Coding Agent
БесплатноНе проверенContainerized MCP server for coding agents with tools for file editing, shell commands, process management, Git, browser automation, and project snapshots.
Описание
Containerized MCP server for coding agents with tools for file editing, shell commands, process management, Git, browser automation, and project snapshots.
README
Agent MCP is a containerized Model Context Protocol (MCP) server for ChatGPT on the web. It exposes a project-oriented toolset for file editing, shell commands, long-running process management, Git helpers, browser inspection with Playwright, and project snapshots.
The server is implemented with FastMCP and runs over streamable HTTP at /mcp.
Features
- Open and switch between assigned workspace directories.
- Read, write, append, patch, move, copy, delete, and search files.
- Run one-off shell commands with timeouts.
- Start, inspect, wait on, stop, and forget long-running background processes.
- Inspect Git status, diffs, logs, branches, checkout, and commit local changes.
- Fetch URLs from inside the container.
- Run browser automation with Playwright Chromium.
- Capture DOM, accessibility, form, network, storage, console, and error snapshots.
- Keep persistent browser sessions across multiple MCP calls.
- Track process and browser activity with configurable per-user limits and idle cleanup.
- Expose a credential-free
/healthendpoint for Docker readiness checks. - Create, restore, and list local project snapshots.
- Install Debian, Python, and Node packages in the running container.
- Report grounded project context, stack markers, verification commands, and durable project memory.
- Keep credential-free audit events and resumable work checkpoints per authenticated identity.
- Run Compose deployment preflight, user-gated apply, health checks, and snapshot-backed rollback.
- Push a branch and create GitHub pull requests with an ephemeral named token reference.
Repository Layout
.
├── app/
│ ├── __init__.py
│ ├── core.py # authentication, shared state, paths, and helpers
│ ├── server.py # compatibility facade and MCP entry point
│ └── tools/ # capability-focused MCP tool modules
│ ├── browser.py
│ ├── commands.py
│ ├── compose.py
│ ├── database.py
│ ├── deployment.py
│ ├── files.py
│ ├── git.py
│ ├── github.py
│ ├── network.py
│ ├── packages.py
│ ├── processes.py
│ ├── project.py
│ ├── snapshots.py
│ └── workspaces.py
├── tests/
├── Dockerfile
├── docker-compose.yml
├── requirements.txt
└── README.md
app.server preserves the original public import surface, while each tool implementation lives in the module matching its capability. Shared authorization, session state, path validation, browser helpers, process helpers, and configuration remain centralized in app.core so every tool group uses the same security boundary.
Requirements
For Docker usage:
- Docker
- Docker Compose
For local Python usage:
- Python 3.12 or newer
pip- Playwright browser dependencies
Docker is the recommended way to run this project because the image installs the tools the MCP server exposes to agents, including Git, Docker CLI, Node, npm, pnpm, Yarn, Go, Rust, Java, ripgrep, SQLite, PostgreSQL client tools, and Chromium for Playwright.
Web deployment (required for ChatGPT)
This server is deliberately fail-closed. Its normal Compose deployment includes a self-hosted Keycloak OAuth/OIDC provider, HTTPS, and an explicit identity-to-workspace map. It does not mount SSH keys or the host home directory. The production deployment intentionally mounts the Docker socket for authenticated deployment tools; that is root-equivalent host access.
- Point a public DNS name at this machine and copy the environment template:
cp .env.example .env
mkdir -p config workspaces snapshots
cp config/workspaces.example.json config/workspaces.json
- Edit
.envwith your public domain and four long random secrets. Keycloak is self-hosted in this Compose stack; no third-party OAuth account or endpoints are needed. Generate secrets with:
openssl rand -base64 32
The bootstrap service creates a chatgpt login user (or the username set in KEYCLOAK_MCP_USERNAME) and grants it these roles:
workspace:readworkspace:writecommand:runbrowser:usenetwork:fetchsecrets:usedatabase:useadmin:installdeploy:rungithub:write
- The Keycloak bootstrap service replaces
KEYCLOAK_MCP_SUBJECTinconfig/workspaces.jsonwith the actual subject of the configured login user. Create its project directory:
mkdir -p workspaces/chatgpt-project
Every listed workspace path must remain inside /workspaces in the container.
