Add Apache 2.0 LICENSE to repo root

Each internal plugin already carries an Apache 2.0 LICENSE file at its root.
This adds the same license at the repository root for clarity.

.claude-plugin/marketplace.json

@@ -19,7 +19,7 @@
         "url": "https://github.com/42Crunch-AI/claude-plugins.git",
         "path": "plugins/api-security-testing",
         "ref": "v1.5.5",
-        "sha": "faf5305385de8afed9468904e8639be737aff39e"
+        "sha": "a175b24f7b34852b70c78c21545cce8037eb3112"
       },
       "homepage": "https://42crunch.com"
     },
@@ -35,7 +35,7 @@
         "url": "https://github.com/adobe/skills.git",
         "path": "plugins/creative-cloud/adobe-for-creativity",
         "ref": "main",
-        "sha": "9ca1da262869ca2fb5f6c3daae2f7eeb648c937d"
+        "sha": "dedb9597f878072ec2f6b1fd051900ccb913d653"
       },
       "homepage": "https://github.com/adobe/skills/tree/main/plugins/creative-cloud/adobe-for-creativity"
     },
@@ -57,7 +57,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/SalesforceAIResearch/agentforce-adlc.git",
-        "sha": "d645d2c8ce0689a568224436061872ab9f0ab179"
+        "sha": "5ddccc36737b8bdc3dcabb3d6f51daa350c3d16d"
       },
       "homepage": "https://github.com/SalesforceAIResearch/agentforce-adlc"
     },
@@ -93,7 +93,7 @@
         "url": "https://github.com/Airtable/skills.git",
         "path": "plugins/airtable",
         "ref": "main",
-        "sha": "aaeb4f3ec8d462d694a13fe5c3d249c291bf8899"
+        "sha": "1a8db588c72d31550ef6ee39b716598111840583"
       },
       "homepage": "https://www.airtable.com"
     },
@@ -245,7 +245,7 @@
         "url": "https://github.com/auth0/agent-skills.git",
         "path": "plugins/auth0",
         "ref": "main",
-        "sha": "3aa943b620a640be8a04d462e2abce11671653c3"
+        "sha": "c771dc1c77bfd5a67686afb464ccebd227c02b0f"
       },
       "homepage": "https://auth0.com/docs/quickstart/agent-skills"
     },
@@ -322,7 +322,7 @@
         "url": "https://github.com/aws-samples/sample-claude-code-plugins-for-startups.git",
         "path": "plugins/aws-dev-toolkit",
         "ref": "main",
-        "sha": "ddea7fdd605b42ed3900374815f358a2d4600db5"
+        "sha": "abdf86730f3f40ac4d2b775af8d745c3d43894ca"
       },
       "homepage": "https://github.com/aws-samples/sample-claude-code-plugins-for-startups"
     },
@@ -442,7 +442,7 @@
         "url": "https://github.com/carta/plugins.git",
         "path": "plugins/carta-cap-table",
         "ref": "main",
-        "sha": "49db52aa7d59fd4a855c6b17a1cf31c245f41e2c"
+        "sha": "b17fbfb0331e3903e5235b2fe21eb7a65c1bc394"
       },
       "homepage": "https://carta.com"
     },
@@ -458,7 +458,7 @@
         "url": "https://github.com/carta/plugins.git",
         "path": "plugins/carta-crm",
         "ref": "main",
-        "sha": "e72e8d59a3c49c1983f63f20a02e440de4e30a2f"
+        "sha": "b17fbfb0331e3903e5235b2fe21eb7a65c1bc394"
       },
       "homepage": "https://carta.com"
     },
@@ -474,7 +474,7 @@
         "url": "https://github.com/carta/plugins.git",
         "path": "plugins/carta-investors",
         "ref": "main",
-        "sha": "e72e8d59a3c49c1983f63f20a02e440de4e30a2f"
+        "sha": "b17fbfb0331e3903e5235b2fe21eb7a65c1bc394"
       },
       "homepage": "https://carta.com"
     },
@@ -490,7 +490,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/cap-js/mcp-server.git",
-        "sha": "ef840d4315fa34264be6b71d0077a3b5288cb5fa"
+        "sha": "7d477ed55bbf3dd302a45d2adbd9072bcb512e87"
       },
       "homepage": "https://cap.cloud.sap/"
     },
@@ -501,7 +501,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/ChromeDevTools/chrome-devtools-mcp.git",
-        "sha": "32dc50d59bdb87242c67391ddc755368ebe77104"
+        "sha": "8e8e83e3f8d150689ffb58c3b977eb72016c7b3f"
       },
       "homepage": "https://github.com/ChromeDevTools/chrome-devtools-mcp"
     },
@@ -609,7 +609,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/ClickHouse/agent-skills.git",
-        "sha": "2d30c3619eb44a2216ef19c531efb28d5bc916a9"
+        "sha": "67b45c5666b6999677ab3bbba4a27a7f532853af"
       },
       "homepage": "https://clickhouse.com"
     },
@@ -716,7 +716,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/CodSpeedHQ/codspeed.git",
-        "sha": "149a618d9f18bc3afb3d2af51b7b835765d60633"
+        "sha": "4eac647797a5b836ef780d498e494c34f001ede2"
       },
       "homepage": "https://codspeed.io"
     },
@@ -811,7 +811,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/dash0hq/dash0-agent-plugin.git",
-        "sha": "feae46e4099d31a1a76debe39f22aebb72a18ce5"
+        "sha": "025a02ba35a7ecc72a8010aaae2e6152308224f4"
       },
       "homepage": "https://dash0.com/"
     },
@@ -901,7 +901,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/datarobot-oss/datarobot-agent-skills.git",
-        "sha": "6a13377ad0b3317c7c4133fce36b7fcc626334cd"
+        "sha": "79bccc455df03d880a90d6076e4e5683b1f3288c"
       },
       "homepage": "https://datarobot.com"
     },
@@ -1005,7 +1005,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/exa-labs/exa-mcp-server.git",
-        "sha": "5ce6c53bae8baa3248a1d197a4e89b7e464227e3"
+        "sha": "ad888a188cdefbe832c9feed2c3a97d1cb93cb35"
       },
       "homepage": "https://exa.ai/docs/reference/exa-mcp"
     },
@@ -1029,7 +1029,7 @@
         "url": "https://github.com/expo/skills.git",
         "path": "plugins/expo",
         "ref": "main",
-        "sha": "47f0ef64821f10e42a600758b5087bfe89c09474"
+        "sha": "434c935cfdce54e02b6164148e52cd151b2bc0c0"
       },
       "homepage": "https://github.com/expo/skills/blob/main/plugins/expo/README.md"
     },
@@ -1066,7 +1066,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/voxel51/fiftyone-skills.git",
-        "sha": "a79e53c6fd1784e1476421185f3ed67637e642b4"
+        "sha": "8b987ade2d04b85ea82c109f48d7234838b28b82"
       },
       "homepage": "https://docs.voxel51.com/"
     },
@@ -1109,7 +1109,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/atlassian/forge-skills.git",
-        "sha": "bfe376cee02cac671b3b7d91e2ed34ac0220da5c"
+        "sha": "2014fae5b1529a22629129b1564ae522593eb46d"
       },
       "homepage": "https://developer.atlassian.com/platform/forge/"
     },
@@ -1135,7 +1135,7 @@
         "source": "github",
         "repo": "fullstorydev/fullstory-skills",
         "commit": "1ec5865e7ab1449f9a0859d164c4b6a8c53b6e2f",
-        "sha": "1ec5865e7ab1449f9a0859d164c4b6a8c53b6e2f"
