MCP Foxxy Bridge Development

Expert assistant for developing and maintaining the MCP Foxxy Bridge project - a one-to-many Model Context Protocol (MCP) proxy server that aggregates multiple backend MCP servers through a single endpoint.

Project Overview

MCP Foxxy Bridge is a Python-based proxy server that:

Aggregates multiple MCP servers into a single endpoint

Provides HTTP/SSE client endpoints with namespacing to prevent conflicts

Supports OAuth 2.0 + PKCE authentication with auto token management

Implements environment variable expansion and secure command substitution

Features auto-retry, failover, and health monitoring with exponential backoff

Exposes REST API on port 9000 for server management

Development Workflow

Setup and Execution

1. **Initial setup:**

```bash

uv sync

```

2. **Run the bridge:**

- Primary: `uv run foxxy-bridge --bridge-config config.json`

- Alias: `uv run mcp-foxxy-bridge`

- Legacy: `uv run -m mcp_foxxy_bridge`

- Debug mode: Add `--debug` flag

3. **Testing:**

- Run all tests: `pytest`

- Verbose: `pytest -v`

- Specific test: `pytest tests/test_config_loader.py`

- Coverage: `coverage run -m pytest && coverage report`

4. **Code quality:**

- Check: `ruff check`

- Format: `ruff format`

- Fix issues: `ruff check --fix`

- Type check: `mypy src/`

- Full lint: `ruff check --fix && mypy src/`

Security Considerations

**CRITICAL:** Follow these security rules:

Enable command substitution only when needed: `--allow-command-substitution`

NEVER use `--allow-dangerous-commands` in production

Command substitution requires explicit `allowed_commands` whitelist in config

OAuth verification enabled by default (`verify_ssl: true`)

Use environment variables for sensitive data when possible

Validate all configuration changes against the schema

Commit Conventions

Use enhanced conventional commits for granular release control:

**Features:**

`feat(major):` → minor release (significant features, e.g., 1.5.0)

`feat(minor):` → patch release (incremental features, e.g., 1.4.1)

`feat!:` → major release (breaking changes, e.g., 2.0.0)

`feat:` → minor release (default features)

**Fixes:**

`fix(security):` → minor release (security fixes, e.g., 1.4.5)

`fix(critical):` → minor release (critical fixes, e.g., 1.4.4)

`fix(major):` → minor release (major bug fixes)

`fix:` → patch release (standard fixes, e.g., 1.4.3)

**Scopes:** cli, core, api, bridge, oauth, config, server, client, auth, logging

**Examples:**

```

feat(major): add environment variable expansion

fix(security): resolve token exposure vulnerability

fix(server): resolve case-sensitivity issues

feat(minor): enhance CLI output formatting

```

Architecture

Core Components

**Key Files:**

`mcp_server.py` - HTTP/SSE client endpoints

`bridge_server.py` - MCP protocol & tool aggregation

`server_manager.py` - Backend server lifecycle management

`config_loader.py` - Config parsing, env expansion, security validation

`sse_client_wrapper.py` - OAuth-aware SSE client

`oauth/` - OAuth 2.0 + PKCE implementation

**Request Flow:**

```

Client → SSE endpoint → Bridge aggregates → Server Manager routes → Backend server → Response

```

**Design Patterns:**

`AsyncExitStack` for async resource lifecycle management

Namespacing prevents tool/resource conflicts across servers

Auto-retry with exponential backoff for health monitoring

Command substitution security validation before execution

OAuth 2.0 + PKCE with automatic token management and refresh

**Server States:**

CONNECTING → CONNECTED → FAILED/DISCONNECTED/DISABLED

API Endpoints (Port 9000)

**Status & Monitoring:**

`/status` - Overall bridge status

`/sse/servers` - List all configured servers

`/sse/tags` - List all server tags

`/sse/mcp/{server}/status` - Individual server status

**Tools & Resources:**

`/sse/list_tools` - List all aggregated tools

`/sse/mcp/{server}/list_tools` - Tools from specific server

`/sse/tag/{tags}/list_tools` - Tools from tagged servers

- Tag syntax: `tag/dev+local` (AND), `tag/web,api` (OR)

**Management:**

POST `/sse/mcp/{server}/reconnect` - Reconnect server

`/sse/tools/rescan` - Rescan available tools

**OAuth:**

`/oauth/{server}/status` - OAuth authentication status

**Health Operations:**

list_tools, list_resources, list_prompts, call_tool, read_resource, get_prompt, ping, health, status

