npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@agent-vm/mcp-portal

v0.0.80

Published

Agent-scoped MCP Portal server and TypeScript helpers for composable upstream MCP tools.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

shravansundershravansunder

Keywords

Readme

@agent-vm/mcp-portal

Agent-scoped MCP Portal core library, external proxy, CLI, and Tool VM helpers.

What This Package Owns

  • /core, the adapter-neutral portal execution library used by OpenClaw.
  • mcp-portal mcp-proxy serve, the external /mcp-proxy MCP server command.
  • The four model-facing portal tools: mcp_portal_list, mcp_portal_search, mcp_portal_describe, and mcp_portal_call.
  • JSON-Schema-derived Zod validation before upstream tool calls.
  • HMAC approval-token verification for portal calls that OpenClaw approved.
  • Tool VM helper exports for agents that need to reconstruct derived schemas.

Runtime Shape

Managed OpenClaw loads /core in process from a controller-materialized effective config directory. It does not launch a portal server in the gateway VM.

External MCP clients can use the proxy command:

mcp-portal mcp-proxy serve --config-dir <dir>

The portal loads two files from --config-dir:

  • mcp.config.jsonc: upstream MCP provider catalog and credentials.
  • mcp-portal.config.jsonc: agents, profiles, policy, and optional external proxy auth.

External serve resolves source: "1password" refs through @agent-vm/secret-management. Use AGENT_VM_MCP_PORTAL_OP_TOKEN_SOURCE=env, op-cli, or keychain plus the matching source-specific env settings when the proxy host needs 1Password access. If no token source is configured, env-only configs still work. The built-in HTTP bearer server is loopback-only; use a TLS reverse proxy and mcp-portal mcp-proxy print-client-config --proxy-url <url> for public endpoints. The printed client config contains bearer credential material on stdout. Treat it like an API token, keep it out of logs and commits, and rotate credentialVersion or the portal masterKey to revoke issued credentials.

mcp-proxy serve keeps approval-token replay state in process. Run one serving process per external endpoint unless a future shared replay store is added. Restarting the process clears consumed approval JTIs, so approval token TTLs must stay short.

Managed OpenClaw materialization rewrites provider secrets to environment references in the effective MCP config. Plaintext provider values flow only into runtime environment variables for injection: "env" or into host-mediated runtime secret state for injection: "http-mediation"; they are not written to the generated config files.

Upstream MCP provider URLs are deployment-owned config. The schema rejects non-HTTP schemes, but it intentionally allows loopback and private-network HTTP targets because local sidecars and private service MCP providers are supported. Do not load provider config from untrusted sources. If a future workflow imports less-trusted provider definitions, put an explicit per-provider network allowlist in front of private-network targets instead of blanket-blocking loopback.

Start Reading

  • src/core/portal-core.ts for adapter-neutral execution.
  • src/bin/mcp-portal.ts for CLI commands.
  • src/mcp-proxy/portal-http-server.ts for Hono routing and MCP transport.
  • src/core/portal-tools.ts for portal tool behavior.
  • src/portal-auth/hmac-token.ts for approval-token signing and verification.