Model Context Protocol

Drive ByteVet from your AI agent

ByteVet exposes every bin operation over an OAuth-gated MCP server. Connect an agent (Claude Code, Claude.ai, Claude Desktop, or any MCP-compatible client) and it can create bins, read captured HTTP/DNS traffic, drive remote shells, and run XSS payloads — under the same quotas and ownership rules as the web dashboard.

https://byte.vet/api/mcp OAuth 2.1 + DCR

Install

Each client handles OAuth + Dynamic Client Registration automatically. Paste the snippet, then sign in with GitHub or Google when prompted.

Claude Code (CLI)

Adds the server to your local Claude Code config. First call opens a browser for sign-in.

claude mcp add bytevet --transport http https://byte.vet/api/mcp

Claude (web, desktop, mobile)

On claude.ai: Settings → Connectors → Add custom connector → paste the URL. The connector is brokered through your Claude account, so it lights up on Claude Desktop and mobile automatically — no per-app config needed.

https://byte.vet/api/mcp

Cursor

Save as ~/.cursor/mcp.json (global) or .cursor/mcp.json in a project. Cursor runs OAuth + Dynamic Client Registration automatically on first use.

{
  "mcpServers": {
    "bytevet": {
      "url": "https://byte.vet/api/mcp"
    }
  }
}

Gemini CLI

Save as ~/.gemini/settings.json. With `oauth.enabled: true` the CLI auto-discovers our OAuth endpoints and opens a browser for GitHub/Google sign-in.

{
  "mcpServers": {
    "bytevet": {
      "httpUrl": "https://byte.vet/api/mcp",
      "oauth": { "enabled": true }
    }
  }
}

OpenAI Codex CLI

Codex CLI doesn't run OAuth itself — mint a bearer token via the MCP Inspector (or any client that does DCR), export it, then point Codex at it via the `bearer_token_env_var` field.

# Codex doesn't run OAuth itself — mint a token elsewhere first
# (e.g. via the Inspector), then:
export BYTEVET_TOKEN="paste-access-token-here"

# ~/.codex/config.toml
[mcp_servers.bytevet]
url = "https://byte.vet/api/mcp"
bearer_token_env_var = "BYTEVET_TOKEN"

MCP Inspector

Run the Inspector locally, then in the UI pick Streamable HTTP and paste the server URL. Useful for poking at tools/list and tools/call by hand.

npx @modelcontextprotocol/inspector

# In the UI:
#   Transport: Streamable HTTP
#   URL:       https://byte.vet/api/mcp

Auth happens on first call

Your MCP client will open a browser for GitHub or Google sign-in. After you authorize, it stores a bearer token locally; subsequent calls are silent until the token expires or you revoke it from the dashboard.

Authorization & revocation

Every connected MCP client appears in your dashboard under "Authorized MCP tokens" with the last-used timestamp and the source IP + location of the most recent call. Revoke any token to instantly invalidate the bearer; the next call returns 401 and the client has to re-authorize.

Manage tokens in the dashboard →

Troubleshooting

OAuth error: invalid_client

Your client is presenting a cached client_id that ByteVet doesn't know about — usually from a previous server. Clear OAuth credentials in your MCP client (Inspector: "Clear OAuth credentials"; Claude Code: re-run `claude mcp add`) and reconnect to trigger fresh Dynamic Client Registration.

Invalid redirect URI

The Inspector binds to a random localhost port at startup. If you registered a client and then restarted the Inspector, the new port won't match the redirect_uri you registered with. Re-register the client.

401 after long idle

Access tokens expire after an hour by default. The MCP client should refresh transparently — if it doesn't, reconnect and it will run the refresh flow.