albyhub-admin-mcp

Node-admin operations on your Alby Hub, exposed to an LLM agent. MCP server that wraps the Alby Hub HTTP API — read node info, balances, channels, NWC sub-wallets. Where NWC (nwc-mcp) ends (it's wallet-scoped), this server picks up: hub-wide on-chain balance, channel state, sub-wallet inventory.

v0.1 — defensive design. Alby Hub's admin API has evolved across versions and isn't publicly versioned in a stable way. So v0.1 ships one generic proxy tool that hits any path (the escape hatch) plus typed wrappers around a few well-established endpoints. If a typed wrapper's endpoint-guess fails against your Hub version, the proxy lets you discover the right path without re-shipping. v0.2 hardens the typed wrappers once smoke-tested against real Hubs.

The six tools

All typed wrappers are safe GETs. Non-GET behavior runs through albyhub_proxy_request, which is gated by ALBYHUB_READ_ONLY and ALBYHUB_REQUIRE_CONFIRM.

Related MCP server: l402-kit-mcp

Requirements

• Node 20+

• A running Alby Hub instance (desktop app on http://localhost:8080, or self-hosted exposed somewhere)

• An Alby Hub API token (Settings → Developer / Apps in the Hub UI)

Install

npx -y albyhub-admin-mcp

Configure

cp .env.example .env
# edit .env: set ALBYHUB_URL (default http://localhost:8080) + ALBYHUB_TOKEN

Required

Optional safety knobs

What if my Hub returns 404 on the typed wrappers?

The endpoint path probably differs in your Hub version. Use albyhub_proxy_request to probe — try /api/node, /info, /api/v1/info, etc. Once you find the right path, you can pin it in your usage (and ping the maintainer to fix the typed wrapper in v0.2).

agent: albyhub_proxy_request({ method: "GET", path: "/api/v1/info" })
→ { status: 200, body: { ... } }   // found it

Safety model

The proxy tool's pipeline:

1. ALBYHUB_READ_ONLY gate — non-GET requests blocked outright.

2. Rate limit — rolling 60s window on the requests bucket.

3. ALBYHUB_REQUIRE_CONFIRM gate — non-GET requests return a token; albyhub_confirm_request executes.

4. HTTP request — Bearer auth, 15s timeout (override via timeout_ms).

5. Audit log — every attempt (ok / blocked / error) as one structured JSON line.

GET-only convenience wrappers skip steps 1 + 3 (they're safe by construction) but still go through rate limit + audit.

Companion servers

• nwc-mcp — wallet ops via NIP-47. Use this for per-sub-wallet spend; use albyhub-admin-mcp for hub-wide / node-level operations.

• nostr-ops-mcp — NOSTR identity + publishing.

• marketplace-mcp — NIP-15 marketplace storefront.

License

MIT — see LICENSE.

Contact / Issues

Built by LLMOps.Pro.

• NOSTR: npub1hdg932jvwc3jdvkqywgqv0ue4nn60exrf92asy8mtazt3hjg7d2s2yw0nw — follow, DM, zap.

• Lightning Address: sovereigncitizens@getalby.com — for support zaps and "this was useful" tips.

• Bug reports / feature requests: open a GitHub issue (link forthcoming).

• Security issues: please disclose privately via NOSTR DM before opening a public issue.