Skip to content

shigechika/mcp-stdio

BranchesTags

Repository files navigation

mcp-stdio

English | 日本語

Stdio-to-HTTP relay for MCP servers — bridges Claude Desktop/Code to remote Streamable HTTP endpoints.

Why?

MCP clients like Claude Desktop and Claude Code see mcp-stdio as a locally running self-hosted MCP server, while it relays all requests to a remote MCP server over Streamable HTTP:

flowchart BT
    A[Claude<br>CLI/Desktop] <-- stdio --> B(mcp-stdio)
    B <== "<b>HTTPS</b><br>Bearer Token<br>Header<br>OAuth" ==> C[Remote<br>MCP Server]
    B -. "OAuth 2.1<br>(PKCE)" .-> D[Authorization<br>Server]
    D -. callback .-> B
    style B fill:#4a5,stroke:#333,color:#fff
Loading

Bearer tokens, custom headers, and OAuth 2.1 credentials are forwarded to the remote server.

Install

pip install mcp-stdio

Or with uv:

uv tool install mcp-stdio

Or run directly without installing:

uvx mcp-stdio https://your-server.example.com:8080/mcp

Or with Homebrew:

brew install shigechika/tap/mcp-stdio

Quick Start

mcp-stdio https://your-server.example.com:8080/mcp

With Bearer token authentication:

# Recommended: use env var (token is hidden from `ps`)
MCP_BEARER_TOKEN=YOUR_TOKEN mcp-stdio https://your-server.example.com:8080/mcp

# Or pass directly (token is visible in `ps` output)
mcp-stdio https://your-server.example.com:8080/mcp --bearer-token YOUR_TOKEN

With custom headers:

mcp-stdio https://your-server.example.com:8080/mcp -H "X-API-Key: YOUR_KEY"

With OAuth 2.1 authentication (for servers that require it):

mcp-stdio --oauth https://your-server.example.com:8080/mcp

# With a pre-registered client ID (skips dynamic registration)
mcp-stdio --oauth --client-id YOUR_CLIENT_ID https://your-server.example.com:8080/mcp

Claude Desktop Configuration

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "my-remote-server": {
      "command": "mcp-stdio",
      "args": ["https://your-server.example.com:8080/mcp"],
      "env": {
        "MCP_BEARER_TOKEN": "YOUR_TOKEN"
      }
    }
  }
}

Config file locations:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
  • Linux: ~/.config/Claude/claude_desktop_config.json

Claude Code Configuration

claude mcp add my-remote-server \
  -e MCP_BEARER_TOKEN=YOUR_TOKEN \
  -- mcp-stdio https://your-server.example.com:8080/mcp

Usage

mcp-stdio [OPTIONS] URL

Arguments:
  URL                    Remote MCP server URL

Options:
  --bearer-token TOKEN   Bearer token (or set MCP_BEARER_TOKEN env var)
  --oauth                Enable OAuth 2.1 authentication
  --client-id ID         Pre-registered OAuth client ID (or set MCP_OAUTH_CLIENT_ID)
  --oauth-scope SCOPE    OAuth scope to request
  -H 'Key: Value'        Custom header (can be repeated)
  --timeout-connect SEC  Connection timeout (default: 10)
  --timeout-read SEC     Read timeout (default: 120)
  --test                 Test connection and exit
  -V, --version          Show version
  -h, --help             Show help

Use Cases

Works around known issues in Claude Code's HTTP transport:

  • Bearer token not sent — Claude Code ignores Authorization header on tool calls (#28293, #33817)
  • Missing Accept header — servers return 406, misinterpreted as auth failure (#42470)
  • OAuth fallback loop — Claude Code enters OAuth discovery even when not needed (#34008, #39271)
  • Session lost after disconnect — mcp-stdio recovers MCP sessions automatically on 404 (#34498, #38631)
  • OAuth scope omitted — Claude Code sends no scope parameter in authorization requests, causing strict OAuth servers to reject the flow (#4540); mcp-stdio sends scopes via --oauth-scope
  • Proxy settings ignored — Claude Code does not respect NO_PROXY (#34804); mcp-stdio inherits proxy settings from httpx

Features

  • OAuth 2.1 client — built-in authorization code flow with PKCE, dynamic client registration, token refresh, and secure token persistence. Implements the full MCP authorization spec:
    • RFC 9728 Protected Resource Metadata discovery
    • RFC 8414 Authorization Server Metadata discovery
    • RFC 8707 Resource Indicators for audience binding
    • RFC 7636 PKCE with S256 challenge method
    • RFC 7591 Dynamic Client Registration
    • RFC 6750 Bearer Token usage
  • Retry with backoff — retries up to 3 times on connection errors
  • Streaming resilience — streams SSE responses in real time; retries on mid-stream disconnect
  • Session recovery — resets MCP session ID on 404 and retries
  • Token refresh on 401 — automatically refreshes expired OAuth tokens mid-session
  • Bearer token auth — via --bearer-token flag or MCP_BEARER_TOKEN env var
  • Custom headers — pass any header with -H
  • Graceful shutdown — handles SIGTERM/SIGINT
  • Proxy support — respects HTTP_PROXY, HTTPS_PROXY, NO_PROXY env vars via httpx
  • Minimal dependencies — only httpx; OAuth uses stdlib only

How It Works

  1. If --oauth is set, obtains an access token (cached → refresh → browser flow)
  2. Reads JSON-RPC messages from stdin (sent by Claude Desktop/Code)
  3. Streams each message as HTTP POST to the remote MCP server
  4. Parses the response (JSON or SSE) and writes it to stdout
  5. Maintains the Mcp-Session-Id header across requests
  6. On 401, refreshes the OAuth token and retries; on 404, resets the session

OAuth tokens are stored in ~/.config/mcp-stdio/tokens.json (permissions 0600).

License

MIT

About

Stdio-to-HTTP relay for MCP servers — bridges Claude Desktop/Code to remote Streamable HTTP endpoints

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 6

v0.3.2 Latest
Apr 5, 2026
+ 5 releases

Packages

 
 
 

Contributors

Languages