- Start it:
docker compose --profile production up -d --build
docker compose --profile production logs -f
The production stack binds the MCP server to 127.0.0.1:8081 and Keycloak to 127.0.0.1:8082. Put an existing HTTPS Nginx reverse proxy in front of them: proxy /mcp to 8081 and /auth/ to 8082 without stripping the /auth prefix. Copy the locations from nginx/mcp.locations.conf.example into the existing HTTPS server block, including the protected-resource metadata routes, then validate and reload Nginx. Keycloak is then available at https://your-domain.example/auth; it issues and signs the JWTs validated by the MCP server.
ChatGPT setup
In ChatGPT Developer mode, add a remote streaming-HTTP MCP app with:
| Field | Value |
|---|---|
| Server URL | https://your-domain.example/mcp |
| Authentication | OAuth |
| Client registration | Static |
| Client ID | chatgpt-agent-mcp |
| Client secret | Value of KEYCLOAK_CHATGPT_CLIENT_SECRET from .env |
| Token endpoint auth method | client_secret_post |
| Authorization URL | https://your-domain.example/auth/realms/agent-mcp/protocol/openid-connect/auth |
| Token URL | https://your-domain.example/auth/realms/agent-mcp/protocol/openid-connect/token |
| Scopes | openid profile |
When ChatGPT opens the login page, sign in with KEYCLOAK_MCP_USERNAME and KEYCLOAK_MCP_PASSWORD from .env. If ChatGPT displays a specific callback URL, add that exact URL to the client redirect URIs in Keycloak Admin Console (/auth/admin); the bootstrap configuration already permits standard chatgpt.com callback paths.
ChatGPT supports remote streaming HTTP MCP servers and OAuth authentication. OpenAI’s setup guide
For local-only development, run with AUTH_MODE=disabled only on a loopback-bound port. Never use that mode on an internet-accessible server.
Controlled self-improvement setup
The agent improves this MCP from an isolated clone under /workspaces/agent-mcp, never from the live deployment checkout. The clone contains no .env, Keycloak data, Docker volumes, or host credentials.
After this version is deployed, run these host commands from the repository root:
./scripts/setup-self-improvement-workspace.sh
cp config/secrets.example.json config/secrets.json
chmod 600 config/secrets.json
Create a fine-grained GitHub token for this repository only, with Contents: Read and write and Pull requests: Read and write. Put it in the ignored config/secrets.json as the GITHUB_TOKEN value. Do not put it in .env, the project clone, a prompt, or a ChatGPT configuration field.
Then opt in to the dedicated workspace in the ignored .env:
ENABLE_SELF_IMPROVEMENT_WORKSPACE=true
SELF_IMPROVEMENT_WORKSPACE=agent-mcp
Apply the change and grant the existing Keycloak user the new github:write role:
docker compose --profile production up -d --build
# The bootstrap service is one-shot, so recreate it explicitly after changing .env.
docker compose --profile production up -d --force-recreate keycloak-bootstrap
docker compose --profile production restart mcp-server
Disconnect and reconnect the ChatGPT MCP app once after this step so its access token contains the new role. The ChatGPT OAuth fields and scopes remain unchanged: use only openid profile.
In ChatGPT, start a self-improvement task with:
Open the agent-mcp project workspace. First call self_improvement_readiness and project_context.
Create a new agent/<short-description> branch. Inspect before editing. Implement the requested change,
run project_verify, inspect git diff, create a project_checkpoint, then push the branch and open a PR.
Never merge or deploy unless I explicitly provide the approval phrase requested by the deployment tool.
The policy at config/agent-policy.md is supplied in project_context. It requires branch/PR workflow, grounded verification, no secret disclosure, and explicit user approval for deployment or rollback. You may customize the policy, but never store secrets in it.
High-level agent tools
project_context: grounded stack, root files, Git state, verification suites, policy, and memory keys.project_verify: fixed syntax/test/lint/typecheck/build/Compose checks with structured evidence.project_memory_set/project_memory_get: durable project decisions outside the repository.project_checkpoint/audit_events: resumable work state and credential-free action history.self_improvement_readiness: verifies the isolated clone and reports remaining prerequisites.deployment_preflight,deployment_apply,deployment_rollback: Compose validation, snapshot-backed recovery, and explicit approval gates.github_push_branch,github_create_pull_request: ephemeral-token GitHub workflow. Tokens are never written to Git config or returned in tool output.
