CodeSherpa
БесплатноНе проверенRemote MCP server enabling AI clients to securely inspect repositories over SSH with read-only tools.
Описание
Remote MCP server enabling AI clients to securely inspect repositories over SSH with read-only tools.
README
CodeSherpa
AI-guided repository exploration over SSH via MCP
What Is CodeSherpa?
CodeSherpa is a remote MCP server that lets AI clients inspect repositories over SSH with a strict read-only toolset.
Supported MCP tools:
healthcheck_remotelist_filesread_filesearch_codegit_statusgit_diffgit_log
Compatible MCP clients:
- ChatGPT (custom connectors)
- Claude Desktop
- Cursor
- Other MCP-compatible agents
Quick Start
Clone and start CodeSherpa locally.
git clone https://github.com/boridon/code-sherpa.git
cd code-sherpa
cp .env.example .env
docker compose up -d
Then connect your MCP client to:
https://your-domain.example/mcp
Architecture
MCP Client
|
v
CodeSherpa (HTTPS)
|
v
SSH (read-only user)
|
v
Private repository host
Key points:
- Repository data stays on the SSH target host.
- CodeSherpa exposes only read-only MCP tools.
- Path traversal and sensitive path segments are blocked.
- OAuth access tokens and legacy fixed bearer tokens are supported.
Security Model
- Use a read-only SSH user (no sudo).
- Denied path segments include
.git,.env,node_modules, and similar sensitive paths. - Absolute paths and
..traversal are rejected. /mcprequiresmcp:readscope for OAuth access tokens.- Legacy fixed bearer token auth can remain enabled for internal testing.
Note: OAuth sessions, authorization codes, and tokens are in-memory in the current implementation. They are reset when the container restarts.
Docker Deployment
1. Clone and prepare
git clone https://github.com/boridon/code-sherpa.git
cd code-sherpa
cp .env.example .env
mkdir -p secrets
2. Add SSH secrets
- Put your private key at
secrets/id_ed25519 - Generate known hosts:
ssh-keyscan -H <ssh-host> > secrets/known_hosts
chmod 600 secrets/id_ed25519
chmod 644 secrets/known_hosts
3. Start the service
docker compose build
docker compose up -d
docker compose ps
curl http://127.0.0.1:8787/health
Cloudflare Tunnel
You can run CodeSherpa with Cloudflare in two ways.
A. Sidecar container (token mode)
docker compose -f docker-compose.yml -f docker-compose.cloudflare.yml up -d
This mode uses CLOUDFLARE_TUNNEL_TOKEN from .env.
B. Config file mode (cloudflared-config.yml)
Example ingress:
ingress:
- hostname: code-sherpa.example.com
service: http://localhost:8787
- service: http_status:404
If cloudflared is not installed on your host:
- Debian/Ubuntu:
sudo apt-get install cloudflared - RHEL/CentOS/Fedora:
sudo dnf install cloudflared - macOS (Homebrew):
brew install cloudflared
OAuth for MCP Connectors
CodeSherpa includes a minimal built-in OAuth authorization server for connector setup flows.
OAuth discovery endpoints:
GET /.well-known/oauth-authorization-serverGET /.well-known/openid-configuration
OAuth endpoints:
GET /authorizePOST /tokenGET /loginPOST /loginGET /oauth/consentPOST /oauth/consent
OAuth profile:
- Grant type: Authorization Code + PKCE (
S256) - Scope:
mcp:read - Public client support: yes (
token_endpoint_auth_method=noneallowed) - Refresh token: supported
ChatGPT Connector Values (Example)
Use example values like these:
- MCP endpoint:
https://code-sherpa.example.com/mcp - Issuer:
https://code-sherpa.example.com - Authorization endpoint:
https://code-sherpa.example.com/authorize - Token endpoint:
https://code-sherpa.example.com/token - Scope:
mcp:read
Environment Variables
Use .env.example as the baseline.
Required:
SSH_HOSTSSH_PORTSSH_USERNAMEREPO_ROOTMCP_BEARER_TOKEN(for optional legacy/manual testing)OAUTH_ISSUER_BASE_URLOAUTH_LOGIN_USERNAMEOAUTH_LOGIN_PASSWORDOAUTH_SESSION_SECRET
Optional/common:
PORT(default8787)MCP_SERVER_NAME(defaultcode-sherpa)MCP_SERVER_VERSION(default0.1.0)OAUTH_COOKIE_SECURE(defaulttrue)MAX_FILE_BYTES,MAX_SEARCH_RESULTS,MAX_LOG_COMMITS,MAX_RESPONSE_CHARS
Example .env snippet (safe placeholders):
PORT=8787
MCP_SERVER_NAME=code-sherpa
SSH_HOST=ssh-host.example.internal
SSH_PORT=22
SSH_USERNAME=repo_reader
REPO_ROOT=/srv/repos/project
OAUTH_ISSUER_BASE_URL=https://code-sherpa.example.com
OAUTH_LOGIN_USERNAME=replace-me
OAUTH_LOGIN_PASSWORD=replace-me
OAUTH_SESSION_SECRET=replace-with-long-random-secret
MCP_BEARER_TOKEN=replace-with-long-random-token
Minimal Verification
1. OAuth discovery
curl -i http://127.0.0.1:8787/.well-known/oauth-authorization-server
curl -i http://127.0.0.1:8787/.well-known/openid-configuration
2. Legacy bearer test
curl -i -X POST http://127.0.0.1:8787/mcp \
-H "Authorization: Bearer ${MCP_BEARER_TOKEN}" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json, text/event-stream' \
-d '{"jsonrpc":"2.0","id":"1","method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"curl","version":"0.0.1"}}}'
3. OAuth token exchange
After browser login + consent, exchange the authorization code:
curl -i -X POST http://127.0.0.1:8787/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=<authorization-code>' \
--data-urlencode 'redirect_uri=<same-redirect-uri-used-at-authorize>' \
--data-urlencode 'code_verifier=<pkce-code-verifier>' \
--data-urlencode 'client_id=<client-id>'
Project Structure
code-sherpa
├── src/
│ ├── index.ts
│ ├── oauth.ts
│ ├── pkce.ts
│ ├── session.ts
│ └── token-store.ts
├── docs/
│ └── logo.svg
├── Dockerfile
├── docker-compose.yml
├── docker-compose.cloudflare.yml
├── cloudflared-config.example.yml
├── cloudflared-config.yml
├── .env.example
├── .gitignore
├── LICENSE
└── README.md
License
MIT
Contributing
Issues and pull requests are welcome.
If CodeSherpa is useful to you, consider giving the repository a star on GitHub.
Установка CodeSherpa
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/boridon/code-sherpaFAQ
CodeSherpa MCP бесплатный?
Да, CodeSherpa MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для CodeSherpa?
Нет, CodeSherpa работает без API-ключей и переменных окружения.
CodeSherpa — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить CodeSherpa в Claude Desktop, Claude Code или Cursor?
Открой CodeSherpa на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
автор: modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
автор: xuzexin-hzCompare CodeSherpa with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории ai
