Auth & tunnels

A local MCP server that reads files and runs shell commands becomes a remote code execution surface the moment you expose it to the internet. Forgeline treats the bearer token as the only thing standing between a random request and your filesystem — so we're strict about it.

Bearer tokens

FORGELINE_AUTH_TOKEN=$(python -c 'import secrets; print(secrets.token_urlsafe(32))')

Store it in ~/.forgeline/.env. The server refuses to start if it's empty or shorter than 16 chars.

Cloudflare Quick Tunnel

cloudflared tunnel --url http://127.0.0.1:8766

Outputs a trycloudflare.com URL. Give that URL, plus your bearer token, to any remote MCP client — Notion AI, ChatGPT, a teammate's Claude Desktop.

Named tunnels (for persistent setups)

cloudflared tunnel login
cloudflared tunnel create forgeline
cloudflared tunnel route dns forgeline mcp.example.com
cloudflared tunnel run forgeline

Failure modes we guard against

• Empty token at startup — server exits with code 2.
• Token in query string — rejected; must be in Authorization header.
• Path outside workspace — returns path_outside_workspace.
• Symlink escape — resolved paths checked against root prefix.