MCP Tunnel

The MCP Tunnel exposes your local Agenties MCP server to the internet using Cloudflare Tunnel. This lets external services trigger routines and call MCP tools from outside your machine — useful for GitHub webhooks, CI integrations, or testing from a remote device.

Architecture

Two services start together when you enable the tunnel:

Services

1. Agenties MCP server  — Node.js process (dist-mcp/mcp-server.js --http)
                           Listens locally on port 3847
2. Cloudflare Tunnel    — cloudflared process, named tunnel "agenties"
                           Routes inbound HTTPS traffic to localhost:3847

Component	Detail
MCP server	Local HTTP server exposing all Agenties MCP tools. Runs as a subprocess launched by the Agenties app.
cloudflared	Cloudflare Tunnel client binary. Searched at C:\Program Files (x86)\cloudflared\cloudflared.exe then PATH.
Tunnel name	The tunnel must be pre-configured in your Cloudflare account under the name "agenties".
Public URL	Assigned by Cloudflare. The exact URL depends on your tunnel configuration — not an Agenties-provided domain.

Warning:The tunnel uses Cloudflare Tunnel, not an Agenties-hosted service. You must install the cloudflared binary and have a Cloudflare account with a tunnel named agenties configured before enabling this feature.

Prerequisites

1.A Cloudflare account with at least one zone (free tier works).

2.cloudflared CLI installed — download from https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/

3.A named tunnel called "agenties" created via: cloudflared tunnel create agenties

4.A DNS record routing traffic to the tunnel: cloudflared tunnel route dns agenties <your-subdomain>

5.cloudflared binary reachable at C:\Program Files (x86)\cloudflared\cloudflared.exe or in PATH.

Use cases

GitHub webhooksFire a routine automatically when a PR is opened, a push lands, or an issue is created.

External API callsTrigger agents from a CI/CD pipeline, a Zapier workflow, or any HTTP client.

Remote testingTest your MCP tools and routines from a different machine without port-forwarding.

Enabling the tunnel

1.Ensure cloudflared is installed and the "agenties" tunnel is configured in Cloudflare.

2.Open Settings → MCP.

3.Toggle Enable tunnel to on.

4.Agenties starts the local MCP server then launches cloudflared.

5.The public URL for your tunnel comes from your Cloudflare DNS configuration.

Security

The tunnel does not add application-level authentication on top of cloudflared. Security relies on:

Disabled by default

The tunnel is off until you explicitly enable it. No inbound connections are accepted when disabled.

Cloudflare network controls

Use Cloudflare Access policies to restrict who can reach the tunnel URL before requests reach your local MCP server.

Disable when idle

Turn off the tunnel in Settings → MCP when you are not actively using external integrations.

Local only by default

Without the tunnel, the MCP server only listens on localhost and is not reachable externally.

Warning:Enabling the tunnel makes your local MCP server reachable from the public internet via Cloudflare. Use Cloudflare Access to restrict access and disable the tunnel when not in use.

Status

Settings → MCP shows the current status of both the MCP server process and the cloudflared tunnel:

Status	Meaning
Running	Both the MCP server and cloudflared tunnel are active.
Stopped	Tunnel is disabled. No inbound connections accepted.
Missing	cloudflared binary not found at the expected path or in PATH.
Error	One or both processes exited unexpectedly.

Persistence

If the tunnel was enabled when you last closed the app, it auto-restarts on next launch. The enabled state is persisted in the global config file. To permanently disable it, toggle it off in Settings → MCP before closing the app.

← PreviousGitHub Next →Obsidian