Is Stackbilt Mcp Gateway free?

Yes, Stackbilt Mcp Gateway is free to use.

How do I install Stackbilt Mcp Gateway?

Stackbilt Mcp Gateway supports both local and remote installation. For local use, install it via the provided package manager and add the configuration to your AI app. For remote access, add the server URL to your MCP configuration.

What AI apps work with Stackbilt Mcp Gateway?

Stackbilt Mcp Gateway uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Stackbilt Mcp Gateway MCP Server

by Kurt Overmier

Developer ToolsModerate5.2LocalRemote

Free

Stackbilt platform MCP gateway — wireframe generation and stack scaffolding tools

About

Stackbilt platform MCP gateway — wireframe generation and stack scaffolding tools

Remote endpoints: streamable-http: https://mcp.stackbilt.dev/mcp

Security Report

5.2

Moderate5.2Moderate Risk

This MCP gateway implements OAuth authentication and proper security practices, but has concerns including a hardcoded personal access token, storage of sensitive OAuth parameters in URLs, and usage of eval-like functions. While the server follows good security patterns overall, these issues present moderate security risks that users should be aware of. Supply chain analysis found 2 known vulnerabilities in dependencies (0 critical, 2 high severity).

4 files analyzed · 7 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

database

Check that this permission is expected for this type of plugin.

How to Install & Connect

Available as Local & Remote

This plugin can run on your machine or connect to a hosted endpoint. during install.

Documentation

View on GitHub

From the project's GitHub README.

Stackbilt MCP Gateway

MCP Registry: dev.stackbilt.mcp/gateway — published on the Official MCP Registry

OAuth-authenticated Model Context Protocol (MCP) gateway for Stackbilt platform services. Built as a Cloudflare Worker using @cloudflare/workers-oauth-provider.

What It Does

A single MCP endpoint (mcp.stackbilt.dev/mcp) that routes tool calls to multiple backend product workers:

Backend	Tools	Description
TarotScript	`scaffold_create`, `scaffold_classify`, `scaffold_publish`, `scaffold_deploy`, `scaffold_import`, `scaffold_status`	Deterministic project scaffolding, n8n workflow import, GitHub publishing, CF deployment
img-forge	`image_generate`, `image_list_models`, `image_check_job`	AI image generation (5 quality tiers)
Stackbilder (TarotScript backend)	`flow_create`, `flow_status`, `flow_summary`, `flow_quality`, `flow_governance`, `flow_advance`, `flow_recover`	DEPRECATED — Architecture flow orchestration (migrating to `scaffold_*`)

The Scaffold Pipeline (E2E)

You: "Build a restaurant menu API with D1 storage"
  ↓
scaffold_create → structured facts + 9 deployable project files
  ↓
scaffold_publish → GitHub repo with atomic initial commit
  ↓
git clone → npm install → npx wrangler deploy → live Worker

Zero LLM calls for file generation. ~20ms for structure, ~2s with oracle prose. 21x faster than flow_create.

Key Features

OAuth 2.1 with PKCE — GitHub SSO, Google SSO, and email/password authentication
Backend adapter pattern — tool catalogs aggregated from multiple service bindings, namespaced to avoid collisions
Per-tier rate limiting — fixed-window per-tenant limits via RATELIMIT_KV (free=20/min, hobby=60, pro=300, enterprise=1000); 429 with Retry-After and X-RateLimit-* headers
Cost attribution & quota — every tool call carries a credit cost; quota is reserved via edge-auth before dispatch and committed/refunded on outcome; image_generate cost scales with the effective quality tier (1×/1×/3×/5×/8× for draft/standard/premium/ultra/ultra_plus); when model is set it takes billing precedence over quality_tier
Scope + tier enforcement — tools/list is filtered by token scopes; tools/call requires the generate scope for mutating tools; expensive image_generate quality tiers (premium and above) are gated to Pro+ plans; specifying model directly enforces the same gate via model→tier mapping
Security Constitution compliance — every tool declares a risk level (READ_ONLY, LOCAL_MUTATION, EXTERNAL_MUTATION); structured audit logging with secret redaction; HMAC-signed identity tokens
Coming-soon gate — PUBLIC_SIGNUPS_ENABLED flag to control public access
MCP JSON-RPC over HTTP — supports both streaming (SSE) and request/response transport

