Threaded Hosted MCP
MCP clients connect to Threaded through user-delegated OAuth and run bounded Threaded workflows as the authenticated user.
Endpoints
/mcpfor MCP JSON-RPC transport./healthfor deploy and uptime checks./oauth/startbegins Cognito PKCE sign-in (requiresTHREADED_MCP_API_BASE_URL)./oauth/callbackcompletes Cognito redirect for local dev.
Active environment (this process)
Tier: sandbox
(Railway Cognito sandbox).
Hosted MCP origin: https://mcp-sandbox.threadedmfg.dev.
API base URL: https://threaded-threaded-cognito-sandbox.up.railway.app
Execute app host: https://threaded-threaded-cognito-sandbox.up.railway.app
OAuth redirect origin: https://mcp-sandbox.threadedmfg.dev
Threaded stacks (operator catalog)
Sandbox MCP lists local + sandbox only; this deploy binds to the sandbox row.
| Tier | Label | API | App | Hosted MCP |
|---|---|---|---|---|
local |
Local development | http://127.0.0.1:8000 |
http://127.0.0.1:8080 |
machine-local (Wrangler / Node) |
sandbox |
Railway Cognito sandbox | https://threaded-threaded-cognito-sandbox.up.railway.app |
https://threaded-threaded-cognito-sandbox.up.railway.app |
https://mcp-sandbox.threadedmfg.dev |
Runner Safety Defaults
Tool calls are constrained to these configured Threaded app origins:
https://threaded-threaded-cognito-sandbox.up.railway.app
Current implementation status
Runner dispatch (THREADED_MCP_RUNNER_KIND):
cloudflare.
Script runner dispatch:
THREADED_MCP_RUNNER service binding to the isolate runner Worker (no public runner DNS).
Local (local) path: a minimal hand-rolled runner for smoke
commands (echo, pwd, sleep in milliseconds,
threaded --version stub). Not a full shell.
Remote (cloudflare) path: jobs are dispatched to the
just-bash runner Worker (service binding when deployed; loopback URL for local
pnpm run dev:isolate-runner). That worker runs
just-bash
(just-bash/browser) with an allowlisted builtin set and a hosted
threaded command backed by @threaded/threaded/hosted (same
Commander tree as the CLI: task …, auth status /
orgs, instructions,
client-info, help). auth login, logout, and
refresh are rejected; credentials come from the job token, not disk. Not
Cloudflare Sandbox containers yet. Production would replace that URL with a hardened
runner while keeping the same JSON contract.
OAuth
Threaded API origin for OAuth and job tokens is fixed at deploy time
(THREADED_MCP_API_BASE_URL); it is not selected per MCP client.
Threaded web app origin for script runs is fixed at deploy time
(THREADED_MCP_EXECUTE_APP_HOST, or implied when exactly one origin is listed in
THREADED_MCP_ALLOWED_APP_HOSTS); execute_threaded_script does not take a per-call
URL.
Redirect origin for callbacks (THREADED_MCP_OAUTH_REDIRECT_ORIGIN):
https://mcp-sandbox.threadedmfg.dev
Hosted MCP Cognito client id in env: no.
Requested scopes (when set in env):
- Not configured yet.