Skip to main content

gcontext connector — local MCP bridge: cloud structure, local secret values

Project description

mcp-minimal

A single local Python MCP server: a files/folders tree + a secret-name registry in SQLite, plus on-the-fly Python script execution with the local .env injected. Secret VALUES never leave this machine and never enter the database.

Setup

cd apps/mcp-minimal
cp .env.example .env   # fill in your secret values

Add to Claude Code

claude mcp add mcp-minimal -- uv run --directory /ABS/PATH/TO/apps/mcp-minimal python server.py

Tools

  • tool_list_dir(path="/"), tool_read_file(path), tool_write_file(path, content), tool_create_folder(path), tool_delete(path)
  • tool_list_secrets(), tool_register_secret(name, description), tool_unregister_secret(name), tool_scaffold_env()
  • tool_run_script(code) - runs uv run --env-file .env python -c "<code>"

The secret registry

The registry holds secret NAMES + descriptions only — it is for setup and verification, not runtime. It does NOT gate tool_run_script, which injects the whole .env regardless of what's registered.

  1. tool_register_secret(name, description) - declare a required secret.
  2. tool_scaffold_env() - append blank NAME= lines to .env for any registered secret not yet present, so the user just fills in the values.
  3. tool_list_secrets() - shows present_locally per name so you can confirm setup.

How it works

  1. Write a file describing a 3rd-party operation and which secret NAMES it needs; declare those names with tool_register_secret.
  2. To act, read the file, generate Python, and call tool_run_script.
  3. Secret values resolve from the local .env at run time - never stored in the DB.

Security / trust model

tool_run_script runs arbitrary Python locally with your real .env injected — there is no sandbox. It is exactly as trusted as whatever drives the server. Run it on your own machine only; never expose this server remotely.

Script contract

  • Read secrets via os.environ["VAR"] - never hardcode, never load_dotenv.
  • Use only registered names that show present_locally: true.
  • Exit codes: 0 OK, 2 missing secret (KeyError), 1 any other failure.

Config (env vars)

  • MCP_MINIMAL_DB - SQLite path (default db.sqlite next to server.py).
  • MCP_MINIMAL_ENV_FILE - secret-values file (default .env next to server.py).

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

gcontext_mcp-0.1.1.tar.gz (65.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

gcontext_mcp-0.1.1-py3-none-any.whl (8.5 kB view details)

Uploaded Python 3

File details

Details for the file gcontext_mcp-0.1.1.tar.gz.

File metadata

  • Download URL: gcontext_mcp-0.1.1.tar.gz
  • Upload date:
  • Size: 65.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.8.16

File hashes

Hashes for gcontext_mcp-0.1.1.tar.gz
Algorithm Hash digest
SHA256 714d7456abaec1828a21e1857cb76e277a72962d1097d30b7ba3b5f0967561fc
MD5 3644e873b3580a59f706e3cc250bd395
BLAKE2b-256 b2b8fb32e6e2ad917052719b6503d79f2215c56c69350bfc949c5d07be748425

See more details on using hashes here.

File details

Details for the file gcontext_mcp-0.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for gcontext_mcp-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 4b2f22d046aba7bfc1001b4b5848e5baa1aa0a7c60223f308db168284dd17f43
MD5 06223c5c60ecdb574554423b956b7293
BLAKE2b-256 59d15f70994ace0e7e5da175a7092d6cae1174f24f29ee9837d8ee23e6f00855

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page