torjus/labmcp
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: torjus:08f8b2cd837a5754ca8184c3c053550e379a2631
Branches Tags
torjus:master
..
compare: torjus:e6315eb94b1fb4f48623cf53708ed4504ec5baaa
Branches Tags
torjus:master

2 Commits
08f8b2cd83 ... e6315eb94b

Author SHA1 Message Date
Torjus Håkestad
e6315eb94b docs: fix flake URL and add nix run MCP example 
- Update flake URL from github:torjus/labmcp to the correct
  git+https://git.t-juice.club/torjus/labmcp
- Add alternative MCP client configuration using nix run with
  the flake URL directly (no installation required)
- Fix NixOS module example to use correct flake URL

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-03 22:21:50 +01:00
Torjus Håkestad
921005179e docs: add HTTP transport documentation 
Update README.md:
- Add HTTP transport usage section with examples
- Document HTTP endpoints (POST/GET/DELETE)
- Add HTTP-related NixOS module options to the table

Update CLAUDE.md:
- Update protocol description to include HTTP/SSE
- Add new transport files to repository structure
- Add Transports section explaining STDIO vs HTTP
- Add HTTP security hardening details
- Update CLI commands with HTTP transport examples

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-03 22:16:46 +01:00
2 changed files with 85 additions and 16 deletions
Expand all files Collapse all files

29
CLAUDE.md
View File

@@ -15,7 +15,7 @@ The first MCP server provides search and query capabilities for NixOS configurat
- **Language**: Go 1.24+ - **Language**: Go 1.24+
- **Build System**: Nix flakes - **Build System**: Nix flakes
- **Databases**: PostgreSQL and SQLite (both fully supported) - **Databases**: PostgreSQL and SQLite (both fully supported)
- **Protocol**: MCP (Model Context Protocol) - JSON-RPC over stdio - **Protocol**: MCP (Model Context Protocol) - JSON-RPC over STDIO or HTTP/SSE
- **Module Path**: `git.t-juice.club/torjus/labmcp` - **Module Path**: `git.t-juice.club/torjus/labmcp`
## Project Status ## Project Status
@@ -42,10 +42,14 @@ labmcp/
│ │ ├── sqlite.go # SQLite implementation │ │ ├── sqlite.go # SQLite implementation
│ │ └── *_test.go # Database tests │ │ └── *_test.go # Database tests
│ ├── mcp/ │ ├── mcp/
│ │ ├── server.go # MCP server loop │ │ ├── server.go # MCP server core
│ │ ├── handlers.go # Tool implementations │ │ ├── handlers.go # Tool implementations
│ │ ├── types.go # Protocol types │ │ ├── types.go # Protocol types
│ │ ── server_test.go # MCP tests │ │ ── transport.go # Transport interface
│ │ ├── transport_stdio.go # STDIO transport
│ │ ├── transport_http.go # HTTP/SSE transport
│ │ ├── session.go # HTTP session management
│ │ └── *_test.go # MCP tests
│ └── nixos/ │ └── nixos/
│ ├── indexer.go # Nixpkgs indexing │ ├── indexer.go # Nixpkgs indexing
│ ├── parser.go # options.json parsing │ ├── parser.go # options.json parsing
@@ -91,16 +95,33 @@ All tools are implemented and functional:
- File indexing enabled by default (use `--no-files` to skip) - File indexing enabled by default (use `--no-files` to skip)
- Skips already-indexed revisions (use `--force` to re-index) - Skips already-indexed revisions (use `--force` to re-index)
### Transports
- **STDIO**: Default transport, line-delimited JSON-RPC (for CLI/desktop MCP clients)
- **HTTP**: Streamable HTTP transport with SSE (for web-based MCP clients)
- Session management with cryptographically secure IDs
- Configurable CORS (localhost-only by default)
- Optional TLS support
- SSE keepalive messages (15s default)
### Security ### Security
- Revision parameter validated against strict regex to prevent Nix injection - Revision parameter validated against strict regex to prevent Nix injection
- Path traversal protection using `filepath.Clean()` and `filepath.IsAbs()` - Path traversal protection using `filepath.Clean()` and `filepath.IsAbs()`
- NixOS module supports `connectionStringFile` for PostgreSQL secrets - NixOS module supports `connectionStringFile` for PostgreSQL secrets
- Systemd service runs with extensive hardening options - Systemd service runs with extensive hardening options
- HTTP transport hardening:
- Request body size limit (1MB default)
- Server timeouts (read: 30s, write: 30s, idle: 120s, header: 10s)
- Maximum session limit (10,000 default)
- Origin validation for CORS
## CLI Commands ## CLI Commands
```bash ```bash
nixos-options serve # Run MCP server on stdio nixos-options serve # Run MCP server on STDIO (default)
nixos-options serve --transport http # Run MCP server on HTTP
nixos-options serve --transport http \
--http-address 0.0.0.0:8080 \
--allowed-origins https://example.com # HTTP with custom config
nixos-options index <revision> # Index a nixpkgs revision nixos-options index <revision> # Index a nixpkgs revision
nixos-options index --force <r> # Force re-index existing revision nixos-options index --force <r> # Force re-index existing revision
nixos-options index --no-files # Skip file content indexing nixos-options index --no-files # Skip file content indexing

56
README.md
View File

@@ -20,10 +20,10 @@ Search and query NixOS configuration options across multiple nixpkgs revisions.
```bash ```bash
# Build the package # Build the package
nix build github:torjus/labmcp nix build git+https://git.t-juice.club/torjus/labmcp
# Or run directly # Or run directly
nix run github:torjus/labmcp -- --help nix run git+https://git.t-juice.club/torjus/labmcp -- --help
``` ```
### From Source ### From Source
@@ -34,7 +34,7 @@ go install git.t-juice.club/torjus/labmcp/cmd/nixos-options@latest
## Usage ## Usage
### As MCP Server ### As MCP Server (STDIO)
Configure in your MCP client (e.g., Claude Desktop): Configure in your MCP client (e.g., Claude Desktop):
@@ -52,12 +52,52 @@ Configure in your MCP client (e.g., Claude Desktop):
} }
``` ```
Alternatively, if you have Nix installed, you can use the flake directly without installing the package:
```json
{
"mcpServers": {
"nixos-options": {
"command": "nix",
"args": ["run", "git+https://git.t-juice.club/torjus/labmcp", "--", "serve"],
"env": {
"NIXOS_OPTIONS_DATABASE": "sqlite:///path/to/nixos-options.db"
}
}
}
}
```
Then start the server: Then start the server:
```bash ```bash
nixos-options serve nixos-options serve
``` ```
### As MCP Server (HTTP)
The server can also run over HTTP with Server-Sent Events (SSE) for web-based MCP clients:
```bash
# Start HTTP server on default address (127.0.0.1:8080)
nixos-options serve --transport http
# Custom address and CORS configuration
nixos-options serve --transport http \
--http-address 0.0.0.0:8080 \
--allowed-origins https://example.com
# With TLS
nixos-options serve --transport http \
--tls-cert /path/to/cert.pem \
--tls-key /path/to/key.pem
```
HTTP transport endpoints:
- `POST /mcp` - JSON-RPC requests (returns `Mcp-Session-Id` header on initialize)
- `GET /mcp` - SSE stream for server notifications (requires `Mcp-Session-Id` header)
- `DELETE /mcp` - Terminate session
### CLI Examples ### CLI Examples
**Index a nixpkgs revision:** **Index a nixpkgs revision:**
@@ -154,7 +194,7 @@ A NixOS module is provided for running the MCP server as a systemd service.
```nix ```nix
{ {
inputs.labmcp.url = "github:torjus/labmcp"; inputs.labmcp.url = "git+https://git.t-juice.club/torjus/labmcp";
outputs = { self, nixpkgs, labmcp }: { outputs = { self, nixpkgs, labmcp }: {
nixosConfigurations.myhost = nixpkgs.lib.nixosSystem { nixosConfigurations.myhost = nixpkgs.lib.nixosSystem {
@@ -187,6 +227,14 @@ A NixOS module is provided for running the MCP server as a systemd service.
| `user` | string | `"nixos-options-mcp"` | User to run the service as | | `user` | string | `"nixos-options-mcp"` | User to run the service as |
| `group` | string | `"nixos-options-mcp"` | Group to run the service as | | `group` | string | `"nixos-options-mcp"` | Group to run the service as |
| `dataDir` | path | `/var/lib/nixos-options-mcp` | Directory for data storage | | `dataDir` | path | `/var/lib/nixos-options-mcp` | Directory for data storage |
| `http.address` | string | `"127.0.0.1:8080"` | HTTP listen address |
| `http.endpoint` | string | `"/mcp"` | HTTP endpoint path |
| `http.allowedOrigins` | list of string | `[]` | Allowed CORS origins (empty = localhost only) |
| `http.sessionTTL` | string | `"30m"` | Session timeout (Go duration format) |
| `http.tls.enable` | bool | `false` | Enable TLS |
| `http.tls.certFile` | path | `null` | TLS certificate file |
| `http.tls.keyFile` | path | `null` | TLS private key file |
| `openFirewall` | bool | `false` | Open firewall for HTTP port |
### PostgreSQL Example ### PostgreSQL Example