Local-only development
Build and run the MCP server:
docker compose --env-file .env.example -f docker-compose.yml -f docker-compose.dev.yml up -d --build
This override binds the insecure development server to loopback only:
http://localhost:8081/mcp
The container listens on port 8080; the host mapping is 8081:8080.
MCP Client Configuration
Use a streamable HTTP MCP connection pointed at:
http://localhost:8081/mcp
The server name is:
coding-agent-mcp
For ChatGPT web, use the HTTPS URL from the web-deployment section. The loopback URL is for local development only.
Docker Compose Details
The included docker-compose.yml starts one service named mcp-server.
Important mounts:
./workspaces:/workspacesis the only project tree exposed to the service../config:/config:roholds the identity-to-workspace mapping../snapshots:/snapshotsstores project snapshots outside the container.
The production MCP service mounts the Docker socket so authenticated deployment tools can inspect and control host Docker. This is root-equivalent host access; keep OAuth credentials protected and do not expose this server beyond trusted users. SSH keys and the host home directory are not mounted.
Important production environment values are in .env: PUBLIC_URL, WORKSPACES_DIR, and the KEYCLOAK_* passwords. The server derives the issuer and JWKS endpoint from the public URL and refuses to start in production mode without a valid HTTPS URL.
Resource lifecycle configuration
Tracked background processes and persistent browser sessions use generous configurable limits so long coding, debugging, and security workflows remain available without allowing abandoned resources to accumulate forever:
| Variable | Default | Meaning |
|---|---|---|
MAX_PROCESSES_PER_USER |
32 |
Maximum tracked processes per authenticated identity |
MAX_BROWSER_SESSIONS_PER_USER |
12 |
Maximum persistent browser sessions per identity |
PROCESS_IDLE_TTL_SECONDS |
14400 |
Stop a running process after four hours without output or interaction |
BROWSER_IDLE_TTL_SECONDS |
7200 |
Close a browser session after two hours without interaction |
FINISHED_PROCESS_RETENTION_SECONDS |
3600 |
Keep exited-process output available for one hour |
RESOURCE_CLEANUP_INTERVAL_SECONDS |
60 |
Frequency of automatic cleanup checks |
Set any limit or expiration value to 0 to disable that behavior. Resource limits do not inspect or restrict command contents, browser destinations, programming languages, debuggers, compilers, or security tooling.
Cleanup runs automatically according to the configured limits and TTLs. On container shutdown, the MCP lifespan gracefully terminates tracked process groups and closes browser resources.
Docker checks GET /health, which returns only bounded service and resource counts—never commands, file names, browser URLs, credentials, or secret values.
Local Development
Create and activate a virtual environment:
python -m venv .venv
source .venv/bin/activate
Install dependencies:
pip install -r requirements.txt
python -m playwright install --with-deps chromium
Run the server locally:
python -m app.server
Run the same verification checks used by CI:
python -m compileall -q .
python -m ruff check .
python -m ruff format --check .
python -m pyright
python -m pytest -q
docker compose --env-file .mcp-compose-validation.env config --quiet
Pytest enforces the current 45% coverage floor. project_verify reports each requested suite as passed, failed, or not_configured; explicitly requesting an unconfigured suite makes the overall verification fail instead of silently passing.
By default, the server binds to 0.0.0.0:8080 and serves MCP traffic at /mcp.
Tool Groups
Project Tools
open_projectswitch_projectlist_projectsclose_projectpwdget_project_infoenvironment_infoproject_contextproject_memory_setproject_memory_getproject_checkpointproject_verifyself_improvement_readinessaudit_events
File and Search Tools
write_fileappend_fileread_fileread_filesreplace_in_filereplace_linesinsert_at_linecopy_pathmove_pathdelete_pathcreate_directorylist_filestreefind_filesearch_filesregex_searchfind_symbolstat_pathapply_patchfile_hashread_binary_filewrite_binary_fileatomic_write_filediff_filessearch_all_matcheschmod_pathcreate_symlinkread_symlink
Shell and Process Tools
run_commandcommand_historystart_processlist_processesget_process_outputwait_for_process_outputstop_processforget_processrun_command_advancedstart_process_advancedsend_process_inputsignal_processport_owner
Git Tools
git_statusgit_diffgit_loggit_branchgit_checkoutgit_commitgit_restoregit_staged_diffgit_showgit_blamegit_fetchgit_pullgit_pushgit_stashgit_worktree
Browser Tools
browser_inspectbrowser_check_errorsbrowser_interactbrowser_evaluatebrowser_dom_snapshotbrowser_accessibility_snapshotbrowser_form_snapshotbrowser_assertbrowser_network_tracebrowser_storage_statebrowser_session_openbrowser_session_listbrowser_session_closebrowser_session_inspectbrowser_session_interactbrowser_session_evaluatebrowser_session_dom_snapshotbrowser_session_accessibility_snapshotbrowser_session_logsbrowser_session_uploadbrowser_session_frame_evaluatebrowser_session_routebrowser_session_tracebrowser_session_import_storagebrowser_session_downloadbrowser_session_popup
Snapshot Tools
create_snapshotrestore_snapshotlist_snapshots
Dependency Tools
install_apt_packagesinstall_python_packagesinstall_node_packagesinstall_project_dependencies
Network, Database, and Deployment Tools
http_requesthttp_downloadhttp_uploaddns_lookuptcp_checktls_certificatedatabase_querycompose_statuscompose_logscompose_restartwait_for_http_healthdeployment_preflightdeployment_applydeployment_rollbackgithub_push_branchgithub_create_pull_request
Browser Action Format
Browser interaction tools accept action dictionaries. Locator fields can use one of:
selectorrolewith optionalnametextlabelplaceholdertest_idalt_texttitle
Supported actions include:
clickdblclickfilltypepresshovercheckuncheckselectfocusblurwait_for_selectorwait_for_textwait_for_urlwaitgotoreloadassert_textassert_selectorassert_countassert_urlassert_titleevaluate
Example action payload:
[
{
"action": "fill",
"label": "Search",
"value": "agent mcp"
},
{
"action": "press",
"label": "Search",
"value": "Enter"
},
{
"action": "assert_text",
"text": "Results"
}
]
Snapshots
Snapshots are stored under /snapshots in the container and mapped to ./snapshots by Docker Compose. A snapshot copies the active project while ignoring common generated directories such as .git, node_modules, __pycache__, .venv, dist, and build.
Security Notes
This server is intentionally powerful. OAuth scopes restrict tools, but command:run permits arbitrary commands within the mounted workspace, and the mounted Docker socket is root-equivalent host access. Give these roles only to identities you trust. Keep SSH keys and broad host mounts out of the container. Use the isolated self-improvement clone and the policy/PR workflow for changes to this MCP.
Review the host paths in docker-compose.yml before sharing or deploying this project. The defaults are tailored to the original development machine and may expose more of the host filesystem than you want.
Configuration
Most behavior is currently configured in app/server.py and Compose environment variables:
WORKSPACE_ROOT=/workspacesWORKSPACE_MAP_PATH=/config/workspaces.jsonSECRET_REFS_PATH=/config/secrets.jsonSNAPSHOT_ROOT=/snapshotsPROCESS_LOG_LIMIT=5000BROWSER_LOG_LIMIT=500MAX_READ_BYTES=500000MAX_OUTPUT=80000DEFAULT_TIMEOUT_SECONDS=30
For named secret injection, copy config/secrets.example.json to config/secrets.json, replace its values, and keep that file out of Git. Tools can request a secret by its reference name through secret_refs; values are injected into the child process only and are not returned by the MCP server. The self-hosted Keycloak role secrets:use is required. database:use and deploy:run govern database and Compose primitives.
The Docker image sets:
PYTHONDONTWRITEBYTECODE=1PYTHONUNBUFFERED=1PLAYWRIGHT_BROWSERS_PATH=/ms-playwright
Development Workflow
Useful checks:
python -m compileall app
Run the container:
docker compose up --build
Check the exposed endpoint from the host:
curl http://localhost:8081/mcp
The MCP endpoint may return a protocol-specific response depending on the request; this command is primarily a connectivity check.
License
No license file is included yet. Add one before publishing this project for reuse by other people or organizations.
Установка Coding Agent
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/spyduck007/agent-mcpFAQ
Coding Agent MCP бесплатный?
Да, Coding Agent MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Coding Agent?
Нет, Coding Agent работает без API-ключей и переменных окружения.
Coding Agent — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Coding Agent в Claude Desktop, Claude Code или Cursor?
Открой Coding Agent на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Coding Agent with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
