logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

privateGPT-Context-Protocol-Gateway

Facilitates secure interfacing of privateGPT's knowledge retrieval and reasoning engine with applications adhering to the Model Context Protocol (MCP) standard, facilitating managed access to data assets and conversational flows.

Author

privateGPT-Context-Protocol-Gateway logo

Fujitsu-AI

MIT License

Quick Info

GitHub GitHub Stars 5
NPM Weekly Downloads 0
Tools 1
Last Updated 2026-02-19

Actions

GitHub View on GitHub

Tags

privategptmcpapisprivategpt mcpintegrates privategptrequests fujitsu

Table of Contents

privateGPT MCP Endpoint

A Model Context Protocol (MCP) server implementation that allows you to utilize privateGPT as an agent for your preferred MCP client. This enables seamless integration between privateGPT's powerful capabilities and any MCP-compatible application.

Understanding MCP

MCP is an open protocol that standardizes how applications provide context to LLMs. Think of MCP like a USB-C port for AI applications. Just as USB-C provides a standardized way to connect your devices to various peripherals and accessories, MCP provides a standardized way to connect AI models to different data sources and tools.

Rationale for MCP Adoption

MCP assists in constructing agents and sophisticated operational sequences leveraging LLMs. LLMs frequently necessitate integration with data and apparatus; MCP furnishes: - A developing registry of pre-configured integrations accessible directly by the LLM - The adaptability to seamlessly swap between different LLM vendors and service providers - Established protocols for maintaining the security of your information within your established IT architecture

The Role of Intermediary Agents

At its foundation, MCP employs a client-server topology where a primary application can establish connections with several servers:

  • MCP Adopters (Hosts): Software such as primary applications, desktop environments, IDEs, or AI utilities seeking contextual data via MCP
  • Protocol Clients: Components maintaining dedicated 1:1 links with designated servers
  • Protocol Servers (Gateways): Minimalistic programs each exposing distinct functionalities via the unified Model Context Protocol
  • Local Data Repositories: Proprietary file systems, databases, and internal services securely accessible by MCP Gateways
  • External Network Services: Remote systems accessible via public interfaces (e.g., REST APIs) that MCP Gateways can interface with

General Summary

This gateway component establishes a connective bridge between MCP clients and the privateGPT API, granting capabilities such as: - Conversing with privateGPT while utilizing both publicly accessible and proprietary knowledge repositories - Provisioning and lifecycle management of knowledge assets - Structuring assets into defined cohorts for access control - Applying access governance through cohort-based authorizations

Why Agents

An agent in relation to LLMs (Large Language Models) and MCP servers is a specialized software component that acts as an intermediary between language models and applications. It handles tasks such as processing requests, interacting with the LLM via MCP, managing workflows, ensuring security and efficiency within the overall system, and much more. By utilizing agents, complex AI-based applications can be designed to be effective, secure, and scalable. The code for agents in this repository can be used to implement it into own solutions / applications.

Interplay: Agents, LLMs, and MCP Gateways

The interaction of these components enables the development of powerful, scalable, and secure AI applications. Below is a simplified scenario that illustrates this interaction:

  1. User Initiation Signal: A user transmits an inquiry via an interface hosted on the MCP gateway.
  2. Agent Pre-processing & Validation: An agent within the gateway receives the transmission, validates its structure, and prepares it for the LLM interface.
  3. Engagement with the Language Model: The agent relays the prepared request to the LLM, which subsequently formulates a reply.
  4. Post-processing of Results: The agent accepts the LLM's output, performs any necessary subsequent manipulation (e.g., formatting, integration with external data), and transmits the final result back to the user.
  5. Security Monitoring and Auditing: Throughout this sequence, the agent maintains vigilance over all interactions, enforces mandated security protocols, and records relevant transaction data for subsequent review.

Benefits of Incorporating Agents

  • System Decomposition (Modularity): Agents promote a clear segregation of functional duties, resulting in a system architecture that is simpler to maintain and scale.
  • Safeguarding Data (Security): Centralized oversight of access permissions and activity logging aids in minimizing potential security vulnerabilities.
  • Optimized Performance (Efficiency): Automated agents can execute required tasks with greater speed and consistency compared to manual procedures.
  • Adaptability (Flexibility): Agents are designed for straightforward modification or extension to support emerging functionalities or evolving business prerequisites.