Quick Start

Prerequisites

Node.js 18+
Wrangler CLI (npm i -g wrangler)
Cloudflare account with the required service bindings configured

Install & Run

npm install
npm run dev

Run Tests

npm test

Deploy

npm run deploy

Deploys to the mcp.stackbilt.dev custom domain via Cloudflare Workers.

Environment Variables & Secrets

Name	Type	Description
`SERVICE_BINDING_SECRET`	Secret	HMAC-SHA256 key for signing identity tokens
`API_BASE_URL`	Variable	Base URL for OAuth redirects (e.g. `https://mcp.stackbilt.dev`)
`AUTH_SERVICE`	Service Binding	RPC to `edge-auth` worker (`AuthEntrypoint`)
`TAROTSCRIPT`	Service Binding	Route to scaffold + classify backend
`IMG_FORGE`	Service Binding	Route to image generation backend
`OAUTH_KV`	KV Namespace	Stores social OAuth state (5-min TTL entries) and MCP sessions
`RATELIMIT_KV`	KV Namespace	Per-tenant fixed-window rate-limit counters (60s TTL)
`PLATFORM_EVENTS_QUEUE`	Queue	Audit event pipeline (`stackbilt-user-events`)
`MCP_REGISTRY_AUTH`	Variable	MCP Registry domain verification string (served at `/.well-known/mcp-registry-auth`)

Set secrets with:

wrangler secret put SERVICE_BINDING_SECRET

Project Structure

src/
  index.ts           # Entry point — OAuthProvider setup, CORS, health check, MCP Registry well-known
  gateway.ts         # MCP JSON-RPC transport, session management, tool dispatch
  oauth-handler.ts   # OAuth 2.1 flows: login, signup, social SSO, consent
  tool-registry.ts   # Tool catalog aggregation, namespacing, schema validation
  audit.ts           # Structured audit logging, secret redaction, trace IDs
  auth.ts            # Bearer token extraction & validation
  route-table.ts     # Static routing table, tool-to-backend mapping, risk levels
  types.ts           # Type definitions, RiskLevel enum, interfaces

test/
  audit.test.ts
  auth.test.ts
  gateway.test.ts
  oauth-handler.test.ts
  route-table.test.ts
  tool-registry.test.ts

docs/
  user-guide.md      # End-user guide: account creation, client setup, tool usage
  api-reference.md   # MCP tool surface, authentication flow, tool routing
  architecture.md    # System design, security model, request flow

Test Suite

122 tests across 6 test files covering:

OAuth handler — identity token signing/verification, login, signup, social OAuth flows, consent, HTML escaping
Gateway — session lifecycle, initialize, tools/list, tools/call, SSE streaming, error handling
Audit — secret redaction patterns (API keys, bearer tokens, hex hashes, password fields), trace IDs, queue emission
Auth — bearer token extraction, API key vs JWT validation, error mapping
Tool registry — catalog building, name mapping, schema validation, risk level enforcement
Route table — route resolution, risk level lookup

npm test          # single run
npm run test:watch # watch mode

Documentation

User Guide — account creation, client setup, tool usage
API Reference — MCP tools, authentication, tool routing
Architecture — system design, security model, data flow

License

MIT — see LICENSE

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Stackbilt Mcp Gateway MCP Server

About

Security Report

Findings (7)Action required

Permissions Required

How to Install & Connect

Documentation

Stackbilt MCP Gateway

What It Does

The Scaffold Pipeline (E2E)

Key Features

Quick Start

Prerequisites

Install & Run

Run Tests

Deploy

Environment Variables & Secrets

Project Structure

Test Suite

Documentation

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript