Capsid
Capsid is a public, Cloudflare-native MCP server that serves a consolidated knowledge base from D1 and R2. It speaks MCP over Streamable HTTP and exposes a small, purposeful tool set: list, read, write, delete, move, find, search (FTS5), and namespaces.
Reads are open. Writes (write, delete, move) require an operator key sent as Authorization: Bearer <key>, verified against a sha256 hash stored as a Worker secret. Every write snapshots the prior version into document_versions and appends to audit_log, so you get history and rollback for free.
Stack
- Cloudflare Worker (TypeScript), stateless MCP via
createMcpHandlerfrom the Agents SDK - D1 for documents, versions, namespaces, and audit log, with FTS5 full text search
- R2 (
MEDIAbinding) for media - KV (
APP_KVbinding) for app state
Endpoints
POST /mcpMCP over Streamable HTTPGET /healthreturnsok, no auth
Clone setup
Install dependencies:
npm installCreate your own Cloudflare resources:
npx wrangler d1 create capsid npx wrangler kv namespace create APP_KV npx wrangler r2 bucket create capsid-mediaCopy the config template and fill in your IDs from step 2:
cp wrangler.jsonc.example wrangler.jsoncThe real
wrangler.jsoncis gitignored on purpose. Never commit it.Apply the migration:
npx wrangler d1 migrations apply capsid --remoteNote: the migration is idempotent (IF NOT EXISTS everywhere). Applying it against an already-migrated database, including the original capsid D1, is a no-op. Cloners must run it once.
Generate an operator key and store its hash as a secret. Keep the raw key somewhere safe; it is what MCP clients send as the bearer token.
npx wrangler secret put OPERATOR_KEY_HASHThe value must be the lowercase hex sha256 of your raw key. Never store the raw key anywhere in the repo.
Type check and deploy:
npx tsc --noEmit npx wrangler deployConnect an MCP client to
https://capsid.<your-subdomain>.workers.dev/mcp. Add theAuthorization: Bearer <key>header to enable writes.
Auth roadmap
v1 uses a single service token (bearer key checked against OPERATOR_KEY_HASH). The planned next step is human SSO via workers-oauth-provider, which slots in front of the same MCP handler. Not built yet.
License
MIT