+        "sha": "384555c3919a0631a096de1172998c8d855a0f26"
       },
       "homepage": "https://www.fullstory.com"
     },
@@ -1198,7 +1198,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/huggingface/skills.git",
-        "sha": "d640d38d200d4586658d9925415c3812369734e8"
+        "sha": "5e3b4d2226d1beaa6a8a4df3739b6f68bd36521b"
       },
       "homepage": "https://github.com/huggingface/skills.git"
     },
@@ -1212,7 +1212,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/hunter-io/claude-plugin.git",
-        "sha": "dc66d586699a439ead4848ba8ef0bd3dd7859bfe"
+        "sha": "592cd27476935013d3652c2e2810f5267bd65a02"
       },
       "homepage": "https://hunter.io"
     },
@@ -1226,7 +1226,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/heygen-com/hyperframes.git",
-        "sha": "d9183ba27daaf2a6ed92aead21a06d5dffd47db1"
+        "sha": "114b83bbf6bfece44480828acd14118d2854af8e"
       },
       "homepage": "https://hyperframes.heygen.com"
     },
@@ -1280,7 +1280,7 @@
         "source": "github",
         "repo": "jfrog/claude-plugin",
         "commit": "259c8e718266c16e99b4f30ae9b1ed0f9f00d98d",
-        "sha": "259c8e718266c16e99b4f30ae9b1ed0f9f00d98d"
+        "sha": "2387bffa924a3cb8fd99f67b3bf09976d5f0c6b5"
       },
       "homepage": "https://jfrog.com"
     },
@@ -1391,7 +1391,7 @@
         "url": "https://github.com/pydantic/skills.git",
         "path": "plugins/logfire",
         "ref": "main",
-        "sha": "ef575811123b85594e89d0adf2a04950ab3fd8ed"
+        "sha": "a332dc8bd9215d2ee6deb2304af78cd71fba3bb2"
       },
       "homepage": "https://github.com/pydantic/skills/tree/main/plugins/logfire"
     },
@@ -1425,7 +1425,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/ory/lumen.git",
-        "sha": "e310ed03e97894c071d588d1d3522ba8ed5d54cd"
+        "sha": "d0dee0efcc8235bf514217ecb12cdac2ed5213fa"
       },
       "homepage": "https://www.ory.sh"
     },
@@ -1481,9 +1481,20 @@
       "category": "development",
       "homepage": "https://github.com/anthropics/claude-plugins-official/tree/main/plugins/mcp-server-dev"
     },
+    {
+      "name": "mcp-tunnels",
+      "description": "Connect Claude to a private MCP server through an Anthropic MCP tunnel. The /create-docker-mcp-tunnel command drives the Docker Compose quickstart end to end: certificates, proxy config, cloudflared, and a verifiable sample server.",
+      "author": {
+        "name": "Anthropic",
+        "email": "support@anthropic.com"
+      },
+      "source": "./plugins/mcp-tunnels",
+      "category": "development",
+      "homepage": "https://github.com/anthropics/claude-plugins-official/tree/main/plugins/mcp-tunnels"
+    },
     {
       "name": "mercadopago",
-      "description": "Mercado Pago full-product integration toolkit. Covers online checkout (Pro, Bricks, API), in-store (QR, Point), subscriptions, marketplace, wallet, money-out, security (3DS, PCI), reporting, SDKs, and specialized integrations. Hybrid architecture: 13 skills provide stable integration intelligence, MCP provides live API data.",
+      "description": "Mercado Pago full-product integration toolkit. One agent routes to four orchestration skills (mp-integrate wizard, mp-webhooks, mp-test-setup, mp-review) that pull every endpoint, payload, and snippet live from the official Mercado Pago MCP server. The MCP must always be connected — there is no offline mode.",
       "author": {
         "name": "Mercado Pago Developer Experience"
       },
@@ -1493,7 +1504,7 @@
         "url": "https://github.com/mercadopago/mercadopago-claude-marketplace.git",
         "path": "plugins/mercadopago",
         "ref": "main",
-        "sha": "1de8d97e1c875136e93bc8eea8494ebf982a08b8"
+        "sha": "63ff263c40e1eda642ae2038e87adaa5781f4939"
       },
       "homepage": "https://github.com/mercadopago/mercadopago-claude-marketplace/tree/main/plugins/mercadopago"
     },
@@ -1531,7 +1542,7 @@
         "url": "https://github.com/miroapp/miro-ai.git",
         "path": "claude-plugins/miro",
         "ref": "main",
-        "sha": "706b24b6564eaaea33e75ac66c83af9abf3b5a41"
+        "sha": "da5405f866d823c7121ad6c38256f11c60501dbe"
       },
       "homepage": "https://miro.com"
     },
@@ -1542,7 +1553,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/mongodb/agent-skills.git",
-        "sha": "a2bc4ec7f97c9acd0f73eac0b4e2425115f33b62"
+        "sha": "bcd651808429ac1ca1e9f294cee61e42028d27de"
       },
       "homepage": "https://www.mongodb.com/docs/mcp-server/overview/"
     },
@@ -1555,7 +1566,7 @@
         "url": "https://github.com/neondatabase/agent-skills.git",
         "path": "plugins/neon-postgres",
         "ref": "main",
-        "sha": "b76e344eae92119f1aea3f73865c4ddbb1f4df1e"
+        "sha": "f8281c1dbe55914b223ef15c7131d334435ed298"
       },
       "homepage": "https://github.com/neondatabase/agent-skills/tree/main/plugins/neon-postgres"
     },
@@ -1651,7 +1662,7 @@
         "url": "https://github.com/growthxai/output.git",
         "path": "coding_assistants/claude/plugins/outputai",
         "ref": "main",
-        "sha": "fb7438aacee1406ac409ad9ce252b891bd5c9187"
+        "sha": "a45094aac1badfa9a3dba0b2cdccdd7a14cfdc45"
       },
       "homepage": "https://output.ai"
     },
@@ -1699,7 +1710,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/gopigment/ai-plugins.git",
-        "sha": "41bd78fb01e4fd805365de6d9e28117d0c32edef"
+        "sha": "ea85aea2ecf9ce761d32b8f6d32ffe0be503f7e1"
       },
       "homepage": "https://www.pigment.com"
     },
@@ -1816,7 +1827,7 @@
         "url": "https://github.com/pydantic/skills.git",
         "path": "plugins/ai",
         "ref": "main",
-        "sha": "ef575811123b85594e89d0adf2a04950ab3fd8ed"
+        "sha": "a332dc8bd9215d2ee6deb2304af78cd71fba3bb2"
       },
       "homepage": "https://github.com/pydantic/skills/tree/main/plugins/ai"
     },
@@ -1879,7 +1890,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/TheQtCompanyRnD/agent-skills.git",
-        "sha": "24e77fd4ce529adceb8d4c259eb93196a4ef3d9f"
+        "sha": "23772fa2264b3ff1037a96164b2c28d2b29a4c2f"
       },
       "homepage": "https://www.qt.io/"
     },
@@ -1893,7 +1904,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/quarkusio/quarkus-agent-mcp.git",
-        "sha": "e0f207d70f3e8e11b54cf101c013aade7ebef1eb"
+        "sha": "d0925a0b761773f55fabdaf27d5dc9cf9232cfd2"
       },
       "homepage": "https://quarkus.io"
     },
@@ -1906,7 +1917,7 @@