Configuration

Basic Configuration

**Minimal example (config.json):**

```json

{

"servers": {

"filesystem": {

"command": "npx",

"args": ["-y", "@modelcontextprotocol/server-filesystem", "./"]

}

```

**With security and OAuth:**

```json

{

"servers": {

"secure-app": {

"command": "npx",

"args": ["-y", "@modelcontextprotocol/server-github"],

"env": {"GITHUB_TOKEN": "$(op read op://Private/GitHub/token)"},

"oauth": {

"enabled": true,

"issuer": "https://auth.atlassian.com",

"verify_ssl": true

}

"bridge": {

"allow_command_substitution": true,

"allowed_commands": ["op", "vault"],

"oauth_port": 8090

}

```

Configuration Features

**Environment expansion:** `${VAR}` syntax for environment variables

**Command substitution:** `$(cmd)` for secure command output (requires whitelist)

**Conflict resolution:** Automatic namespace management

**Failover strategies:** Auto-retry with exponential backoff

**Keep-alive:** Configurable intervals/timeouts with auto-restart on failure

**OAuth:** Issuer discovery, secure token storage, auto-refresh

**IMPORTANT:** Always update configuration schema when modifying config management.

Testing

Framework: `pytest` with `pytest-asyncio`

Test directory: `tests/`

Configuration: `asyncio_mode = "auto"`

Test server port: 9090 (reserved for future testing)

Development Rules

**CRITICAL RULES:**

1. **Never add emojis to logs** - logging module handles formatting

2. **Never add manual OAuth mappings** - dynamic OAuth must remain dynamic, no hardcoded overrides

3. **Always specify timeout/background** when running bridge to avoid hanging

4. **Update configuration schema** whenever config management changes

5. **Use Read tool** before modifying existing files

6. **Prefer Edit over Write** for existing files

Known Issues & Backlog

Current Bugs

**Config reload bug:**

Issue: `mcp restart` doesn't reload configuration from disk, uses cached in-memory config

Location: `/sse/mcp/{server}/reconnect` API endpoint

Solution needed: Implement config reload in reconnect endpoint

**Bearer token OAuth:**

Status: Incomplete

Goal: HTTP OAuth using Bearer tokens instead of SSE OAuth flow

Target: HTTP/streamablehttp transports

Future Improvements

**v1.5.0 - Process Isolation (chroot):**

**Goal:** Per-server filesystem isolation

**Benefits:** Isolated environments, reduced attack surface, defense-in-depth

**Implementation:** Platform-specific chroot (Linux/macOS/Windows), config validation, error handling

**Priority:** High (security) | **Complexity:** High (OS-level)

**Auth Migration to mcp-auth:**

**Current:** Custom OAuth 2.0 + PKCE (working)

**Migration phases:**

1. Server auth integration

2. Replace client code

3. Context-based tokens

**Benefits:** OAuth 2.1 (RFC 9728), provider-agnostic, `TokenVerifier` protocol, auto-discovery

**References:**

- [mcp-auth/python](https://github.com/mcp-auth/python)

- [mcp-auth.dev](https://mcp-auth.dev/docs)

Instructions for AI Assistant

When working on this project:

1. **Before any code changes:**

- Use Read tool to examine existing code

- Check related test files

- Verify configuration schema impact

2. **For feature additions:**

- Follow conventional commit format with appropriate scope

- Add tests in `tests/` directory

- Update configuration schema if needed

- Consider security implications

- Never add manual overrides for dynamic systems

3. **For bug fixes:**

- Identify root cause before proposing solution

- Check if issue affects configuration management

- Update tests to prevent regression

- Use appropriate fix scope (security/critical/major)

4. **Code quality:**

- Run `ruff check --fix && mypy src/` before committing

- Ensure all tests pass with `pytest`

- Follow existing async patterns (AsyncExitStack)

- Maintain namespacing for conflict prevention

5. **Security:**

- Never enable dangerous commands in production code

- Validate all external input

- Use environment variables for secrets

- Maintain OAuth SSL verification by default

MCP Foxxy Bridge Development

MCP Foxxy Bridge Development

Project Overview

Development Workflow

Setup and Execution

Security Considerations

Commit Conventions

Architecture

Core Components

API Endpoints (Port 9000)

Configuration

Basic Configuration

Configuration Features

Testing

Development Rules

Known Issues & Backlog

Current Bugs

Future Improvements

Instructions for AI Assistant

Reviews (0)