Is Stackbilt Mcp Gateway free?

Yes, Stackbilt Mcp Gateway is free to use.

How do I install Stackbilt Mcp Gateway?

Stackbilt Mcp Gateway supports both local and remote installation. For local use, install it via the provided package manager and add the configuration to your AI app. For remote access, add the server URL to your MCP configuration.

What AI apps work with Stackbilt Mcp Gateway?

Stackbilt Mcp Gateway uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Stackbilt Mcp Gateway MCP Server

by Kurt Overmier

Developer ToolsUse Caution3.2LocalRemote

Free

Image generation, Cloudflare Worker scaffolding, C-level agent reasoning, and billing tools.

About

Image generation, Cloudflare Worker scaffolding, C-level agent reasoning, and billing tools.

Remote endpoints: streamable-http: https://mcp.stackbilt.dev/mcp

Security Report

3.2

Use Caution3.2High Risk

This MCP gateway server implements OAuth authentication and service routing with several security controls, but contains notable vulnerabilities in credential handling, error message sanitization, and permission scope enforcement. Key issues include: (1) hardcoded Stripe API version in payment processing, (2) incomplete sanitization of error messages that could leak sensitive information despite attempts to redact, (3) overly permissive scope exemptions that bypass authorization checks for costly operations, and (4) insufficient validation of tool arguments before dispatch. The code is well-structured with audit logging and rate limiting in place, but these findings prevent a higher score. Supply chain analysis found 8 known vulnerabilities in dependencies (1 critical, 3 high severity).

3 files analyzed · 18 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

File System Read

Reads files on your machine. Normal for tools that analyze or process local data.

process_spawn

Check that this permission is expected for this type of plugin.

How to Install & Connect

Available as Local & Remote

This plugin can run on your machine or connect to a hosted endpoint. during install.

Documentation

View on GitHub

From the project's GitHub README.

Stackbilt MCP Gateway

MCP Registry: dev.stackbilt.mcp/gateway — published on the Official MCP Registry

OAuth-authenticated Model Context Protocol (MCP) gateway for Stackbilt platform services. Built as a Cloudflare Worker using @cloudflare/workers-oauth-provider.

What It Does

A single MCP endpoint (mcp.stackbilt.dev/mcp) that routes tool calls to multiple backend product workers:

Backend	Tools	Description
TarotScript	`scaffold_create`, `scaffold_classify`, `scaffold_publish`, `scaffold_deploy`, `scaffold_import`, `scaffold_status`	Deterministic project scaffolding, n8n workflow import, GitHub publishing, CF deployment
img-forge	`image_generate`, `image_list_models`, `image_check_job`	AI image generation (5 quality tiers)
Stackbilder (TarotScript backend)	`flow_create`, `flow_status`, `flow_summary`, `flow_quality`, `flow_governance`, `flow_advance`, `flow_recover`	DEPRECATED — Architecture flow orchestration (migrating to `scaffold_*`)

The Scaffold Pipeline (E2E)

You: "Build a restaurant menu API with D1 storage"
  ↓
scaffold_create → structured facts + 9 deployable project files
  ↓
scaffold_publish → GitHub repo with atomic initial commit
  ↓
git clone → npm install → npx wrangler deploy → live Worker

Zero LLM calls for file generation. ~20ms for structure, ~2s with oracle prose. 21x faster than flow_create.

Key Features

OAuth 2.1 with PKCE — GitHub SSO, Google SSO, and email/password authentication
Backend adapter pattern — tool catalogs aggregated from multiple service bindings, namespaced to avoid collisions
Per-tier rate limiting — fixed-window per-tenant limits via RATELIMIT_KV (free=20/min, hobby=60, pro=300, enterprise=1000); 429 with Retry-After and X-RateLimit-* headers
Cost attribution & quota — every tool call carries a credit cost; quota is reserved via edge-auth before dispatch and committed/refunded on outcome; image_generate cost scales with the effective quality tier (1×/1×/3×/5×/8× for draft/standard/premium/ultra/ultra_plus); when model is set it takes billing precedence over quality_tier
Scope + tier enforcement — tools/list is filtered by token scopes; tools/call requires the generate scope for mutating tools; expensive image_generate quality tiers (premium and above) are gated to Pro+ plans; specifying model directly enforces the same gate via model→tier mapping
Security Constitution compliance — every tool declares a risk level (READ_ONLY, LOCAL_MUTATION, EXTERNAL_MUTATION); structured audit logging with secret redaction; HMAC-signed identity tokens
Coming-soon gate — PUBLIC_SIGNUPS_ENABLED flag to control public access
MCP JSON-RPC over HTTP — supports both streaming (SSE) and request/response transport

