MCP Router

A unified gateway for routing requests to multiple Model Context Protocol servers.

GitHub

MCP Anywhere

A unified gateway for Model Context Protocol (MCP) servers that enables discovery, configuration, and access to tools from GitHub repositories through a single endpoint.

https://github.com/user-attachments/assets/f011f8bf-6c99-4a8a-8236-f8eb0a3fb9e4

Current Version: 0.8.0
Note: This project is in beta. APIs and features are subject to change.

Overview

MCP Anywhere provides:

  • Automatic tool discovery from GitHub repositories
  • Centralized API key and credential management
  • Selective tool enablement and access control
  • Unified endpoint for all MCP tools
  • Docker-based isolation for secure execution

Documentation

📚 Full documentation is available at mcpanywhere.com

Installation

Local Installation

# Clone repository
git clone https://github.com/locomotive-agency/mcp-anywhere.git
cd mcp-anywhere

# Install with uv (recommended)
uv sync

# Or install with pip
pip install -e .

# Configure environment
cp env.example .env
# Edit .env with required values:
# SECRET_KEY=<secure-random-key>
# ANTHROPIC_API_KEY=<your-api-key>

# Start server
mcp-anywhere serve http
# Or: python -m mcp_anywhere serve http
# Access at http://localhost:8000

Production Deployment (Fly.io)

# Install Fly CLI
curl -L https://fly.io/install.sh | sh

# Deploy application
cd mcp-anywhere
fly launch
fly secrets set SECRET_KEY=<secure-random-key>
fly secrets set JWT_SECRET_KEY=<jwt-secret-key>
fly secrets set ANTHROPIC_API_KEY=<your-api-key>
fly secrets set GOOGLE_OAUTH_CLIENT_ID=<google-oauth-client-id>
fly secrets set GOOGLE_OAUTH_CLIENT_SECRET=<google-oauth-client-secret>
fly deploy

# Application available at https://your-app.fly.dev

To speed up the fly.io deployment, you can configure manual build and start of containers.

# set the environment variable
REBUILD_CONTAINERS_ON_STARTUP=false

Docker

Deploying the application as a docker container using docker compose.

# Configure environment
cp env.example .env
# Edit .env with required values:
# SECRET_KEY=<secure-random-key>
# ANTHROPIC_API_KEY=<your-api-key>

Build and Deploy the application

$ docker compose -f docker-compose.native.yml up -d --build

View logs to see status

$ docker logs mcp-anywhere-app

Navigate to http://<DOCKER-HOST>:8000/ to use the application

Interact with the machine via CLI, useful for interacting with the database using sqlite3

# fetch machine id for your app
$ fly --app mcp-anywhere-app machine list

$ fly console --app mcp-anywhere-app --machine <MACHINE_ID>

Sample database commands, once logged in to the machine console

$ sqlite3 /.data/mcp_anywhere.db ".tables"

$ sqlite3 /.data/mcp_anywhere.db "SELECT * FROM users;"

Usage

Adding Tools from GitHub

Use the web interface to add MCP server repositories:

  • Official MCP servers: https://github.com/modelcontextprotocol/servers
  • Python interpreter: https://github.com/yzfly/mcp-python-interpreter
  • Any compatible MCP repository

The system uses Claude AI to automatically analyze and configure repositories.

Configuration

  • API Keys: Centralized credential storage
  • Secret Files: Secure upload and management of credential files (JSON, PEM, certificates)
  • Tool Management: Enable or disable specific tools
  • Container Settings: Automatic Docker containerization

Secret File Management

MCP Anywhere supports secure upload and management of credential files for MCP servers:

Supported File Types:

  • JSON credential files (.json)
  • PEM certificates and keys (.pem, .key, .crt, .cert)
  • PKCS12/PFX certificates (.p12, .pfx)
  • Java KeyStores (.jks, .keystore)
  • Configuration files (.yaml, .yml, .xml, .txt)

Features:

  • Files are encrypted at rest using AES-128 (Fernet)
  • Maximum file size: 10MB
  • Files are mounted as read-only volumes in containers
  • Environment variables automatically set with file paths
  • Automatic cleanup when servers are deleted

Usage via Web Interface:

  1. Navigate to the server detail page
  2. Use the "Upload Secret File" form
  3. Specify an environment variable name (e.g., GOOGLE_APPLICATION_CREDENTIALS)
  4. Upload the credential file
  5. The file will be automatically mounted when the container starts

Security Considerations:

  • Files are stored encrypted in DATA_DIR/secrets/<server_id>/
  • Each server has isolated secret storage
  • Files are only decrypted when mounting to containers
  • Container access is read-only

Client Integration

Claude Desktop Configuration:

First run which uv, which will print out a path to the uv binary. For example on macOS:

/Users/yourname/.local/bin/uv

You can then use that in the start command. Change the --directory path to your MCP Anywhere clone path.

