Ensure mcpgateway cli listens on 127.0.0.1 by default

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

Author: crivetimihai

README.md

@@ -63,11 +63,11 @@ python3 -m venv .venv
 # Install mcp-contextforge-gateway
 pip install mcp-contextforge-gateway
 
-# Run mcpgateway with default options, listening on port 4444 with admin:changeme
-mcpgateway
+# Run mcpgateway with default options (binds to 127.0.0.1:4444) with admin:changeme
+mcpgateway  # login to http://127.0.0.1:4444
 
-# Optional: run in background with configured password/key - login at http://127.0.0.1:4444/admin
-BASIC_AUTH_PASSWORD=password JWT_SECRET_KEY=my-test-key mcpgateway --host 127.0.0.1 --port 4444 & bg
+# Optional: run in background with configured password/key and listen to all IPs
+BASIC_AUTH_PASSWORD=password JWT_SECRET_KEY=my-test-key mcpgateway --host 0.0.0.0 --port 4444 & bg
 
 # List all options
 mcpgateway --help
@@ -116,6 +116,10 @@ curl -H "Authorization: Bearer $MCPGATEWAY_BEARER_TOKEN" http://localhost:4444/s
 curl -H "Authorization: Bearer $MCPGATEWAY_BEARER_TOKEN" http://localhost:4444/servers/1
 
 # You can now use http://localhost:4444/servers/1 as an SSE server with the configured JWT token in any MCP client
+
+# To stop the running process, you can either:
+fg # Return the process to foreground, you can not Ctrl + C, or:
+pkill mcpgateway
 ```
 
 See [.env.example](.env.example) for full list of ENV variables you can use to override the configuration.
@@ -658,6 +662,7 @@ echo ${MCPGATEWAY_BEARER_TOKEN}
 
 # Quickly confirm that authentication works and the gateway is healthy
 curl -s -k -H "Authorization: Bearer $MCPGATEWAY_BEARER_TOKEN" https://localhost:4444/health
+# {"status":"healthy"}
 
 # Quickly confirm the gateway version & DB connectivity
 curl -s -k -H "Authorization: Bearer $MCPGATEWAY_BEARER_TOKEN" https://localhost:4444/version | jq

mcpgateway/cli.py

@@ -17,7 +17,7 @@
 ─────────
 * Injects the default FastAPI application path (``mcpgateway.main:app``)
   when the user doesn't supply one explicitly.
-* Adds sensible default host/port (0.0.0.0:4444) unless the user passes
+* Adds sensible default host/port (127.0.0.1:4444) unless the user passes
   ``--host``/``--port`` or overrides them via the environment variables
   ``MCG_HOST`` and ``MCG_PORT``.
 * Forwards *all* remaining arguments verbatim to Uvicorn's own CLI, so
@@ -26,7 +26,7 @@
 Typical usage
 ─────────────
 ```console
-$ mcpgateway --reload                 # dev server on 0.0.0.0:4444
+$ mcpgateway --reload                 # dev server on 127.0.0.1:4444
 $ mcpgateway --workers 4              # production-style multiprocess
 $ mcpgateway 127.0.0.1:8000 --reload  # explicit host/port keeps defaults out
 $ mcpgateway mypkg.other:app          # run a different ASGI callable
@@ -45,7 +45,7 @@
 # Configuration defaults (overridable via environment variables)
 # ---------------------------------------------------------------------------
 DEFAULT_APP = "mcpgateway.main:app"  # dotted path to FastAPI instance
-DEFAULT_HOST = os.getenv("MCG_HOST", "0.0.0.0")
+DEFAULT_HOST = os.getenv("MCG_HOST", "127.0.0.1")
 DEFAULT_PORT = int(os.getenv("MCG_PORT", "4444"))
 
 # ---------------------------------------------------------------------------

mcpgateway/config.py

@@ -75,7 +75,7 @@ class Settings(BaseSettings):
     token_expiry: int = 10080  # minutes
 
     #  Encryption key phrase for auth storage
-    auth_encryption_secret: str = "my-test-key"
+    auth_encryption_secret: str = "my-test-salt"
 
     # UI/Admin Feature Flags
     mcpgateway_ui_enabled: bool = True