         "url": "https://github.com/railwayapp/railway-skills.git",
         "path": "plugins/railway",
         "ref": "main",
-        "sha": "380a2abbb0f9474e9d856add387760f61c886a4e"
+        "sha": "6ef46dde395e7e6f64179bbaa41bac420adca346"
       },
       "homepage": "https://docs.railway.com/ai/claude-code-plugin"
     },
@@ -1945,7 +1956,7 @@
         "url": "https://github.com/redis/agent-skills.git",
         "path": "plugins/redis-development",
         "ref": "main",
-        "sha": "4eaff191fcb830b64b6ac05bb8ef0ee067c73a9f"
+        "sha": "6edba11904bec94b0e2a35b220476ac53ad6df50"
       },
       "homepage": "https://redis.io"
     },
@@ -1995,7 +2006,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/Rootly-AI-Labs/rootly-claude-plugin.git",
-        "sha": "942aa5de3dbb2b13132c329c589e7da46fe0641d"
+        "sha": "65832aa6ff7a7b39c6bd64899a7a64646e3948ed"
       },
       "homepage": "https://rootly.com"
     },
@@ -2083,7 +2094,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/cap-js/mcp-server.git",
-        "sha": "ef840d4315fa34264be6b71d0077a3b5288cb5fa"
+        "sha": "7d477ed55bbf3dd302a45d2adbd9072bcb512e87"
       },
       "homepage": "https://cap.cloud.sap/"
     },
@@ -2101,7 +2112,7 @@
         "url": "https://github.com/SAP/open-ux-tools.git",
         "path": "packages/fiori-mcp-server",
         "ref": "main",
-        "sha": "157120fda8577fda6fb7546ed1b2305bfa65b9f5"
+        "sha": "cb5a5b2cd1572828229f510ec11ba6ac4e631960"
       },
       "homepage": "https://github.com/SAP/open-ux-tools/tree/main/packages/fiori-mcp-server"
     },
@@ -2133,7 +2144,7 @@
         "url": "https://github.com/spotify/save-to-spotify.git",
         "path": "plugin",
         "ref": "main",
-        "sha": "b3d362f7851d184098dcb220ba2fab10c996d1f2"
+        "sha": "af2f6faeb4139fd33a97aefcbadae17f792216e8"
       },
       "homepage": "https://github.com/spotify/save-to-spotify"
     },
@@ -2183,7 +2194,7 @@
         "url": "https://github.com/getsentry/cli.git",
         "path": "plugins/sentry-cli",
         "ref": "main",
-        "sha": "4d2475540309e7824cbacc5271806180346bb941"
+        "sha": "1c97cbf6d8fb2ad2f76b22cfdb687b4d504abfd0"
       },
       "homepage": "https://sentry.io"
     },
@@ -2333,7 +2344,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/spotify/ads-claude-plugin.git",
-        "sha": "cc3db744f4a4c14f7265ef3e9fb50f44cf08e0e7"
+        "sha": "7ed948b85337f6b31a82dfaa8f033b6843659fa3"
       },
       "homepage": "https://github.com/spotify/ads-claude-plugin"
     },
@@ -2346,7 +2357,7 @@
         "url": "https://github.com/stripe/ai.git",
         "path": "providers/claude/plugin",
         "ref": "main",
-        "sha": "ec93d4c4b9ffdbc994ac45ce692d4ec1cdb755f0"
+        "sha": "a34795211da530a168f581122011bb5ceb2e4bd0"
       },
       "homepage": "https://github.com/stripe/ai/tree/main/providers/claude/plugin"
     },
@@ -2445,7 +2456,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/togethercomputer/skills.git",
-        "sha": "7dcd48e3531068a71d7987993524bf110ee6f22c"
+        "sha": "67a7e91ccd71b2989ed9921a03f79a86056d018c"
       },
       "homepage": "https://www.together.ai"
     },
@@ -2495,7 +2506,7 @@
     },
     {
       "name": "ui5",
-      "description": "SAPUI5 / OpenUI5 plugin for Claude. Create and validate UI5 projects, access API documentation, run UI5 linter, get development guidelines and best practices for UI5 development.",
+      "description": "SAPUI5 / OpenUI5 plugin for coding agents. Create and validate UI5 projects, access API documentation, run UI5 linter, get development guidelines and best practices for UI5 development.",
       "author": {
         "name": "SAP SE",
         "email": "openui5@sap.com",
@@ -2504,16 +2515,16 @@
       "category": "development",
       "source": {
         "source": "git-subdir",
-        "url": "https://github.com/UI5/plugins-claude.git",
+        "url": "https://github.com/UI5/plugins-coding-agents.git",
         "path": "plugins/ui5",
         "ref": "main",
-        "sha": "19b2fb384719425a25d55830d5dcdba75f13045c"
+        "sha": "5eca5d066dc7d936e1bc978cc43438dca18b3013"
       },
-      "homepage": "https://github.com/UI5/plugins-claude"
+      "homepage": "https://github.com/UI5/plugins-coding-agents"
     },
     {
       "name": "ui5-typescript-conversion",
-      "description": "SAPUI5 / OpenUI5 plugin for Claude. Convert JavaScript based UI5 projects to TypeScript.",
+      "description": "SAPUI5 / OpenUI5 plugin for coding agents. Convert JavaScript based UI5 projects to TypeScript.",
       "author": {
         "name": "SAP SE",
         "email": "openui5@sap.com",
@@ -2522,12 +2533,12 @@
       "category": "development",
       "source": {
         "source": "git-subdir",
-        "url": "https://github.com/UI5/plugins-claude.git",
+        "url": "https://github.com/UI5/plugins-coding-agents.git",
         "path": "plugins/ui5-typescript-conversion",
         "ref": "main",
-        "sha": "19b2fb384719425a25d55830d5dcdba75f13045c"
+        "sha": "5eca5d066dc7d936e1bc978cc43438dca18b3013"
       },
-      "homepage": "https://github.com/UI5/plugins-claude"
+      "homepage": "https://github.com/UI5/plugins-coding-agents"
     },
     {
       "name": "vanta-mcp-plugin",
@@ -2550,7 +2561,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/vercel/vercel-plugin.git",
-        "sha": "1edb125d13a29a1e6212f5ca5afcdf1b89b9b211"
+        "sha": "6e51924cb249e2941de005d59f1ac6f768477b98"
       },
       "homepage": "https://github.com/vercel/vercel-plugin"
     },
@@ -2575,7 +2586,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/wix/skills.git",
-        "sha": "7ae38286b49e5e0cbf7069b6fd8cf6b5db2ba786"
+        "sha": "5d22db3370c198db8db959b52d1e66cabbb5f202"
       },
       "homepage": "https://dev.wix.com/docs/wix-cli/guides/development/about-wix-skills"
     },
@@ -2668,7 +2679,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/Zoominfo/zoominfo-mcp-plugin.git",
-        "sha": "14752e4553312d8af3eb3a3264a97d76bb3e0215"
+        "sha": "678c0d1b584b77fb8e0cdc14138fc1afc5a21cf2"
       },
       "homepage": "https://www.zoominfo.com"
     },
@@ -2682,7 +2693,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/zscaler/zscaler-mcp-server.git",
-        "sha": "246430c8d2d99726ad6cdcb00d1adc4e316cb966"
+        "sha": "bc56b110199294de58e6a9abf0569c49bd948670"
       },
       "homepage": "https://github.com/zscaler/zscaler-mcp-server"
     }

