emission
Auth — bearer token extraction, API key vs JWT validation, error mapping
Tool registry — catalog building, name mapping, schema validation, risk level enforcement
Route table — route resolution, risk level lookup
npm test # single run
npm run test:watch # watch modeDocumentation
User Guide — account creation, client setup, tool usage
API Reference — MCP tools, authentication, tool routing
Architecture — system design, security model, data flow
License
MIT — see LICENSE
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Appeared in Searches
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Stackbilt-dev/stackbilt-mcp-gateway'
If you have feedback or need assistance with the MCP directory API, please join our Discord server