MCP server bridging Claude Code to a browser extension over WS+HMAC
Project description
sallyport
The Python MCP-server half of Sallyport — a security-first bridge between Claude Code (or any MCP client) and your Chrome, with explicit trust boundaries instead of implicit ones.
Claude Code ── MCP/stdio ──▶ daemon (this package) ── WS+HMAC ──▶ extension (MV3) ── CDP ──▶ Chrome
The daemon speaks MCP on stdio and hosts an HMAC-authenticated WebSocket server
on 127.0.0.1:10086 that the companion Chrome extension connects into. Every
frame is signed (HMAC-SHA256 + timestamp + nonce); the extension enforces a
per-domain allowlist and a per-domain opt-in for arbitrary JS.
Install
pip install sallyport
The package installs the sallyport-daemon console command.
Quickstart
sallyport-daemon doctor # check Python, secret file + perms, port; print the pairing block
claude mcp add sallyport sallyport-daemon # register with Claude Code
Then load the unpacked extension (or the release zip) from the main repository and paste the pairing block into its popup.
sallyport-daemon list-tools— print the tool catalogue (no daemon start)sallyport-daemon serve— WS-only mode (no MCP) for wire testingsallyport-daemon exec <tool> k=v …— fire one tool from the shell
Security
The full threat model, the load-bearing invariants, and known limitations live
in SECURITY.md.
In short: loopback-only bind, HMAC on every frame, a domain allowlist enforced
in the extension, per-domain evaluate opt-in, password-field gates, and
daemon-side filesystem sandboxes for upload/save_to_file.
License
MIT — see LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sallyport-0.14.0.tar.gz.
File metadata
- Download URL: sallyport-0.14.0.tar.gz
- Upload date:
- Size: 60.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
04a7f7bb9cc9e890701298883f895a3873aafa67059e15c543b160d6f6eef971
|
|
| MD5 |
f4c85ba0b9a9b748fa16fba9bd2845df
|
|
| BLAKE2b-256 |
efa715253acea47785a66281eb04254ac78196bc8dee7ce894924e0d8f7de294
|
Provenance
The following attestation bundles were made for sallyport-0.14.0.tar.gz:
Publisher:
publish.yml on ginkida/sallyport
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sallyport-0.14.0.tar.gz -
Subject digest:
04a7f7bb9cc9e890701298883f895a3873aafa67059e15c543b160d6f6eef971 - Sigstore transparency entry: 2045928424
- Sigstore integration time:
-
Permalink:
ginkida/sallyport@fdc0b5e6f3fba1b4d490040d74f64ca11543c4ef -
Branch / Tag:
refs/tags/v0.14.0 - Owner: https://github.com/ginkida
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@fdc0b5e6f3fba1b4d490040d74f64ca11543c4ef -
Trigger Event:
release
-
Statement type:
File details
Details for the file sallyport-0.14.0-py3-none-any.whl.
File metadata
- Download URL: sallyport-0.14.0-py3-none-any.whl
- Upload date:
- Size: 66.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5f73e811444684db5f7712ac14dfecd187b14f1655ffaa93eece691f201a9ee3
|
|
| MD5 |
ae73f102d51d34d971bc2b14d4b78c00
|
|
| BLAKE2b-256 |
46f584d10be577754c45d49d756ecb76d03886db9be8d660550f4aca68172231
|
Provenance
The following attestation bundles were made for sallyport-0.14.0-py3-none-any.whl:
Publisher:
publish.yml on ginkida/sallyport
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sallyport-0.14.0-py3-none-any.whl -
Subject digest:
5f73e811444684db5f7712ac14dfecd187b14f1655ffaa93eece691f201a9ee3 - Sigstore transparency entry: 2045928735
- Sigstore integration time:
-
Permalink:
ginkida/sallyport@fdc0b5e6f3fba1b4d490040d74f64ca11543c4ef -
Branch / Tag:
refs/tags/v0.14.0 - Owner: https://github.com/ginkida
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@fdc0b5e6f3fba1b4d490040d74f64ca11543c4ef -
Trigger Event:
release
-
Statement type: