Show HN: Coding Tools MCP – Give any LLM agent the ability to code

Developer xyTom released Coding Tools MCP, an open-source runtime server that exposes local coding primitives like file search, patch application, and test execution to any MCP-compatible LLM agent. The tool is model-neutral and designed for secure local development without external cloud dependencies.

Coding Tools MCP is a model-neutral coding-agent runtime MCP server. It exposes local coding primitives to any MCP client: php inspect repo - search/read files - apply structured patches - run tests/commands - interact with stdin sessions - inspect git status/diff It is not a prompt wrapper. It does not expose external agent accounts, memory, cloud tasks, web search, image generation, model routing, plugin marketplace, or subagent orchestration as MCP tools. Quickstart /xyTom/coding-tools-mcp/blob/main/docs/quickstart.md MCP client configuration /xyTom/coding-tools-mcp/blob/main/docs/mcp-client-config.md Remote MCP /xyTom/coding-tools-mcp/blob/main/docs/remote-mcp.md Tools and schemas /xyTom/coding-tools-mcp/blob/main/docs/tools-and-schemas.md Permission modes /xyTom/coding-tools-mcp/blob/main/docs/permission-modes.md Exec command recipes /xyTom/coding-tools-mcp/blob/main/docs/exec-command-recipes.md Docker sandbox /xyTom/coding-tools-mcp/blob/main/docs/docker.md Security policy /xyTom/coding-tools-mcp/blob/main/SECURITY.md Security boundary /xyTom/coding-tools-mcp/blob/main/docs/security-boundary.md CI and test commands /xyTom/coding-tools-mcp/blob/main/docs/ci-and-tests.md Dogfood /xyTom/coding-tools-mcp/blob/main/docs/dogfood.md SWE-bench evaluation /xyTom/coding-tools-mcp/blob/main/docs/swe-bench.md Known limitations /xyTom/coding-tools-mcp/blob/main/docs/limitations.md Troubleshooting /xyTom/coding-tools-mcp/blob/main/docs/troubleshooting.md Exec troubleshooting /xyTom/coding-tools-mcp/blob/main/docs/troubleshooting-exec.md Competitive analysis /xyTom/coding-tools-mcp/blob/main/docs/competitive-analysis.md - Normative MCP runtime profile: docs/profile-v0.1.md /xyTom/coding-tools-mcp/blob/main/docs/profile-v0.1.md Install the published command from PyPI: curl -fsSL https://raw.githubusercontent.com/xyTom/coding-tools-mcp/main/scripts/install.sh | bash Install and start local Streamable HTTP against a workspace: curl -fsSL https://raw.githubusercontent.com/xyTom/coding-tools-mcp/main/scripts/install.sh \ | bash -s -- --start --workspace /path/to/repo Install and expose a read-only bearer-token tunnel: curl -fsSL https://raw.githubusercontent.com/xyTom/coding-tools-mcp/main/scripts/install.sh \ | bash -s -- --tunnel cloudflared --auto-install-tunnel --workspace /path/to/repo Or, from this checkout: scripts/install.sh Run the published package without a persistent install: uvx coding-tools-mcp --workspace . Use stdio for MCP clients: uvx coding-tools-mcp --stdio --workspace /path/to/repo If you are working from this checkout instead of a published package: make start Pass a different workspace, host, port, or extra server flags with Make variables: make start MCP WORKSPACE=/path/to/repo MCP PORT=8000 MCP ARGS="--permission-mode trusted" If dependencies are missing, install the runtime in editable mode: python -m pip install -e ". dev " HTTP endpoint: http://127.0.0.1:8765/mcp Install the optional image extra when you want view image auto-resize support: python -m pip install -e ". image " Stdio: coding-tools-mcp --stdio --workspace /path/to/repo Set CODING TOOLS MCP TRACE=1 to emit redacted JSON tool-call trace events to stderr for local debugging. Logs stay off stdout so stdio JSON-RPC remains clean. By default, exec command passes a core shell environment only. For local toolchains that depend on inherited environment variables, such as MSVC developer prompts, start with: CODING TOOLS MCP SHELL ENV INHERIT=all coding-tools-mcp --workspace /path/to/repo inherit=all still filters secret-looking and loader/startup variables unless dangerous mode is also enabled. For local development with dependency downloads, shell expansion, and inline interpreter snippets, use: coding-tools-mcp --permission-mode trusted --workspace /path/to/repo --allow-network remains available as a compatibility flag when you only want to open network-looking commands. If your MCP client does not support permission elicitation and you explicitly want to disable exec command permission gates inside an isolated container or VM, start with: coding-tools-mcp --permission-mode dangerous --workspace /path/to/repo This disables exec command permission gates such as network-looking commands, destructive command checks, shell expansion, inline scripts, and sensitive env checks. Workspace path boundaries for direct file tools still apply. --dangerously-skip-all-permissions remains as a compatibility alias. Generic stdio client: mcp servers.coding tools command = "uvx" args = "coding-tools-mcp", "--stdio", "--workspace", "/path/to/repo" Claude Code: { "mcpServers": { "coding-tools": { "command": "uvx", "args": "coding-tools-mcp", "--stdio", "--workspace", "/path/to/repo" } } } Cursor: { "mcpServers": { "coding-tools": { "command": "uvx", "args": "coding-tools-mcp", "--stdio", "--workspace", "/path/to/repo" } } } Generic Streamable HTTP clients should use MCP protocol version 