{
  "mcpServers": {
    "mcp-anywhere": {
      "command": "/Users/yourname/.local/bin/uv",
      "args": ["run", "--directory", "/Users/yourname/Projects/mcp-anywhere", "mcp-anywhere", "connect"]
    }
  }
}

Lastly, set up the MCP Anywhere application before starting Claude Desktop:

uv run mcp-anywhere serve stdio

Authentication Options:

For Google OAuth (recommended for teams):

  1. Set up Google OAuth credentials in Google Cloud Console
  2. Configure environment variables: 
    GOOGLE_OAUTH_CLIENT_ID=your-client-id
GOOGLE_OAUTH_CLIENT_SECRET=your-client-secret
GOOGLE_OAUTH_REDIRECT_URI=/auth/callback
OAUTH_USER_ALLOWED_DOMAIN=company.com  # Optional: restrict to your domain
  3. Users can sign in with Google at /auth/login

HTTP API Integration:

from fastmcp import Client
from fastmcp.client.auth import BearerAuth

async with Client(
    "https://your-app.fly.dev/mcp/",
    auth=BearerAuth(token="<oauth-token>")
) as client:
    tools = await client.list_tools()

Command Line Interface:

# For MCP client connection
mcp-anywhere connect
# Or: python -m mcp_anywhere connect

# For STDIO server mode (local Claude Desktop integration)
mcp-anywhere serve stdio

# For HTTP server mode with OAuth (production)
mcp-anywhere serve http --host 0.0.0.0 --port 8000

Features

Authentication & Access Control

  • Google OAuth integration - Sign in with Google for simplified authentication
  • Domain-based access control - Restrict access to users from specific domains (e.g., @company.com)
  • Session-based web authentication with secure cookie management
  • JWT tokens for API access with proper scope validation

Tool Discovery and Management

  • Automatic repository analysis using Claude AI
  • Container health monitoring with intelligent remounting
  • Support for npx, uvx, and Docker runtimes
  • Selective tool enablement with per-server controls
  • Enhanced server management - Start, stop, and restart servers through web interface
  • Pre-configured Python interpreter with sandbox isolation

Security and Authentication

  • Google OAuth integration for simplified user authentication
  • Domain-based access control for organizational security
  • OAuth 2.0/2.1 with PKCE support (MCP SDK implementation)
  • JWT-based API authentication
  • Docker container isolation for tool execution
  • Session-based authentication for web interface
  • Encrypted secret file storage (AES-128 with Fernet)

Production Architecture

  • Asynchronous architecture (Starlette/FastAPI)
  • Health monitoring with automatic recovery
  • Flexible container management with configurable startup/shutdown behavior
  • Enhanced server lifecycle management with start/stop/restart controls
  • Streamlined deployment process with GitHub Actions CI
  • CLI support for direct tool access

Architecture

Client Application → MCP Anywhere Gateway → Docker Containers → MCP Tools
                            ↓
                    Web Management Interface

Contributing

Areas for contribution:

  • Oauth review and additional provider support
  • Container efficiency and latency
  • Improve tests
  • Documentation

Configuration

Required Environment Variables

SECRET_KEY                  # Session encryption key
ANTHROPIC_API_KEY          # Claude API key for repository analysis

Optional Environment Variables

JWT_SECRET_KEY             # JWT token signing key (defaults to SECRET_KEY)
WEB_PORT                   # Web interface port (default: 8000)
DATA_DIR                   # Data storage directory (default: .data)
DOCKER_TIMEOUT             # Container operation timeout in seconds (default: 300)
LOG_LEVEL                  # Logging level (default: INFO)
GITHUB_TOKEN               # GitHub token for private repository access

# Container Management
CLEANUP_CONTAINERS_ON_SHUTDOWN    # Clean up containers on app shutdown (default: false)
REBUILD_CONTAINERS_ON_STARTUP     # Rebuild containers on startup (default: true)

# Google OAuth (optional - enables Google authentication)
GOOGLE_OAUTH_CLIENT_ID            # Google OAuth client ID
GOOGLE_OAUTH_CLIENT_SECRET        # Google OAuth client secret  
GOOGLE_OAUTH_REDIRECT_URI         # OAuth redirect URI (e.g., /auth/callback)
OAUTH_USER_ALLOWED_DOMAIN         # Restrict access to specific domain (e.g., company.com)

Development

Development Setup

# Install development dependencies
uv sync --group dev

# Run tests
uv run pytest

# Run linting
uv run ruff check src/ tests/

# Run type checking
uv run mypy src/

Testing

# Run all tests
uv run pytest

# Run tests with coverage
uv run pytest --cov=mcp_anywhere

Debug Mode

LOG_LEVEL=DEBUG mcp-anywhere serve http

Data Reset

mcp-anywhere reset --confirm

Support

License

See LICENSE

Related Servers