.github/workflows/check-mcp-urls.yml

@@ -55,12 +55,14 @@ jobs:
                 # config, or wrapped under a top-level "mcpServers" key (also
                 # the shape inside plugin.json). Normalize, then keep entries
                 # with an http/sse type and a string url.
+                # Skip entries with empty url — those are placeholders awaiting
+                # user config, not dead endpoints, and would false-fail.
                 jq -r --arg plugin "$plugin" '
                   (if (type == "object" and has("mcpServers")) then .mcpServers else . end)
                   | to_entries[]
                   | select((.value | type) == "object")
                   | select(.value.type == "http" or .value.type == "sse")
-                  | select(.value.url | type == "string")
+                  | select(.value.url | type == "string" and . != "")
                   | "\($plugin)\t\(.key)\t\(.value.url)"
                 ' "$cfg" 2>/dev/null || true
               done
@@ -73,10 +75,16 @@ jobs:
             local code
             # HEAD first — cheap and covers plain web endpoints. -L follows
             # redirects so a permanent redirect to a live page still passes.
+            #
+            # On a connection-level failure curl writes "000" to -w AND exits
+            # nonzero. The fallback assignment must happen OUTSIDE the command
+            # substitution — `... || echo "000"` inside $() would *append* a
+            # second "000", producing "000000" which falls through the case
+            # statement and silently passes a dead host.
             code="$(curl -sS -o /dev/null -w '%{http_code}' \
                       --connect-timeout 10 --max-time 10 \
                       --retry 2 --retry-delay 2 \
-                      -L -I "$url" 2>/dev/null || echo "000")"
+                      -L -I "$url" 2>/dev/null)" || code="000"
 
