The MCP Server

Installation

In the Goodboy app, open Settings → MCP and copy the installation snippet for your client. We currently support Claude Code, Claude Desktop, Cursor, Cline, Windsurf, Gemini CLI, VS Code, Continue, Warp, and Zed.

Security

Every request passes three gates: bearer token (minted once, stored at ~/Library/Application Support/Goodboy/mcp.token with 0600 perms), Origin (loopback only, with null allowed for Electron and CLI clients), and Host (defense against DNS-rebinding). Non-loopback requests return 403.

Every goodboy_run call opens a per-flow approval dialog on the app window. Nothing executes until you click Approve. No timeout.

Installation

Requires macOS 26 and Swift 6.2. No pre-built binary, no Homebrew.

swift build -c release --product goodboy-mcp
codesign --force --sign "Apple Development" \
    .build/release/goodboy-mcp

Re-signing with a stable developer identity gives the binary a persistent Keychain ACL; ad-hoc signatures orphan every keychain grant on rebuild. Then point your client at the absolute path, e.g. in claude_desktop_config.json:

{
  "mcpServers": {
    "goodboy": {
      "command": "/abs/path/.build/release/goodboy-mcp"
    }
  }
}

Security

Stdio. No ports, no listener, no TLS, no tokens. The MCP client launches goodboy-mcp as a subprocess; trust is inherited from the parent process and established at configuration time. There is no per-flow approval gate — pointing your client at this binary authorises it to run any tool in the directory below.

Credentials are protected by the operating system: goodboy-mcp is signed, Keychain entries are ACL-scoped to its signing identity, and credential reads require a one-time macOS prompt per item. Credentials in flight live only in SecuredBox — RAM-only, cleared at flow end.