Labsco
tokenscompany logo

Pocketbase

โ˜… 3

from tokenscompany

Allow your agent to connect to Pocketbase with ease.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedFreeAdvanced setup

pocketbase-mcp

Remote MCP server that connects any MCP client to a PocketBase instance over stateless HTTP.

Self-hosting

Bun

bun install
bun run src/index.ts

The server listens on PORT (default 3000).

Docker (GHCR)

docker pull ghcr.io/tokenscompany/pocketbase-mcp:latest
docker run -p 3000:3000 ghcr.io/tokenscompany/pocketbase-mcp:latest

Or build locally:

docker build -t pocketbase-mcp .
docker run -p 3000:3000 pocketbase-mcp

Verifying the image

Every image published to GHCR includes SLSA provenance attestation. You can verify that an image was built from this repository:

gh attestation verify oci://ghcr.io/tokenscompany/pocketbase-mcp:latest \
  --owner tokenscompany

Authentication

Every request to POST /mcp must include X-PB-URL and one of two auth methods:

HeaderDescription
X-PB-URLBase URL of your PocketBase instance
X-PB-EmailSuperuser email
X-PB-PasswordSuperuser password

The server authenticates against PocketBase on each request. No manual token management needed.

Option 2: Token

HeaderDescription
X-PB-URLBase URL of your PocketBase instance
X-PB-TokenSuperuser auth token

To get a token manually:

curl -X POST https://your-pb.example.com/api/admins/auth-with-password \
  -H 'Content-Type: application/json' \
  -d '{"identity":"admin@example.com","password":"your-password"}'

The token field in the response is your X-PB-Token. If both token and email+password are provided, the token takes priority.

Tools

ToolDescription
pb_healthPocketBase health check
pb_list_collectionsList all collections with full field schemas
pb_get_collection_schemaGet a single collection's full schema
pb_create_collectionCreate a new collection
pb_update_collectionUpdate a collection's schema or rules
pb_delete_collectionDelete a collection
pb_import_collectionsBulk import/overwrite collection schemas
pb_list_recordsList/search records in a collection
pb_get_recordGet a single record by ID
pb_create_recordCreate a new record
pb_update_recordUpdate an existing record
pb_delete_recordDelete a record by ID
pb_list_backupsList available backups
pb_create_backupCreate a new backup
pb_delete_backupDelete a backup by key
pb_get_file_urlGet download URL for a file field
pb_get_settingsGet app settings
pb_update_settingsUpdate app settings
pb_list_logsQuery request logs

Resources

ResourceURIDescription
schemapocketbase://schemaAll collection schemas as JSON

Security & Privacy

This server is fully stateless โ€” it does not store, log, or retain any of your data:

  • No database, no disk writes โ€” each request creates a fresh MCP server and transport in memory, processes it, and discards everything. Nothing is written to disk.
  • No credential storage โ€” your X-PB-URL, X-PB-Token, X-PB-Email, and X-PB-Password headers are used for the duration of the request and never persisted, cached, or logged.
  • No telemetry or analytics โ€” the server collects zero usage data. No third-party services are contacted.
  • No sessions โ€” there are no cookies, no session IDs, and no server-side state between requests.
  • Open source โ€” the entire codebase is MIT-licensed. Every Docker image includes SLSA provenance attestation, so you can verify it was built directly from this repository with no modifications.
  • Self-host it yourself โ€” for maximum control, run your own instance. The server is a single container with no external dependencies beyond your PocketBase instance.

Hardening

When hosting a public instance, the server includes several additional measures:

  • SSRF protection โ€” X-PB-URL is validated: only http/https schemes are allowed, and hostnames that resolve to private/reserved IP ranges (127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16, ::1, fc00::/7, fe80::/10) are rejected.

  • Rate limiting โ€” in-memory token-bucket per IP. Configurable via environment variables:

    VariableDefaultDescription
    RATE_LIMIT_RPM60Requests per minute per IP
    RATE_LIMIT_BURST10Max burst size
  • CORS โ€” Access-Control-Allow-Origin: * with preflight support on /mcp.

  • Body size limit โ€” requests larger than 1 MB are rejected with 413.

Endpoints

MethodPathDescription
POST/mcpMCP endpoint (stateless, JSON responses)
GET/healthHealth check