             # MCP endpoints typically reject HEAD (404/405) but answer POST
             # with a JSON-RPC body. Retry as a real MCP client would.
@@ -88,7 +96,7 @@ jobs:
                         -H 'Content-Type: application/json' \
                         -H 'Accept: application/json, text/event-stream' \
                         --data '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"ci","version":"0"}}}' \
-                        "$url" 2>/dev/null || echo "000")"
+                        "$url" 2>/dev/null)" || code="000"
             fi
 
             case "$code" in

LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

plugins/hookify/hooks/hooks.json

@@ -6,7 +6,7 @@
         "hooks": [
           {
             "type": "command",
-            "command": "python3 ${CLAUDE_PLUGIN_ROOT}/hooks/pretooluse.py",
+            "command": "python3 \"${CLAUDE_PLUGIN_ROOT}/hooks/pretooluse.py\"",
             "timeout": 10
           }
         ]
@@ -17,7 +17,7 @@
         "hooks": [
           {
             "type": "command",
-            "command": "python3 ${CLAUDE_PLUGIN_ROOT}/hooks/posttooluse.py",
+            "command": "python3 \"${CLAUDE_PLUGIN_ROOT}/hooks/posttooluse.py\"",
             "timeout": 10
           }
         ]
@@ -28,7 +28,7 @@
         "hooks": [
           {
             "type": "command",
-            "command": "python3 ${CLAUDE_PLUGIN_ROOT}/hooks/stop.py",
+            "command": "python3 \"${CLAUDE_PLUGIN_ROOT}/hooks/stop.py\"",
             "timeout": 10
           }
         ]
@@ -39,7 +39,7 @@
         "hooks": [
           {
             "type": "command",
-            "command": "python3 ${CLAUDE_PLUGIN_ROOT}/hooks/userpromptsubmit.py",
+            "command": "python3 \"${CLAUDE_PLUGIN_ROOT}/hooks/userpromptsubmit.py\"",
             "timeout": 10
           }
         ]

plugins/mcp-tunnels/.claude-plugin/plugin.json

@@ -0,0 +1,8 @@
+{
+  "name": "mcp-tunnels",
+  "description": "Connect Claude to a private MCP server through an Anthropic MCP tunnel. Drives the Docker Compose quickstart end to end: certificates, proxy config, cloudflared, and a verifiable sample server.",
+  "author": {
+    "name": "Anthropic",
+    "email": "support@anthropic.com"
+  }
+}

plugins/mcp-tunnels/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

plugins/mcp-tunnels/README.md

@@ -0,0 +1,122 @@
+# mcp-tunnels
+
+Connect Claude to an MCP server running inside your private network through an
+Anthropic [**MCP tunnel**](https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/overview)
+— no inbound ports, no public exposure, no IP allowlisting on your origin.
+Traffic flows over an outbound-only connection.
+
+> **Research preview.** MCP tunnels is provided "as-is" with no uptime or
+> support commitment and depends on a third-party transport provider
+> (Cloudflare). Review the
+> [security model](https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/security)
+> before sending anything sensitive.
+
+## Commands
+
+### `/create-docker-mcp-tunnel [deployment-dir]`
+
+Drives the MCP tunnels
+[**quickstart**](https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/quickstart)
+end to end on your machine, using Docker
+Compose with manually supplied credentials (the shortest path for local
+testing). It walks you through the parts only you can do in the Claude Console
+and runs everything else for you:
+
+1. **Preflight** — checks Docker, Docker Compose, OpenSSL, and outbound
+   connectivity.
+2. **Create the tunnel** (Console) — you create it and copy the domain; the
+   token stays out of the chat and goes into a locked-down, gitignored `.env`.
+3. **Certificates** — generates a CA and a server certificate with OpenSSL,
+   with the exact extensions the tunnel requires.
+4. **Register the CA** (Console) — you upload `ca.crt`; the tunnel goes Active.
+5. **Upstream** — scaffolds a verifiable FastMCP sample server, or wires up an
+   MCP server you already have.
+6. **Proxy config + Compose** — writes `mcp-proxy.yaml` and a
+   `docker-compose.yaml` with digest-pinned images and the cloudflared agent.
+7. **Start and verify** — brings the stack up and checks the proxy and tunnel
+   logs.
+8. **Call it from Claude** — shows you how to reach the server from Managed
+   Agents and the Messages API.
+
+It also carries a troubleshooting matrix (TLS handshake failures, the
+`routes`-must-be-a-map gotcha, the `tls.key` permission issue, the
+config-is-not-hot-reloaded trap, upstream IP validation) and the operational
+basics for token rotation and certificate renewal.
+
+**Usage:**
+
+```
+/create-docker-mcp-tunnel
+/create-docker-mcp-tunnel ~/work/my-tunnel
+```
+
+### Copying the CA certificate to another machine
+
+You register the CA in the Console from a browser, which is often a different
+machine than the one running the stack (for example, the tunnel runs in a
+remote homespace but you upload `ca.crt` from your laptop or devbox). Only the
+**certificate** (`<deployment-dir>/data/ca.crt`, ~1 KB PEM) leaves the host —
+never `data/ca.key` or `data/tls.key`.
+
+For a file this small, the simplest path is to print it and paste it into the
+Console's certificate field directly:
+
+```bash
+cat <deployment-dir>/data/ca.crt   # default: ~/mcp-tunnel/data/ca.crt
+```
+
+To copy it as a file with `scp`, run the command from whichever machine can
+SSH to the other (`scp` can't relay between two remotes). Pulling from a
+homespace onto your devbox — if you've run `coder config-ssh`, the host is
+`coder.<workspace>`:
+
+```bash
+scp coder.<workspace>:<deployment-dir>/data/ca.crt .
+# generic form: scp <homespace-ssh-host>:~/mcp-tunnel/data/ca.crt .
+```
+
+Or push from the host to the devbox, if the host can reach it:
+
+```bash
+scp <deployment-dir>/data/ca.crt <user>@<devbox-host>:~/
+```
+
+## What gets built
+
+A small container stack on your host:
+
+| Container | Role |
+|---|---|
+| **mcp-proxy** | Anthropic's proxy. Terminates inner TLS with a cert you control, validates upstream IPs, routes by hostname. |
+| **cloudflared** | The tunnel agent. Outbound-only to the Anthropic tunnel edge; shares the proxy's network namespace. |
+| **hello-mcp** *(optional)* | A FastMCP sample server, only if you don't have an MCP server to expose yet. |
+
+When it's running, the routed server is reachable from Claude at
+`https://<subdomain>.<your-tunnel-domain>/<path>` with nothing listening on a
+public port.
+
+## Requirements
+
+- Docker and Docker Compose.
+- OpenSSL 1.1.1 or newer.
+- A Claude Console role that can manage MCP tunnels.
+- Outbound access to `api.anthropic.com:443` and the tunnel edge on 7844
+  TCP/UDP. No inbound ports are opened.
+
+## Scope and next steps
+
+This plugin targets the **manual-credentials, single-host, local-testing**
+path. For a hardened single-host deployment (non-root, read-only rootfs,
+dropped capabilities), a Kubernetes deployment, or programmatic access via
+[Workload Identity Federation](https://platform.claude.com/docs/en/manage-claude/workload-identity-federation),
+see the official deployment guides:
+[Deploy with Docker Compose](https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/deploy-compose) /
+[Deploy with Helm](https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/deploy-helm).
+
+## Author
+
+Anthropic (support@anthropic.com)
+
+## License
+
+See `LICENSE`.