Quick Start

Prerequisites

Node.js 18+
Wrangler CLI (npm i -g wrangler)
Cloudflare account with the required service bindings configured

Install & Run

npm install
npm run dev

Run Tests

npm test

Deploy

npm run deploy

Deploys to the mcp.stackbilt.dev custom domain via Cloudflare Workers.

Environment Variables & Secrets

Name	Type	Description
`SERVICE_BINDING_SECRET`	Secret	HMAC-SHA256 key for signing identity tokens
`API_BASE_URL`	Variable	Base URL for OAuth redirects (e.g. `https://mcp.stackbilt.dev`)
`AUTH_SERVICE`	Service Binding	RPC to `edge-auth` worker (`AuthEntrypoint`)
`TAROTSCRIPT`	Service Binding	Route to scaffold + classify backend
`IMG_FORGE`	Service Binding	Route to image generation backend
`OAUTH_KV`	KV Namespace	Stores social OAuth state (5-min TTL entries) and MCP sessions
`RATELIMIT_KV`	KV Namespace	Per-tenant fixed-window rate-limit counters (60s TTL)
`PLATFORM_EVENTS_QUEUE`	Queue	Audit event pipeline (`stackbilt-user-events`)
`MCP_REGISTRY_AUTH`	Variable	MCP Registry domain verification string (served at `/.well-known/mcp-registry-auth`)

Set secrets with:

wrangler secret put SERVICE_BINDING_SECRET

Project Structure

src/
  index.ts           # Entry point — OAuthProvider setup, CORS, health check, MCP Registry well-known
  gateway.ts         # MCP JSON-RPC transport, session management, tool dispatch
  oauth-handler.ts   # OAuth 2.1 flows: login, signup, social SSO, consent
  tool-registry.ts   # Tool catalog aggregation, namespacing, schema validation
  audit.ts           # Structured audit logging, secret redaction, trace IDs
  auth.ts            # Bearer token extraction & validation
  route-table.ts     # Static routing table, tool-to-backend mapping, risk levels
  types.ts           # Type definitions, RiskLevel enum, interfaces

test/
  audit.test.ts
  auth.test.ts
  gateway.test.ts
  oauth-handler.test.ts
  route-table.test.ts
  tool-registry.test.ts

docs/
  user-guide.md      # End-user guide: account creation, client setup, tool usage
  api-reference.md   # MCP tool surface, authentication flow, tool routing
  architecture.md    # System design, security model, request flow

Test Suite

122 tests across 6 test files covering:

OAuth handler — identity token signing/verification, login, signup, social OAuth flows, consent, HTML escaping
Gateway — session lifecycle, initialize, tools/list, tools/call, SSE streaming, error handling
Audit — secret redaction patterns (API keys, bearer tokens, hex hashes, password fields), trace IDs, queue emission
Auth — bearer token extraction, API key vs JWT validation, error mapping
Tool registry — catalog building, name mapping, schema validation, risk level enforcement
Route table — route resolution, risk level lookup

npm test          # single run
npm run test:watch # watch mode

Documentation

User Guide — account creation, client setup, tool usage
API Reference — MCP tools, authentication, tool routing
Architecture — system design, security model, data flow

License

MIT — see LICENSE

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Stackbilt Mcp Gateway MCP Server

About

Security Report

Findings (18)Action required

Permissions Required

How to Install & Connect

Documentation

Stackbilt MCP Gateway

What It Does

The Scaffold Pipeline (E2E)

Key Features

Quick Start

Prerequisites

Install & Run

Run Tests

Deploy

Environment Variables & Secrets

Project Structure

Test Suite

Documentation

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript