Package Exports
- @authloop-ai/mcp
- @authloop-ai/mcp/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@authloop-ai/mcp) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
@authloop-ai/mcp
MCP server for AuthLoop — human-in-the-loop authentication for AI agents.
Exposes the authloop_handoff tool so AI agents can hand off auth challenges (OTP, captcha, password) to a human via the Model Context Protocol.
Setup
Add to your MCP client config:
Claude Desktop (claude_desktop_config.json):
{
"mcpServers": {
"authloop": {
"command": "npx",
"args": ["-y", "@authloop-ai/mcp"],
"env": { "AUTHLOOP_API_KEY": "al_live_..." }
}
}
}OpenClaw (openclaw.json):
{
"mcp": {
"servers": {
"authloop": {
"command": "npx",
"args": ["-y", "@authloop-ai/mcp"],
"env": { "AUTHLOOP_API_KEY": "al_live_..." }
}
}
}
}Tool: authloop_handoff
Hand off a login or auth challenge to a human who can resolve it remotely.
Input
| Parameter | Type | Required | Description |
|---|---|---|---|
service |
string |
Yes | Name of the service (e.g. 'HDFC NetBanking') |
cdp_url |
string |
Yes | CDP endpoint — HTTP (http://127.0.0.1:18800) or WebSocket URL. HTTP endpoints are auto-resolved via /json/version. |
context.url |
string |
No | Current page URL |
context.blocker_type |
string |
No | 'otp', 'password', 'captcha', 'security_question', 'document_upload', 'other' |
context.hint |
string |
No | Hint for the human |
Output
{
"session_url": "https://authloop.ai/session/sess_...",
"status": "resolved"
}Status is one of: resolved, cancelled, error, timeout.
How It Works
Agent MCP Server Relay Human
│ │ │ │
│ calls authloop_handoff │ │ │
│─────────────────────────→│ │ │
│ │ POST /session │ │
│ │────────────────────────→ │ │
│ │ connect WSS (instant) │ │
│ │────────────────────────→ │ │
│ │ │ viewer_connected │
│ │ ←────────────────────── │ ←───────────────── │
│ │ │ │
│ │ CDP screencast ──→ JPEG frames over WSS ──→ │
│ │ │ │
│ │ E2EE encrypted input over WSS ←───────── │
│ │ CDP dispatch ←──── │ │
│ │ │ │
│ │ { "type": "resolved" } ←──────────── │
│ │ POST /session/:id/resolve│ │
│ { status: "resolved" } │ │ │
│←─────────────────────────│ │ │- Agent calls
authloop_handoffwhen it hits an auth wall - MCP server creates a session via the AuthLoop API
- Agent sends the
session_urlto the human (Telegram, Slack, etc.) - MCP connects to the relay WebSocket immediately (no polling)
- Human opens the URL — relay notifies MCP instantly via
viewer_connected - MCP starts CDP screencast, JPEG frames stream to the human's browser
- Human sees the live browser, clicks and types
- All input is end-to-end encrypted (E2EE) and dispatched to the browser via CDP
- Human clicks "Done" to resolve or "Cancel" to abort — agent continues with the result
Security
End-to-End Encryption (E2EE)
All user input is end-to-end encrypted between the human's browser and the MCP server. The relay server cannot read what the human types or clicks.
- Key exchange: ECDH on P-256 curve
- Encryption: AES-256-GCM (12-byte IV, 16-byte auth tag)
- What's encrypted: all user input — keystrokes, clicks, scroll, paste, navigation, resolve/cancel
- What's NOT encrypted: frames (visible page content — screenshots only)
The key exchange happens automatically when the viewer connects — no configuration needed. No input is accepted until E2EE is established.
Transport Security
- All WebSocket connections use WSS (TLS encrypted)
- Session tokens are short-lived (10 minute TTL by default)
- Each session is isolated — tokens grant access to one session only
- No credentials are stored or logged by the MCP server
Debug Log Safety
Debug logs (DEBUG=authloop:*) never contain:
- API keys or tokens
- Decrypted keystroke content
- Shared secrets or private keys
- Raw message payloads
Supported Input
| Action | How |
|---|---|
| Click | Mouse click dispatched via CDP |
| Double-click | Double-click via CDP |
| Type characters | Keypress → CDP char event |
| Special keys | Backspace, Enter, Tab, arrows, Delete, F1-F12 with virtual key codes |
| Modifier combos | Ctrl/Cmd+A, Ctrl/Cmd+C, Shift+arrows, etc. |
| Paste | CDP Input.insertText — works on mobile too |
| Scroll | Mouse wheel via CDP |
| Back / Forward | Browser history navigation via CDP |
| Reload | Page reload via CDP |
Environment Variables
| Variable | Required | Description |
|---|---|---|
AUTHLOOP_API_KEY |
Yes | API key from authloop.ai/dashboard |
AUTHLOOP_BASE_URL |
No | Override API URL (default: https://api.authloop.ai) |
DEBUG |
No | Enable debug logs (e.g. authloop:*) |
Debug namespaces
DEBUG=authloop:* # everything
DEBUG=authloop:mcp # MCP server + tool calls
DEBUG=authloop:session # session lifecycle (create, connect, resolve)
DEBUG=authloop:stream # WebSocket frames + input events
DEBUG=authloop:cdp # CDP WebSocket commands/events
DEBUG=authloop:crypto # E2EE key exchange
DEBUG=authloop:sdk* # SDK HTTP clientBrowser Compatibility
Works with any Chromium-based browser exposing CDP:
- Chrome, Brave, Edge, Chromium
- OpenClaw managed browser profiles
- Remote CDP (Browserbase, Browserless)
- Local or remote — HTTP endpoints auto-resolved via
/json
Get an API Key
Sign up at authloop.ai — 25 free handoffs, no credit card required.
License
MIT