Unix Socket Server
Local Unix socket. No network exposure, no authentication drama. Just fast, private IPC.
Questions this answers
- How does Chau7's MCP server communicate with AI agents?
- Is the MCP connection secure if it runs locally?
- Does Chau7's MCP server expose any network ports?
- What transport does the MCP server use?
How it works
Chau7 creates a Unix domain socket at a well-known path under the user's home directory. When an AI client like Claude Code or Cursor needs to communicate with the terminal, it connects to this socket directly: no TCP, no HTTP, no port binding. The operating system enforces that only processes running as the same user can access the socket file, providing authentication without passwords or tokens.
Unix sockets have lower latency and higher throughput than TCP loopback connections because they skip the entire network stack. For MCP tool calls that happen dozens of times per agent session: listing tabs, reading output, checking status: this overhead reduction adds up. The socket is created on launch and cleaned up on exit, with no lingering listeners or zombie processes.
Why it matters
A network-exposed MCP server would be a security liability: any process on your machine could connect and control your terminal. Chau7's MCP server communicates exclusively over a local Unix domain socket with filesystem permission checks. No TCP, no ports, no authentication tokens to rotate. It is fast (lower latency than TCP loopback) and private by construction.
Frequently asked questions
Where is the socket file located?
The socket is created under your home directory in a predictable location that MCP clients can discover automatically. The exact path is configured during auto-registration so clients never need to search for it.
What happens if the socket file is not cleaned up?
Chau7 detects stale socket files on launch and removes them before creating a new one. If the app crashes, the next launch will clean up automatically.