plugins/mcp-tunnels/commands/create-docker-mcp-tunnel.md

@@ -0,0 +1,369 @@
+---
+description: Stand up an Anthropic MCP tunnel locally with Docker Compose so Claude can call a private MCP server (manual-credentials quickstart).
+argument-hint: "[deployment-dir] (default: ./mcp-tunnel)"
+allowed-tools: [Bash, Read, Write, Edit, AskUserQuestion]
+---
+
+# Create a Docker MCP tunnel
+
+Drive the
+[**MCP tunnels quickstart**](https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/quickstart)
+end to end: from zero to Claude calling a private MCP server through an
+Anthropic-operated tunnel, using Docker Compose with manually supplied
+credentials (the shortest path for local testing).
+
+> MCP tunnels is in **research preview**. It is provided "as-is" with no uptime
+> or support commitment and depends on a third-party transport (Cloudflare).
+> Do not put production traffic through this without reading the
+> [security model](https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/security).
+
+You are guiding the user through a mix of **local commands you run** and
+**Console actions only they can do** (creating the tunnel, uploading the CA).
+Be a careful operator: explain each step briefly, run the commands, check the
+output, and stop with a clear diagnosis if something fails.
+
+Deployment directory: use `$ARGUMENTS` if the user passed a path, otherwise
+default to `./mcp-tunnel`. Refer to it below as `$DIR`.
+
+## What you'll build
+
+A container stack on the user's machine:
+
+- **mcp-proxy** — Anthropic's proxy. Terminates the inner TLS handshake using
+  a certificate the user controls, validates upstream IPs, routes by hostname.
+- **cloudflared** — the tunnel agent. Outbound-only connection to the Anthropic
+  tunnel edge; shares the proxy's network namespace.
+- **hello-mcp** *(optional)* — a sample FastMCP server, only if the user has no
+  MCP server of their own to expose yet.
+
+When it's up, the routed server is reachable from Claude at
+`https://<subdomain>.<tunnel-domain>/<path>` with nothing listening on a public
+port.
+
+## Step 0 — Preflight
+
+Run these and report what's missing before going further:
+
+```bash
+docker --version && docker compose version && openssl version
+```
+
+- Docker + Docker Compose are required. `openssl` 1.1.1+ is required (the
+  commands below use `-addext`, available in 1.1.1+).
+- Confirm the host has **outbound** access to `api.anthropic.com:443` and the
+  tunnel edge (`198.41.192.0/19`, `2606:4700:a0::/44`) on **7844 TCP and UDP**.
+  No inbound ports are opened.
+
+If `docker compose` (v2) is unavailable but `docker-compose` (v1) exists, use
+that and tell the user; the compose file is v2-compatible.
+
+## Step 1 — Create the tunnel (Console — user action)
+
+Tell the user to do this in the [Claude Console](https://console.anthropic.com)
+(see [Create a tunnel](https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/console#create-a-tunnel)):
+
+1. Sidebar → **Manage → MCP tunnels** → **New tunnel**. Give it a name.
+2. Leave **Set up programmatic access** **off** — this quickstart uses manual
+   credentials.
+3. Open the tunnel. From the **Connection** section copy two values:
+   - **Domain** — looks like `abcd1234.tunnel.anthropic.com`
+   - **Token** — click the eye icon, then copy
+
+Then ask the user, via AskUserQuestion or a direct prompt, for the **Domain**.
+**Do not ask them to paste the Token into the chat.** The token is a secret
+that authenticates the outbound tunnel connection; keep it out of the
+transcript. Instead, tell them you will create a `$DIR/.env` file and they
+should paste the token into it themselves (Step 3), or have them export it:
+`export TUNNEL_TOKEN='eyJ...'` in the shell you'll run compose from.
+
+Record the domain as `TUNNEL_DOMAIN` for the steps below.
+
+## Step 2 — Deployment directory
+
+```bash
+mkdir -p "$DIR"/{config,data}
+cd "$DIR"
+```
+
+## Step 3 — Credentials file
+
+Create `$DIR/.env` (compose auto-loads it; this survives reboots, unlike a
+shell `export`). Write `TUNNEL_DOMAIN` yourself; leave a placeholder for the
+secret and have the **user** fill it in:
+
+```
+TUNNEL_DOMAIN=<the domain from step 1>
+TUNNEL_TOKEN=PASTE_TUNNEL_TOKEN_HERE
+```
+
+Then lock it down and make sure it never gets committed:
+
+```bash
+chmod 600 "$DIR/.env"
+printf '.env\ndata/\n' > "$DIR/.gitignore"
+```
+
+Pause and have the user replace `PASTE_TUNNEL_TOKEN_HERE` with the real token
+(tell them the exact file path). Verify it's set without printing it:
+
+```bash
+cd "$DIR" && grep -q '^TUNNEL_TOKEN=eyJ' .env && echo "token looks set" || echo "token NOT set — edit .env"
+```
+
+Load it for the openssl/config steps in this shell:
+
+```bash
+cd "$DIR" && set -a && . ./.env && set +a && echo "domain: $TUNNEL_DOMAIN"
+```
+
+## Step 4 — Generate the CA and server certificate
+
+The proxy terminates an inner TLS handshake using a certificate signed by a CA
+the user controls. Generate both (Linux/macOS shown; the
+[quickstart](https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/quickstart)
+also has a Windows PowerShell variant — offer it if the user is on Windows):
+
+```bash
+cd "$DIR"
+
+openssl req -x509 -newkey rsa:2048 -nodes \
+  -keyout data/ca.key -out data/ca.crt \
+  -days 3650 -subj "/CN=mcp-tunnel-ca" \
+  -addext "basicConstraints=critical,CA:TRUE" \
+  -addext "keyUsage=critical,keyCertSign,cRLSign" \
+  -addext "subjectKeyIdentifier=hash"
+
+cat > data/tls.ext <<EOF
+subjectAltName = DNS:${TUNNEL_DOMAIN},DNS:*.${TUNNEL_DOMAIN}
+authorityKeyIdentifier = keyid,issuer
+extendedKeyUsage = serverAuth
+EOF
+
+openssl req -newkey rsa:2048 -nodes \
