Skip to content

Secure hosted MCP credential setup#155

Draft
hmishra2250 wants to merge 1 commit into
mainfrom
fix/secure-hosted-mcp-setup
Draft

Secure hosted MCP credential setup#155
hmishra2250 wants to merge 1 commit into
mainfrom
fix/secure-hosted-mcp-setup

Conversation

@hmishra2250

@hmishra2250 hmishra2250 commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Summary

Updates firecrawl setup mcp so hosted MCP credentials are sent as authorization headers instead of being embedded in the server URL.

  • Always configures the hosted endpoint as https://mcp.firecrawl.dev/v2/mcp.
  • Adds Authorization: Bearer ... only when an API key is available.
  • Keeps setup keyless when no API key is configured.
  • Uses client-native environment references for Cursor, OpenCode, and global Codex setup when FIRECRAWL_API_KEY supplies the active key.
  • Pins add-mcp@1.14.0 so generated client configuration remains reproducible.
  • Replaces secret-bearing shell command strings with argument-based process execution.
  • Stops printing installer commands or OpenClaw child output that may contain credentials.
  • Preserves existing Hermes YAML and restricts its credential-bearing configuration file to mode 0600 on POSIX systems.

Compatibility

  • Existing agent aliases, global/local selection, all-launcher setup, confirmation flags, and quiet output remain supported.
  • Claude Code, VS Code, Codex, OpenCode, Cursor, Hermes, and OpenClaw continue to receive their existing setup shape with the corrected endpoint and authentication placement.
  • This change does not configure the browser OAuth endpoint; the CLI continues to use keyless or API-key access on /v2/mcp.

Verification

  • Targeted setup tests: 28 passed.
  • Full test suite: 23 files, 372 tests passed.
  • TypeScript, build, formatting, and diff checks pass.
  • Credential scans find no API key in hosted MCP URLs or wrapper output.
  • Adversarial credentials containing command substitutions, backticks, quotes, newlines, and environment references remain inert.
  • Isolated add-mcp@1.14.0 smokes confirm Cursor and OpenCode environment references and literal header configuration for other supported clients.
  • A real Codex smoke writes bearer_token_env_var = "FIRECRAWL_API_KEY" without persisting the key.
  • Keyless Hermes and OpenClaw smokes contain no authentication fields.

Shared hosted MCP contract

  • Version: 1.0.0
  • SHA-256: ef000059d2e9b57d88db34441bffb0f3249ae0ac3b5d85d5ce60dd2343366c2c
  • Authoritative artifact: firecrawl-mcp-server/contracts/hosted-mcp/v1/contract.json
  • This PR covers: Header-based unattended setup.

Review and deploy this PR against the same contract version and hash.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant