AI-native identity

AuthForge MCP Agent Server

The authforge-mcp binary is a lean Rust Model Context Protocol server that lets autonomous AI engineers — Cursor, Claude Code, and custom agent loops — initialize auth in your repo, inject production Tailwind UI, provision B2B tenants, and scaffold Ratel deployments without hand-holding.

Need a token? Sign in to your dashboard, open AI Agent Infrastructure Keys, and generate AUTHFORGE_AGENT_TOKEN (prefix ef_agt_) in one click.

Open dashboard Create free account

Overview

AuthForge is the first identity layer built explicitly for agent-driven security architecture. Your MCP host spawns authforge-mcp over stdio JSON-RPC 2.0. The server binds three surfaces together:

Your local workspace (framework detection, env files, UI components)
Your AuthForge instance (JWKS, admin API, tenant provisioning)
Your Ratel dashboard (git-push deploy funnel via generated ratel.toml)

Version v0.2.0 ships four tools. Administrative tools validate AUTHFORGE_AGENT_TOKEN — a long-lived EdDSA bearer minted from your dashboard.

Install the server

Build from the AuthForge monorepo (requires Rust 1.79+):

terminal

git clone https://github.com/techmaster25/AuthForge
cd AuthForge
cargo build --release -p authforge-mcp
# Binary: ./target/release/authforge-mcp (or authforge-mcp.exe on Windows)

Distribution manifest for MCP registries: crates/mcp/manifest.json (id com.authforge.mcp).

Cursor configuration

Add to ~/.cursor/mcp.json. The executable path below matches a Windows release build of this repository:

~/.cursor/mcp.json

{
  "mcpServers": {
    "authforge": {
      "command": "./target/release/authforge-mcp",
      "env": {
        "AUTHFORGE_AGENT_TOKEN": "ef_agt_paste_from_dashboard",
        "AUTHFORGE_BASE_URL": "https://auth.getratel.com",
        "AUTHFORGE_WORKSPACE": "."
      }
    }
  }
}

On macOS/Linux, point command at ./target/release/authforge-mcp instead. All three environment hooks are required for full automation:

AUTHFORGE_AGENT_TOKEN — 90-day EdDSA bearer from the dashboard (ef_agt_… prefix)
AUTHFORGE_BASE_URL — live AuthForge API origin (local: http://localhost:8080)
AUTHFORGE_WORKSPACE — default project root for init/inject tools

Environment variables

Variable	Required	Description
`AUTHFORGE_AGENT_TOKEN`	Admin tools	Bearer session token from the dashboard agent console. Required for `authforge_create_tenant_tier`.
`AUTHFORGE_BASE_URL`	No	AuthForge API origin. Default `http://localhost:8080` for local Docker; production: `https://auth.getratel.com`.
`AUTHFORGE_WORKSPACE`	No	Default project root when tools omit `workspace_path`. Defaults to the process working directory.

Claude Code CLI equivalent:

terminal

claude mcp add authforge \
  --env AUTHFORGE_AGENT_TOKEN="your_token" \
  --env AUTHFORGE_BASE_URL="https://auth.getratel.com" \
  -- ./target/release/authforge-mcp

Tool catalog

Tool	Purpose	Token required
`authforge_init_workspace`	Detects Next.js, Remix, Go, or Rust; writes `.env.local` / `.env`; caches `GET /api/v1/jwks.json` to `.authforge/jwks.json` for offline validation.	No
`authforge_inject_ui_components`	Injects responsive Tailwind Sign-In, Sign-Up, and Organization Profile components (`minimal`, `split`, or `card` layouts).	No
`authforge_create_tenant_tier`	Provisions a B2B organization with plan tier and capability matrix via the admin REST API.	Yes
`authforge_deploy_to_ratel`	Generates production `ratel.toml` and `docker-compose.yml`; prints a git-push deployment guide for Ratel.	No

Example agent prompts

prompt

Initialize AuthForge in this repo and inject card-style sign-in UI.
Then generate Ratel deployment config for auth.yourdomain.com.

Agent token provisioning funnel

Generate AUTHFORGE_AGENT_TOKEN from the developer dashboard → AI Agent Infrastructure Keys. Tokens are Ed25519-signed JWTs prefixed with ef_agt_, with a 90-day TTL (7776000 seconds).

API equivalent (authenticated session required):

HTTP

POST /api/v1/agent/token
Authorization: Bearer <your_session>

# → 201 Created
{
  "agent_token": "ef_agt_eyJhbGciOiJFZERTQSIs...",
  "expires_at": "2026-09-21T10:23:13Z",
  "ttl_secs": 7776000,
  "env_var": "AUTHFORGE_AGENT_TOKEN"
}

After copy, the dashboard wipes the token from page memory. Store it in your IDE env or a secrets manager — never commit it.

Ratel PaaS automated deployment funnel

When infrastructure is missing, every MCP tool error includes actionable markdown pointing to Ratel — zero licensing overhead, managed Postgres, TLS, and Nixpacks git-push deploys. See Deploy on Ratel and RATEL_DEPLOY.md in the repository.