Importance of Encrypting Passwords

In any application handling sensitive data, security is paramount. This server manages two critical sets of credentials: 1. Proxy Headers: Utilized by entities such as HAProxy for traffic authorization and governance. 2. LLM Access Passwords: Employed to secure access to the large language models.

Storing these passwords in plaintext poses significant security risks, including unauthorized access and potential data breaches. To mitigate these risks, it is essential to encrypt these passwords and handle only their ciphertext within the system.

Benefits of Using Ciphertext Only

  • Enhanced Security: Even if an attacker gains access to the configuration files or environment variables, encrypted passwords remain unintelligible without the corresponding decryption keys.
  • Compliance: Encryption helps in adhering to security standards and regulations that mandate the protection of sensitive information.
  • Integrity: Ensures that passwords cannot be tampered with, maintaining the integrity of the authentication mechanisms.

Security

The following security features are implemented to ensure data protection and secure communication between the client application and server. These features cover encryption, decryption, key management, and transport security.

1. Secure Transmission via TLS

  • To secure communication between the client and server, TLS can be activate. All data transmitted between the client and server is encrypted using TLS (minimum version 1.2).

Why Should TLS Be Enabled Between Client and Server?

a. Encryption of Communication

  • TLS (Transport Layer Security) ensures that all data transmitted between the client and server is encrypted. This protects sensitive information such as passwords, credit card details, and personal data from eavesdropping attacks (Man-in-the-Middle attacks).

b. Data Integrity

  • TLS guarantees that the transmitted data remains unchanged and unaltered. The integrity check ensures that the received data is exactly as it was sent.

c. Authentication

  • TLS enables secure authentication of the server (and optionally the client) through digital certificates. This prevents users from falling victim to phishing attacks on fake websites.

d. Protection Against Man-in-the-Middle Attacks

  • TLS encrypts the connection, making it nearly impossible for attackers to intercept or manipulate traffic. Without TLS, attackers could capture and modify data packets.

e. Compliance with Security Standards and Regulations

  • Many regulatory requirements (e.g., GDPR, PCI-DSS) mandate secure data transmission. TLS is a fundamental component of these security requirements.

f. Prevention of Downgrade and Replay Attacks

  • TLS protects against attacks that attempt to downgrade a connection to an insecure version (downgrade attacks) or replay previously valid requests (replay attacks).

Conclusion

Enabling TLS between client and server is essential to ensure data privacy, security, and communication integrity. It not only protects sensitive information but also helps meet compliance requirements and increases user trust.

2. Credential Obfuscation

Passwords can be encrypted using RSA (Rivest–Shamir–Adleman) public-key cryptography. This ensures that sensitive data, such as user passwords, are never transmitted in plaintext.

Method

  • Public key encryption with a 2048-bit key length.
  • Padding: RSA_PKCS1_PADDING to enhance security and prevent known padding attacks.

Process

  1. The server administrator encrypts the client's password using the server's public key (id_rsa_public.pem) by executing node security/generate_encrypted_password.js ~/.ssh/id_rsa_public.pem and hand out the encrpyted password to the client.
  2. Alternatively: The client encrypts the password using the server's public key (id_rsa_public.pem) by using the keygen - Function. Therefore the function has to be enabled in the server's config (privateGPT.env.json). Important: Using this function also means transmitting data via the network. Therefore, make sure that the data traffic is secure and cannot be intercepted.
  3. Finally, the encrypted password is sent to the server, where it is decrypted using the server's private key.

Advantages

  • Asymmetric encryption ensures that only the server can decrypt the password.
  • Even if the communication channel is compromised, encrypted data remains secure.

3. Cryptographic Asset Governance

To secure data communication and encryption processes, the following key management principles are followed:

Public Key

  • Stored securely on the server (id_rsa.pub).
  • Used only for encryption and does not pose a security risk if exposed.

PEM Key

  • Stored securely on the server (id_rsa_public.pem).
  • Has to be created by using the public cert (see: Server Configuration)

Private Key

  • Stored securely on the server (id_rsa).
  • Restricted access with appropriate file permissions (chmod 600).
  • Used exclusively for decryption operations.

Key Rotation

  • Keys can be rotated periodically or upon detection of a security incident. Important: if these are reissued, the clients or AI agents immediately lose access to the MCP server and require a new RSA key (encrypted password)!
  • Old keys are securely invalidated.