2025-06-18 and point at http://127.0.0.1:8765/mcp . For remote MCP clients and local development over an HTTPS tunnel, keep the server bound to loopback and expose the tunnel URL with the safest profile your client can use. Anonymous tunnel testing should use read-only mode: CODING TOOLS MCP AUTH MODE=noauth \ CODING TOOLS MCP TOOL PROFILE=read-only \ ./scripts/tunnel.sh cloudflared /path/to/repo Configure the remote MCP client with the HTTPS tunnel URL: URL: https://<tunnel-host /mcp The tunnel scripts support cloudflared , ngrok , and Microsoft Dev Tunnel. If the selected tunnel CLI is missing, the script asks before installing it: scripts/tunnel.sh cloudflared /path/to/repo scripts/tunnel.sh ngrok /path/to/repo scripts/tunnel.sh devtunnel /path/to/repo For clients that support custom headers, use bearer-token auth with Authorization: Bearer <token . For MCP clients that speak OAuth 2.1 Authorization Code + PKCE, use CODING TOOLS MCP AUTH MODE=oauth with scripts/tunnel.sh or scripts/install.sh --auth-mode oauth . The server can infer its OAuth issuer from the tunnel request URL, so one-shot tunnels like cloudflared work without setting CODING TOOLS MCP SERVER URL before startup; set it only when you want to pin a stable issuer. The script prints a generated OAuth password, accepts any non-empty client id by default, and lets you opt into CODING TOOLS MCP OAUTH CLIENT ID / CODING TOOLS MCP OAUTH CLIENT SECRET only when you need to lock down a confidential client. Clients that cannot send custom bearer headers and do not speak OAuth should use anonymous read-only mode only for local/testing tunnels, or be placed behind an external auth proxy for production use. See docs/remote-mcp.md /xyTom/coding-tools-mcp/blob/main/docs/remote-mcp.md for the exact modes and security notes. full : exposes all tools with truthful annotations. This is the default for backward compatibility. read-only : recommended for remote or safe-mode clients; exposes only inspection tools, git read tools, image viewing, and default-cwd helpers. compat-readonly-all : exposes all tools but advertises every tool as read-only for clients that gate availability on readOnlyHint . This is not a safety mode; mutation-capable tools such as apply patch , exec command , write stdin , and kill session can still mutate local state. P0 tools exposed by default: server info get default cwd set default cwd read file list dir list files search text apply patch exec command write stdin kill session git status git diff git log git show git blame request permissions Additional image tool exposed by default: view image For input/output schemas and result envelopes, see docs/tools-and-schemas.md /xyTom/coding-tools-mcp/blob/main/docs/tools-and-schemas.md and docs/profile-v0.1.md /xyTom/coding-tools-mcp/blob/main/docs/profile-v0.1.md . The runtime binds one workspace root per server process. Paths are workspace-relative by default. Absolute paths, .. traversal, and symlink escapes are rejected. Recursive listing/search excludes .git , .reference , node modules , target , dist , build outputs, virtualenvs, and common caches by default. exec command runs under policy controls with workspace-bound cwd, configurable shell environment inheritance, timeout, output caps, sensitive-value and loader/startup environment rejection, destructive command checks, network-looking command checks, shell-expansion permission gates, indirect absolute-path checks, cancellation/kill cleanup, session deadline watchdogs, and bounded session buffers. On Linux hosts with Landlock support it also applies filesystem confinement; on Windows, macOS, or Linux hosts without Landlock, command results include a warning and external sandboxing is required before running untrusted commands. This is still not a complete OS/container sandbox; see SECURITY.md /xyTom/coding-tools-mcp/blob/main/SECURITY.md . --permission-mode safe is the default. --permission-mode trusted opens local-development gates while keeping secret filtering and destructive-command checks. --permission-mode dangerous disables exec command permission gates for operators who accept that risk inside an isolated runner. Do not use dangerous mode for untrusted workspaces or untrusted MCP clients. make compliance Compliance and CI commands are documented in docs/ci-and-tests.md /xyTom/coding-tools-mcp/blob/main/docs/ci-and-tests.md . The checked-in report files are generated artifacts; inspect their suite field before treating them as full compliance evidence. Dogfood and SWE-bench notes live in docs/dogfood.md /xyTom/coding-tools-mcp/blob/main/docs/dogfood.md , docs/swe-bench.md /xyTom/coding-tools-mcp/blob/main/docs/swe-bench.md , and BENCHMARK.md /xyTom/coding-tools-mcp/blob/main/BENCHMARK.md . This repository does not claim a model-generated SWE-bench leaderboard result. make lint make typecheck make test make compliance make ci See docs/ci-and-tests.md /xyTom/coding-tools-mcp/blob/main/docs/ci-and-tests.md for the full test matrix. This project is source-available, not open source. See LICENSE /xyTom/coding-tools-mcp/blob/main/LICENSE . Internal evaluation, development, testing, and security review are permitted; redistribution, hosted third-party service use, and production commercial use require prior written permission.