Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

CodeSherpa

БесплатноНе проверен

Remote MCP server enabling AI clients to securely inspect repositories over SSH with read-only tools.

GitHubEmbed

Описание

Remote MCP server enabling AI clients to securely inspect repositories over SSH with read-only tools.

README

CodeSherpa logo

CodeSherpa

AI-guided repository exploration over SSH via MCP


What Is CodeSherpa?

CodeSherpa is a remote MCP server that lets AI clients inspect repositories over SSH with a strict read-only toolset.

Supported MCP tools:

  • healthcheck_remote
  • list_files
  • read_file
  • search_code
  • git_status
  • git_diff
  • git_log

Compatible MCP clients:

  • ChatGPT (custom connectors)
  • Claude Desktop
  • Cursor
  • Other MCP-compatible agents

Quick Start

Clone and start CodeSherpa locally.

git clone https://github.com/boridon/code-sherpa.git
cd code-sherpa
cp .env.example .env
docker compose up -d

Then connect your MCP client to:

https://your-domain.example/mcp

Architecture

MCP Client
    |
    v
CodeSherpa (HTTPS)
    |
    v
SSH (read-only user)
    |
    v
Private repository host

Key points:

  • Repository data stays on the SSH target host.
  • CodeSherpa exposes only read-only MCP tools.
  • Path traversal and sensitive path segments are blocked.
  • OAuth access tokens and legacy fixed bearer tokens are supported.

Security Model

  • Use a read-only SSH user (no sudo).
  • Denied path segments include .git, .env, node_modules, and similar sensitive paths.
  • Absolute paths and .. traversal are rejected.
  • /mcp requires mcp:read scope for OAuth access tokens.
  • Legacy fixed bearer token auth can remain enabled for internal testing.

Note: OAuth sessions, authorization codes, and tokens are in-memory in the current implementation. They are reset when the container restarts.

Docker Deployment

1. Clone and prepare

git clone https://github.com/boridon/code-sherpa.git
cd code-sherpa
cp .env.example .env
mkdir -p secrets

2. Add SSH secrets

  • Put your private key at secrets/id_ed25519
  • Generate known hosts:
ssh-keyscan -H <ssh-host> > secrets/known_hosts
chmod 600 secrets/id_ed25519
chmod 644 secrets/known_hosts

3. Start the service

docker compose build
docker compose up -d
docker compose ps
curl http://127.0.0.1:8787/health

Cloudflare Tunnel

You can run CodeSherpa with Cloudflare in two ways.

A. Sidecar container (token mode)

docker compose -f docker-compose.yml -f docker-compose.cloudflare.yml up -d

This mode uses CLOUDFLARE_TUNNEL_TOKEN from .env.

B. Config file mode (cloudflared-config.yml)

Example ingress:

ingress:
  - hostname: code-sherpa.example.com
    service: http://localhost:8787
  - service: http_status:404

If cloudflared is not installed on your host:

  • Debian/Ubuntu: sudo apt-get install cloudflared
  • RHEL/CentOS/Fedora: sudo dnf install cloudflared
  • macOS (Homebrew): brew install cloudflared

OAuth for MCP Connectors

CodeSherpa includes a minimal built-in OAuth authorization server for connector setup flows.

OAuth discovery endpoints:

  • GET /.well-known/oauth-authorization-server
  • GET /.well-known/openid-configuration

OAuth endpoints:

  • GET /authorize
  • POST /token
  • GET /login
  • POST /login
  • GET /oauth/consent
  • POST /oauth/consent

OAuth profile:

  • Grant type: Authorization Code + PKCE (S256)
  • Scope: mcp:read
  • Public client support: yes (token_endpoint_auth_method=none allowed)
  • Refresh token: supported

ChatGPT Connector Values (Example)

Use example values like these:

  • MCP endpoint: https://code-sherpa.example.com/mcp
  • Issuer: https://code-sherpa.example.com
  • Authorization endpoint: https://code-sherpa.example.com/authorize
  • Token endpoint: https://code-sherpa.example.com/token
  • Scope: mcp:read

Environment Variables

Use .env.example as the baseline.

Required:

  • SSH_HOST
  • SSH_PORT
  • SSH_USERNAME
  • REPO_ROOT
  • MCP_BEARER_TOKEN (for optional legacy/manual testing)
  • OAUTH_ISSUER_BASE_URL
  • OAUTH_LOGIN_USERNAME
  • OAUTH_LOGIN_PASSWORD
  • OAUTH_SESSION_SECRET

Optional/common:

  • PORT (default 8787)
  • MCP_SERVER_NAME (default code-sherpa)
  • MCP_SERVER_VERSION (default 0.1.0)
  • OAUTH_COOKIE_SECURE (default true)
  • MAX_FILE_BYTES, MAX_SEARCH_RESULTS, MAX_LOG_COMMITS, MAX_RESPONSE_CHARS

Example .env snippet (safe placeholders):

PORT=8787
MCP_SERVER_NAME=code-sherpa
SSH_HOST=ssh-host.example.internal
SSH_PORT=22
SSH_USERNAME=repo_reader
REPO_ROOT=/srv/repos/project
OAUTH_ISSUER_BASE_URL=https://code-sherpa.example.com
OAUTH_LOGIN_USERNAME=replace-me
OAUTH_LOGIN_PASSWORD=replace-me
OAUTH_SESSION_SECRET=replace-with-long-random-secret
MCP_BEARER_TOKEN=replace-with-long-random-token

Minimal Verification

1. OAuth discovery

curl -i http://127.0.0.1:8787/.well-known/oauth-authorization-server
curl -i http://127.0.0.1:8787/.well-known/openid-configuration

2. Legacy bearer test

curl -i -X POST http://127.0.0.1:8787/mcp \
  -H "Authorization: Bearer ${MCP_BEARER_TOKEN}" \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json, text/event-stream' \
  -d '{"jsonrpc":"2.0","id":"1","method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"curl","version":"0.0.1"}}}'

3. OAuth token exchange

After browser login + consent, exchange the authorization code:

curl -i -X POST http://127.0.0.1:8787/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'grant_type=authorization_code' \
  --data-urlencode 'code=<authorization-code>' \
  --data-urlencode 'redirect_uri=<same-redirect-uri-used-at-authorize>' \
  --data-urlencode 'code_verifier=<pkce-code-verifier>' \
  --data-urlencode 'client_id=<client-id>'

Project Structure

code-sherpa
├── src/
│   ├── index.ts
│   ├── oauth.ts
│   ├── pkce.ts
│   ├── session.ts
│   └── token-store.ts
├── docs/
│   └── logo.svg
├── Dockerfile
├── docker-compose.yml
├── docker-compose.cloudflare.yml
├── cloudflared-config.example.yml
├── cloudflared-config.yml
├── .env.example
├── .gitignore
├── LICENSE
└── README.md

License

MIT

Contributing

Issues and pull requests are welcome.

If CodeSherpa is useful to you, consider giving the repository a star on GitHub.

from github.com/boridon/code-sherpa

Установка CodeSherpa

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/boridon/code-sherpa

FAQ

CodeSherpa MCP бесплатный?

Да, CodeSherpa MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для CodeSherpa?

Нет, CodeSherpa работает без API-ключей и переменных окружения.

CodeSherpa — hosted или self-hosted?

Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.

Как установить CodeSherpa в Claude Desktop, Claude Code или Cursor?

Открой CodeSherpa на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare CodeSherpa with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории ai