+  -keyout data/tls.key -out /tmp/server.csr \
+  -subj "/CN=${TUNNEL_DOMAIN}"
+openssl x509 -req -in /tmp/server.csr \
+  -CA data/ca.crt -CAkey data/ca.key -CAcreateserial \
+  -out data/tls.crt -days 90 -extfile data/tls.ext
+
+chmod 644 data/tls.key
+```
+
+Why these flags: the explicit `-addext` extensions make the CA satisfy the
+tunnel's [certificate requirements](https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/reference#certificate-requirements)
+regardless of distro `openssl.cnf` defaults;
+`-extfile` (not `-copy_extensions`, which is OpenSSL 3.0+ only) keeps this
+working on OpenSSL 1.1.x and adds the `AuthorityKeyIdentifier` the proxy
+requires. `chmod 644 data/tls.key` is **required**: openssl writes the key
+`0600` but the proxy container runs as a non-root user and must read it.
+
+`data/tls.key` and `data/ca.key` are sensitive — they live under `data/`,
+which the `.gitignore` from Step 3 already excludes.
+
+## Step 5 — Register the CA (Console — user action)
+
+Have the user, on the tunnel detail page, scroll to **Certificates** →
+**Add certificate**
+(see [Add a CA certificate](https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/console#add-a-ca-certificate)),
+and upload `$DIR/data/ca.crt` (or paste its contents —
+print it with `cat data/ca.crt` so they can copy it). The tunnel status flips
+to **Active** once a certificate is registered. The tunnel will not appear in
+the agent picker until this is done.
+
+Wait for the user to confirm the tunnel shows **Active** before continuing.
+
+## Step 6 — Choose the upstream MCP server
+
+Ask the user (AskUserQuestion):
+
+- **"I have an MCP server already"** — get its reachable address as
+  `scheme://host:port` (port mandatory, no path — the proxy rejects a path in
+  the upstream value at config load). It must be reachable from the proxy
+  container and resolve to an RFC1918 private address (`10/8`, `172.16/12`,
+  `192.168/16`); the proxy refuses public/loopback upstreams by default
+  (SSRF protection). If it runs as a Compose service, add it to the compose
+  file so it shares the network. If it runs on the host, see Troubleshooting
+  ("host process"). Pick a route subdomain with the user (e.g. `wiki`).
+- **"Use the sample server"** — scaffold the FastMCP `hello-server` below as a
+  Compose service `hello-mcp` and route subdomain `echo`.
+
+### Sample server (only if chosen)
+
+Write `$DIR/hello_server.py`:
+
+```python
+from mcp.server.fastmcp import FastMCP
+
+mcp = FastMCP("hello-server", host="0.0.0.0", port=9000)
+
+
+@mcp.tool()
+def hello(name: str = "world") -> str:
+    """Say hello to someone."""
+    return f"Hello, {name}!"
+
+
+if __name__ == "__main__":
+    mcp.run(transport="streamable-http")
+```
+
+## Step 7 — Proxy config
+
+Write `$DIR/config/mcp-proxy.yaml`. `tunnel_domain` is **required** (the
+proxy strips it from the incoming hostname to find the subdomain in `routes`).
+`routes` is a **flat map** subdomain → upstream URL, *not* a list:
+
+```yaml
+listen_addr: ":8080"
+log_level: info
+tunnel_domain: <TUNNEL_DOMAIN>
+tls:
+  cert_file: /data/tls.crt
+  key_file: /data/tls.key
+routes:
+  echo: http://hello-mcp:9000
+```
+
+Substitute the real `TUNNEL_DOMAIN`. Replace the `routes:` block with the
+user's chosen subdomain → upstream if they brought their own server (e.g.
+`wiki: http://wiki-mcp.internal:8080`). You can keep multiple routes.
+
+## Step 8 — Compose file
+
+Write `$DIR/docker-compose.yaml`. Images are pinned by digest:
+
+```yaml
+services:
+  mcp-proxy:
+    image: us-docker.pkg.dev/anthropic-public-registry/images/mcp-proxy@sha256:6b9adedbf2763143ec72f106ecaf0ce7fd3294e89b208f54a1db97a33d14c5ba
+    command: ["-config", "/etc/mcp-proxy/config.yaml"]
+    volumes:
+      - ./config/mcp-proxy.yaml:/etc/mcp-proxy/config.yaml:ro
+      - ./data:/data:ro
+    restart: unless-stopped
+
+  cloudflared:
+    image: cloudflare/cloudflared@sha256:6b599ca3e974349ead3286d178da61d291961182ec3fe9c505e1dd02c8ac31b0
+    command: tunnel --no-autoupdate run --url http://localhost:8080
+    environment:
+      - TUNNEL_TOKEN
+    network_mode: "service:mcp-proxy"
+    restart: unless-stopped
+```
+
+`--url http://localhost:8080` is **required** in the manual flow: no ingress
+rules are pushed server-side, so without it cloudflared 503s every request.
+`network_mode: "service:mcp-proxy"` shares the proxy's netns so
+`localhost:8080` reaches it. `environment: - TUNNEL_TOKEN` (no value) passes
+the variable through from `.env`.
+
+If the sample server was chosen, append the service:
+
+```yaml
+  hello-mcp:
+    image: python:3.13-slim
+    working_dir: /app
+    volumes:
+      - ./hello_server.py:/app/hello_server.py:ro
+    command: sh -c "pip install --quiet mcp && python hello_server.py"
+    restart: unless-stopped
+```
+
+If the user brought their own server *and* it's containerized, add its service
+here too so it shares the Compose network with the proxy.
+
+(For a hardened single-host deployment — non-root user, read-only rootfs,
+`cap_drop: ALL`, `no-new-privileges` — point the user at
+[Deploy with Docker Compose](https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/deploy-compose);
+this quickstart keeps it minimal for fast local testing.)
+
+## Step 9 — Start and verify
+
+```bash
+cd "$DIR" && docker compose up -d
+sleep 5
+docker compose logs mcp-proxy | grep -i "route configured"
+docker compose logs cloudflared | grep -i "Registered tunnel connection"
+```
+
+Expect one `route configured` line per route and **four**
+`Registered tunnel connection` lines. Containers take a few seconds; rerun the
