Chris Coutinho
dfc81923ba
Fix all ESLint, Stylelint, PHP CS Fixer, and Psalm workflow errors. Changes: - ESLint fixes: - Remove unused APP_NAME constant - Remove unused TextBoxOutline and TextBoxRemoveOutline components - Remove unused container variable in adminSettings.js - Auto-fix trailing commas, line breaks, attribute ordering - PHP CS Fixer: - Add trailing commas after last function parameters - Convert double quotes to single quotes in log messages - Remove unused NoCSRFRequired import - Fix arrow function formatting - Stylelint: - Update config to use @nextcloud/stylelint-config - Fix extends directive (was using non-existent package) - Psalm workflow: - Fix jq object indexing (.include[0] instead of .[0]) - Correctly extract OCP version from matrix output All checks now pass locally. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
MCP Server UI
Nextcloud app for managing the Nextcloud MCP (Model Context Protocol) Server.
Overview
This app provides a native Nextcloud interface for managing your MCP Server, eliminating the need for the separate /app endpoint. It integrates seamlessly with Nextcloud's settings interface and provides:
- Personal Settings: Session management, background access control
- Admin Settings: Server status monitoring, vector sync metrics
- Vector Visualization: Interactive semantic search (coming soon)
- Native Integration: Uses Nextcloud sessions, design system, and UX patterns
Architecture
Based on ADR-018: Nextcloud PHP App for Settings UI.
OAuth PKCE Flow
The app uses OAuth 2.0 Authorization Code flow with PKCE (Proof Key for Code Exchange):
User → NC Settings → OAuth Authorize → IdP Login → Callback
↓
NC stores encrypted per-user tokens
↓
NC PHP App → User's OAuth Token → MCP Server validates
Key Features:
- ✅ No client secrets - Uses PKCE (public client model)
- ✅ Per-user authorization - Each user explicitly authorizes access
- ✅ Encrypted token storage - Tokens stored encrypted in NC database
- ✅ Leverages existing validation - MCP server uses UnifiedTokenVerifier
- ✅ User-revocable - Users can disconnect at any time
Architecture Benefits
- ✅ Preserves full MCP protocol support (sampling, elicitation, streaming)
- ✅ Provides native Nextcloud integration
- ✅ Maintains clear separation of concerns
- ✅ Avoids ExApp limitations (see ADR-011)
- ✅ No shared secrets between NC and MCP server
Requirements
- Nextcloud: Version 30 or later
- MCP Server: Running in OAuth mode
- Identity Provider: OAuth provider supporting PKCE (Nextcloud OIDC or Keycloak)
- Configuration: Set in
config.php:
'mcp_server_url' => 'http://localhost:8000',
Installation
From App Store (Recommended)
- Open Nextcloud Apps
- Search for "MCP Server UI"
- Click "Download and enable"
Manual Installation
- Clone or download this directory to
apps/astroglobe - Install dependencies:
composer install - Enable the app:
occ app:enable astroglobe
Configuration
1. Configure Nextcloud
Add to config/config.php:
'mcp_server_url' => 'http://localhost:8000',
2. Configure MCP Server
Ensure MCP server is running in OAuth mode. Add to MCP server .env:
# Enable OAuth mode
ENABLE_OAUTH=true
# OAuth provider (Nextcloud or Keycloak)
NEXTCLOUD_HOST=https://your-nextcloud.example.com
# OR
KEYCLOAK_SERVER_URL=https://keycloak.example.com
KEYCLOAK_REALM=nextcloud-mcp
# Optional: Disable legacy /app endpoint
ENABLE_BROWSER_UI=false
3. User Authorization
Each user must authorize the Nextcloud app to access the MCP server:
- Go to Settings → Personal → MCP Server
- Click "Authorize Access"
- Sign in to your identity provider
- Approve the requested permissions
- You will be redirected back to Nextcloud
The app uses OAuth 2.0 with PKCE (Public Client) - no client secrets are stored.
Features
Personal Settings
Located in: Settings → Personal → MCP Server
- OAuth Authorization: Authorize Nextcloud to access MCP server on your behalf
- Session Information: View user ID, auth mode, OAuth connection status
- Background Access: Monitor whether MCP server has offline access enabled
- IdP Profile: View identity provider profile details
- Connection Management:
- Revoke background access (removes server-side refresh token)
- Disconnect from MCP server (removes local OAuth tokens)
- Vector Visualization: Access interactive semantic search UI (if enabled)
Admin Settings
Located in: Settings → Administration → MCP Server
- Server status and version info
- Configuration validation (URL, API key)
- Vector sync metrics (if enabled):
- Indexed documents count
- Pending queue size
- Processing rate (docs/sec)
- Error counts
- Uptime monitoring
- Feature availability
Development
Structure
astroglobe/
├── lib/
│ ├── Controller/
│ │ ├── ApiController.php # Form handlers (revoke, etc.)
│ │ └── PageController.php # Main page routes
│ ├── Service/
│ │ └── McpServerClient.php # HTTP client for MCP server API
│ └── Settings/
│ ├── Personal.php # User settings panel
│ ├── PersonalSection.php # Settings section
│ ├── Admin.php # Admin settings panel
│ └── AdminSection.php # Admin section
├── templates/
│ └── settings/
│ ├── personal.php # Personal settings template
│ ├── admin.php # Admin settings template
│ └── error.php # Error template
├── css/
│ └── astroglobe-settings.css # Settings styles
└── js/
├── astroglobe-personalSettings.js
└── astroglobe-adminSettings.js
Testing
- Start MCP server with management API enabled
- Configure Nextcloud (config.php)
- Enable the app:
occ app:enable astroglobe - Navigate to settings panels
- Verify data loads from MCP server API
Debugging
Check logs:
# Nextcloud logs
tail -f data/nextcloud.log
# MCP server logs
docker compose logs -f mcp
Common issues:
-
"Cannot connect to MCP server"
- Verify
mcp_server_urlis correct in config.php - Check MCP server is running and accessible
- Verify network connectivity
- Verify
-
"Authorization Required" shown on personal settings
- User needs to click "Authorize Access" to complete OAuth flow
- Verify MCP server is running in OAuth mode (
ENABLE_OAUTH=true) - Check identity provider is accessible
-
OAuth callback fails
- Verify redirect URI is registered with IdP
- Check MCP server OAuth configuration
- Review browser console for errors
- Check nextcloud.log for PHP errors
-
Settings panel blank
- Check browser console for errors
- Verify templates exist in
templates/settings/ - Check PHP errors in nextcloud.log
Migration from /app Endpoint
If you're currently using the MCP server's /app endpoint:
-
Phase 1 (v0.53+): Both UIs available
- Install this app
- Keep using
/appor migrate to NC app - Test functionality in NC app
-
Phase 2 (v0.54+): NC app recommended
/appshows deprecation notice- New features only in NC app
- Begin migration
-
Phase 3 (v0.56+): NC app only
/appendpoint removed- All users must use NC app
See ADR-018 for full migration plan.
Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Test thoroughly
- Submit a pull request
Documentation
License
AGPL-3.0
Author
Chris Coutinho chris@coutinho.io