{"id":49181292,"url":"https://github.com/php-workx/modal-mcp","last_synced_at":"2026-04-23T01:31:01.814Z","repository":{"id":351943580,"uuid":"1213134628","full_name":"php-workx/modal-mcp","owner":"php-workx","description":"Modal-focused MCP server","archived":false,"fork":false,"pushed_at":"2026-04-17T07:19:19.000Z","size":443,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-17T07:32:40.250Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/php-workx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-17T04:36:11.000Z","updated_at":"2026-04-17T04:42:56.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/php-workx/modal-mcp","commit_stats":null,"previous_names":["php-workx/modal-mcp"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/php-workx/modal-mcp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/php-workx%2Fmodal-mcp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/php-workx%2Fmodal-mcp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/php-workx%2Fmodal-mcp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/php-workx%2Fmodal-mcp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/php-workx","download_url":"https://codeload.github.com/php-workx/modal-mcp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/php-workx%2Fmodal-mcp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32162601,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-22T17:06:48.269Z","status":"ssl_error","status_checked_at":"2026-04-22T17:06:19.037Z","response_time":58,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-23T01:31:00.352Z","updated_at":"2026-04-23T01:31:01.806Z","avatar_url":"https://github.com/php-workx.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Modal MCP\n\nSelf-hosted Model Context Protocol server for read-only Modal operations.\n\nThe v1 server exposes Modal discovery, app, deployment, log, container, volume,\nand sandbox read APIs over FastMCP Streamable HTTP at `/mcp`. Mutating `change`\nand `expert` toolsets are registered as disabled stubs, hidden from default\n`tools/list`, and guarded by policy code for future releases.\n\n## Quickstart\n\n```bash\nuv sync --extra dev\nexport MODAL_MCP_ALLOWED_ORIGINS=http://127.0.0.1:8765\nexport MODAL_MCP_SIGNING_KEYS=kid1:$(openssl rand -hex 32)\nuv run modal-mcp\n```\n\nFor production-like use, prefer file-backed secrets:\n\n```bash\ninstall -m 600 /dev/null .secrets/modal-token-id\ninstall -m 600 /dev/null .secrets/modal-token-secret\ninstall -m 600 /dev/null .secrets/modal-mcp-signing-key\n\nexport MODAL_TOKEN_ID_FILE=$PWD/.secrets/modal-token-id\nexport MODAL_TOKEN_SECRET_FILE=$PWD/.secrets/modal-token-secret\nexport MODAL_MCP_SIGNING_KEY_FILE=$PWD/.secrets/modal-mcp-signing-key\nexport MODAL_MCP_ALLOWED_ORIGINS=http://127.0.0.1:8765\nuv run modal-mcp\n```\n\nUse a Modal service-user token with Viewer permissions in a restricted,\nnon-production Modal environment for the default read-only posture.\n\n## Configuration\n\nRequired for self-hosted startup:\n\n- `MODAL_MCP_ALLOWED_ORIGINS`: comma-separated browser/client origins allowed to\n  call `/mcp`.\n- `MODAL_MCP_SIGNING_KEYS` or `MODAL_MCP_SIGNING_KEY_FILE`: one or more\n  `kid:hex` HMAC signing keys for refs, cursors, and approval tokens.\n- Modal credentials from either `MODAL_TOKEN_ID` + `MODAL_TOKEN_SECRET`, their\n  `_FILE` variants, or an existing `MODAL_CONFIG_PATH`.\n\nRecommended defaults:\n\n- `MODAL_MCP_READ_ONLY=true`\n- `MODAL_MCP_ENABLED_TOOLSETS=discovery,apps,containers,logs,volumes,sandboxes`\n- `MODAL_MCP_AUDIT_LOG=stdout`\n- `MODAL_MCP_HTTP_BIND=127.0.0.1:8765`\n\nHosted OAuth delegation for Modal tokens is not part of v1. Cloudflare Workers\nand other edge runtimes are unsupported targets because the server depends on\nthe Modal Python SDK, local process hardening, and FastMCP Streamable HTTP\nlifespan behavior.\n\n## Security Posture\n\nThe server enforces Origin and Host allowlists before MCP handling. Policy\nmiddleware applies rate limits, toolset gates, read-only gates, approval gates\nfor future mutations, audit events, and output redaction. Known secrets are\nredacted after exception formatting and before JSON rendering.\n\nApproval tokens are HMAC signed, session-bound, single-use, and backed by an\napproval ledger. In v1, change and expert tools remain disabled by default; the\napproval path is present so future mutating tools can keep the same contract.\n\nSee [docs/self-hosting.md](docs/self-hosting.md) and\n[docs/threat-model.md](docs/threat-model.md).\n\n## Validation\n\nInstall the local command runners before using the validation targets:\n\n```bash\nbrew install just shellcheck actionlint gitleaks semgrep\n```\n\nOn Linux, install the same tools with your package manager or the upstream\nrelease packages, then run:\n\n```bash\njust setup\njust pre-commit\njust pre-push\njust check-local\njust uv-audit  # optional local uv.lock dependency audit\n```\n\nLocal secret scanning uses Gitleaks through the `just` targets. CI runs\nTruffleHog for repository secret scanning.\n\nLive Modal tests are opt-in:\n\n```bash\nMODAL_MCP_LIVE=1 MODAL_ENVIRONMENT=dev uv run pytest tests/integration/live -q\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphp-workx%2Fmodal-mcp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphp-workx%2Fmodal-mcp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphp-workx%2Fmodal-mcp/lists"}