+log greps if they come back empty (don't conclude failure on the first empty
+result). If they stay empty, go to Troubleshooting.
+
+## Step 10 — Call it from Claude
+
+Tell the user both options:
+
+**Managed Agents (Console):** **Managed Agents → Sessions** → new session →
+agent picker **Create new agent** → **+ MCP Server** → select the tunnel →
+**Subdomain** = the route (`echo`), **Path** = `mcp` (FastMCP
+`streamable-http` serves at `/mcp`). Then ask: *"Use the hello tool to greet
+tunnel."* — expect a tool call and its result.
+
+**Messages API:** the host is `<subdomain>.<tunnel-domain>`; the path is
+whatever the upstream serves (`/mcp` for FastMCP). Use an API key for the
+workspace the tunnel was created in.
+
+```bash
+curl https://api.anthropic.com/v1/messages \
+  -H "Content-Type: application/json" \
+  -H "x-api-key: $ANTHROPIC_API_KEY" \
+  -H "anthropic-version: 2023-06-01" \
+  -H "anthropic-beta: mcp-client-2025-11-20" \
+  -d "{
+    \"model\": \"claude-opus-4-7\",
+    \"max_tokens\": 1024,
+    \"mcp_servers\": [{\"type\": \"url\", \"name\": \"echo\", \"url\": \"https://echo.${TUNNEL_DOMAIN}/mcp\"}],
+    \"tools\": [{\"type\": \"mcp_toolset\", \"mcp_server_name\": \"echo\"}],
+    \"messages\": [{\"role\": \"user\", \"content\": \"call hello with name=tunnel\"}]
+  }"
+```
+
+The tunnel carries encrypted traffic but does **not** authenticate to the
+upstream. If the upstream MCP server requires its own auth, the user supplies
+it the same as for any other MCP server.
+
+## Troubleshooting (diagnose in this order)
+
+| Symptom | Cause | Fix |
+|---|---|---|
+| Caller sees HTTP 500; cloudflared logs `No ingress rules were defined` | cloudflared has no local target | Ensure `--url http://localhost:8080` and `network_mode: "service:mcp-proxy"` are both present, then `docker compose up -d` |
+| Proxy exits `cannot unmarshal !!seq into map[string]string` | `routes` written as a YAML list | Use `routes: { name: http://host:port }`, not a list of objects |
+| Proxy exits `open /data/tls.key: permission denied` | key is `0600`, proxy runs non-root | `chmod 644 data/tls.key` |
+| Proxy logs `no route for host` (caller gets `502 No route configured for host`) | `tunnel_domain` missing or wrong | Set it to the exact domain on the tunnel detail page; then **restart the proxy** (next row) |
+| Edited config but nothing changed | proxy does **not** hot-reload `config.yaml` (only `tls.cert_file`) | `docker compose restart mcp-proxy` — `up -d` alone won't recreate it on a file-content change |
+| `tls handshake failed ... unknown certificate authority` | CA not registered/revoked on this tunnel | Re-upload `data/ca.crt` in the Console (Step 5) |
+| `tls handshake failed ... bad certificate` | server cert SAN ≠ `*.<tunnel-domain>`, or expired | Regenerate the server cert (Step 4) with the correct `TUNNEL_DOMAIN` |
+| `IP validation failed: <ip> is not a private address` | upstream resolves outside RFC1918 (e.g. `127.0.0.1`, public IP) | Run the upstream as a Compose service on the proxy's network; or narrow `upstream.allowed_ips` deliberately (avoid `0.0.0.0/0` outside local testing) |
+| `dial tcp ...: connect: connection refused` for `host.docker.internal` | rootless Docker can't reach the host netns | Run the MCP server as a Compose service instead of a host process |
+| HTTP 502, no `request started` in proxy log | cloudflared hadn't finished registering, or rolling update | Wait for ×4 `Registered tunnel connection` and retry |
+| Tunnel missing from agent **+ MCP Server** picker | no active certificate, or wrong workspace | Register a CA cert (Step 5); open the session in the tunnel's workspace |
+| `curl https://<proxy>:8080` fails `wrong version number` | expected — listener is plaintext WS, TLS is inside the WS stream | Don't curl the proxy directly; verify via Managed Agent or Messages API |
+
+`docker compose logs cloudflared` (token/edge reachability) and
+`docker compose logs mcp-proxy` (config/cert/routing) are the two primary
+diagnostics. Check the outbound connection first, then the inner TLS handshake,
+then upstream routing. See
+[Troubleshooting](https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/troubleshooting)
+for additional cases.
+
+## Operational notes (mention briefly, don't run unprompted)
+
+- **Token rotation:** Console → **Rotate token** invalidates the old token
+  immediately. Update `TUNNEL_TOKEN` in `.env` and
+  `docker compose up -d cloudflared`.
+- **Cert renewal:** the server cert is valid 90 days. Re-sign with the same CA
+  (the registered CA doesn't change) and replace `data/tls.crt`; the proxy
+  polls and reloads it, no restart needed.
+- **Config changes always need** `docker compose restart mcp-proxy`.
+
+## Wrap up
+
+Summarize: deployment dir, route(s) configured, tunnel domain, and the exact
+URL Claude reaches the server at. Remind the user the token is a live secret in
+`$DIR/.env` (chmod 600, gitignored) and that this is a research-preview,
+local-testing setup — point them at
+[Deploy with Docker Compose](https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/deploy-compose) /
+[Deploy with Helm](https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/deploy-helm)
+for a hardened or programmatic-access deployment.

plugins/security-guidance/hooks/hooks.json

@@ -6,7 +6,7 @@
         "hooks": [
           {
             "type": "command",
-            "command": "python3 ${CLAUDE_PLUGIN_ROOT}/hooks/security_reminder_hook.py"
+            "command": "python3 \"${CLAUDE_PLUGIN_ROOT}/hooks/security_reminder_hook.py\""
           }
         ],
         "matcher": "Edit|Write|MultiEdit"