Self-host · MIT · Phase 1

Your Bee pendant remembers everything. This lets Claude read it — from your phone.

Bee's official connector runs only on a computer you leave on. This is a small Cloudflare Worker you host yourself — you sign in with GitHub, and your Bee token stays a secret inside your deployment, custodied by no one else.

Set it up → The technical version

The two-leg wire — one live, one gated

You + your MCP client

Claude on web, iOS, iPadOS, Cowork

Live GitHub OAuth — proves you own this instance

Your Worker (the relay)

Holds your Bee token as its own secret

Gated your Bee token → Bee's API, pending a cert check

Bee API

Read-only — your captured conversations

The gap

Your memory is trapped on a desktop.

Bee ships an MCP server, but it speaks only over local stdio on 127.0.0.1 — so it never reaches Claude on your phone, your iPad, or the web. The pendant captures your life all day; the one place you actually want to ask about it can't get in.

bee-ai-auth-mcp closes that transport gap. It's a hosted-but-self-hosted relay: a remote MCP connector any agent can reach over the network, with a real OAuth front door so only you can use your instance. See how it's built →

How it works

Two legs of trust, kept separate.

One leg authenticates you to your relay. The other carries your Bee credential to Bee. They never mix, and the relay never collects anyone else's token.

You connect with GitHub

A standard OAuth redirect proves you're an allowed operator of this instance. Identity only — no repository access, no data read. Logins outside your allow-list are refused.

Your Bee token is your Worker's own secret

You set it once, in your own deployment. It never appears in logs, URLs, errors, or tool output. The relay custodies no credential but your own.

Claude calls read-only tools

Your MCP client reaches tools that proxy Bee's API. Phase 1 ships the identity check (whoami); read-only conversation retrieval is next.

What's true today

Phase 1: the secure front door is up.

This project tells you exactly what works and what doesn't — no demo that quietly fakes a working pendant.

✓

Live now

Deploy & health checks, the GitHub identity gate, and the whoami tool's auth path — running on Cloudflare Workers.

◷

Gated on a one-time check

whoami's call to Bee waits on a reachability test: Workers trust only public certificates, and Bee's API may sit behind a private CA.

→

Next — Phase 2

Read-only conversation retrieval: paginated, size-capped, summary-or-full — never a raw transcript dump into your context.

◌

Later, eyes-open

A hosted multi-tenant option, deferred on purpose. Why →

Why self-host

No central pile of keys to lose.

A hosted store of everyone's tokens

Holds long-lived credentials for many people at once
One breach exposes every connected account
Someone must harden, rotate, and watch it forever
Only safe once the upstream issues short-lived keys

Self-host — what Phase 1 is

Your Bee token is your own Worker secret, nowhere else
The blast radius is exactly one person: you
No trust required in an operator you've never met
Revoke any time by rotating the token in the Bee app

Read the full security model →

Run your own

Self-host in a few steps.

You'll need a Cloudflare account, a Bee API token, and a GitHub OAuth App. The short version: create a KV namespace, register a GitHub OAuth App pointed at your /callback, set your secrets, deploy, and connect it in Claude.

Full setup guide →Read the source