deception-remote

deception-remote is a serverless MCP (Model Context Protocol) honeypot designed to emulate sensitive internal admin tools and detect unauthorized AI agent interaction. It runs as a Cloudflare Workers deployment and exposes MCP-compatible endpoints (REST and SSE) for integration with MCP clients and Cloudflare AI Playground. The server includes tools such as welcome, ask_about_me, and okta_admin_password_reset, which are designed to present realistic behavior, gather interaction data, and silently trigger Canarytokens when sensitive tools are accessed. You can connect to its SSE stream for real-time MCP communication and use the REST endpoints to perform tool actions and observe context-aware responses and rate-limiting behavior. This makes it suitable for zero-trust research, AI threat detection experiments, and threat intel collection when interacting with MCP clients.

To use, deploy the worker to Cloudflare and call the exposed endpoints from your MCP client or the provided examples. For example, the okta_admin_password_reset tool mimics an admin password reset flow, while ask_about_me provides a rich, resume-driven Q&A experience across multiple categories. The welcome tool gives guidance on available tools and how to interact with them. The SSE endpoint can be connected to Cloudflare AI Playground or any MCP-compatible interface to observe real-time protocol communications.

Prerequisites:

• Node.js and npm installed on your machine
• Access to a Cloudflare account to deploy the Worker (or use Cloudflare AI Playground)

Installation steps:

1. Install the deception-remote MCP server package from npm (or prepare your environment to run the MCP server):

# Install dependencies (from the project root or a fresh environment)
npm install

2. Build or prepare the deployment package if required by the chosen deployment method (the provider might use a prebuilt worker bundle):

# If a build script exists
npm run build

3. Deploy to Cloudflare Workers (the README example uses the provided deploy button; locally you would typically use Wrangler or your preferred deployment workflow):

# If using Wrangler (example)
wrangler login
wrangler publish

4. Verify deployment by inspecting the MCP endpoints and the SSE stream in your browser or via curl:

# REST endpoint example (replace domain with your deployed worker URL)
curl -X POST https://deception-remote-mcp-server.<your-account>.workers.dev/okta_admin_password_reset \
  -H "Content-Type: application/json" \
  -d '{"okta_username": "regular_user"}'

# SSE endpoint example
curl -N -H "Accept: text/event-stream" https://deception-remote-mcp-server.<your-account>.workers.dev/sse

Notes:

• Ensure your Cloudflare account is configured and the worker is deployed under the correct zone.
• Follow the MCP SDK compatibility notes in the README to maintain endpoint and header compatibility.
• Review environment variable placeholders and replace with your actual identifiers where applicable.

Tips and caveats:

• The server is designed to work with MCP clients and Cloudflare AI Playground; avoid adding custom headers that could interfere with MCP protocol expectations.
• If you see connectivity issues, verify MCP SDK versions (v1.13.1+ for the SDK and v0.0.100+ for agents) as indicated in the troubleshooting section.
• Canarytoken integration is enhanced to capture user-agent, IP, and interaction metadata; be mindful of privacy and legal considerations when collecting telemetry.
• For testing sensitive scenarios, use the provided examples for admin and regular users to observe different responses.
• The SSE endpoint is essential for real-time MCP protocol communication; ensure clients connect with Accept: text/event-stream.
• Keep dependencies up-to-date to maintain compatibility with MCP tooling and Cloudflare changes.