4. Server-Side De-obfuscation

Decryption is exclusively performed on the server using the private key:

Process

  1. The server receives the encrypted password from the client.
  2. The private key decrypts the password to retrieve the original plaintext.
  3. The decrypted password is used internally (e.g., authentication) and never stored in plaintext.

Secure Handling

  • Decrypted passwords exist in memory only for the duration of processing.
  • Secure memory management practices ensure sensitive data is cleared immediately after use.

Certificate Validation

  • Certificates are validated on both sides to ensure the authenticity of the server and client.
  • Optionally, mutual TLS can be enabled for enhanced security.

5. Access Vouchers

Tokens are used to authenticate requests and ensure only authorized users can access the system:

Token Management

  • Tokens are generated upon successful login.
  • They are short-lived and automatically expire after a predefined time.
  • Tokens are signed using HMAC or RSA, making them tamper-proof.

6. Control over Key Generation Utilities

To prevent misuse of the system, key generation (keygen) is restricted:

Configuration

  • The server has a configuration option (ALLOW_KEYGEN) to enable or disable key generation.
  • Attempts to call the keygen function when disabled result in an error message.

Audit Logging

  • All keygen operations are logged for auditing and monitoring purposes.

7. Certificate-Based Access Control (CBAC)

  • As the agent does not require a password when certificate authentication is activated and logs on to the server using a key, it is automatically locked to this server. If it would want to log in to another MCP privateGPT server, this login attempt is rejected as the key is checked against the server's private certificate.

Features

  • Functions such as keygen, store_user, and edit_source are only accessible to authorized roles.
  • Unauthorized access attempts are denied with detailed error messages.

Configuration

  • Enabled or disabled functions can be specified in the server's configuration (Functions object).

8. Configuration Hardening

The server configuration contains several security-related options:

SSL_VALIDATE

  • Validates SSL/TLS certificates to ensure secure communication.
  • Can be enabled or disabled based on environment requirements (e.g., testing vs. production).

PW_ENCRYPTION

  • Enables or disables password encryption.
  • Ensures compatibility in environments where encryption is not feasible.

9. Event Recording and Oversight

All security-related events are logged for monitoring and troubleshooting:

Logged Events

  • Failed login attempts.
  • Key generation requests.
  • Unauthorized access attempts.
  • Encryption and decryption errors.

Consolidated Security View

The implemented security features ensure:

  • Confidentiality of sensitive data through encryption and secure transport.
  • Integrity of operations using robust key management and token validation.
  • Role-based and configurable access control for system functions.
  • Comprehensive monitoring for proactive detection and response to security threats.

These measures collectively provide a secure environment for client-server communication and data handling.

Functionality Summary for privateGPT Gateway

The privateGPT Server offers a robust set of features designed to provide efficient, flexible, and secure communication with the Model Context Protocol (MCP). Below is an overview of the key features and functionalities available in the server.

Key Features

1. Identity Verification & Entitlement

  • Login Capability: Authenticate users via credentials to provision access tokens.
  • Logout Capability: Effectively invalidate active user tokens to terminate sessions.

2. Dialogue Session Oversight

  • Initiate Dialogue: Commence a session with the gateway, optionally invoking public repositories or specific cohort contexts.
  • Resume Dialogue: Continue an existing exchange by supplying the session ID and a subsequent message.
  • Retrieve Dialogue Metadata: Obtain descriptive information and message transcripts for a designated session ID.
  • Purge All Dialogues: Erase all preceding session logs for the active user account (dialogue history).
  • Purge Dialogue: Erase the active session log for the user.

3. Cohort Structuring

  • List Cohorts: Review personalized and assignable groups available to the user.
  • Establish Cohorts: Introduce new groups, defining their nomenclature and descriptions for organizational clarity.
  • Remove Cohorts: Decommission existing groups (contingent upon configuration enablement).

4. Contextual Asset Administration

  • Provision Assets: Introduce novel assets, specifying their content, and linking them to particular cohorts.
  • Modify Assets: Update existing assets with fresh content or metadata attributes.
  • Retire Assets: Eliminate assets that are no longer required.
  • Query Asset Details: Retrieve specifications for a particular asset identified by its unique ID.
  • Enumerate Assets: View all assets associated with a specified cohort.

5. Account Lifecycle Management

  • Provision Accounts: Register novel users, defining their requisite roles, group affiliations, and system settings.
  • Modify Accounts: Update user details, including names, electronic mail, credentials, and roles.
  • Decommission Accounts: Remove users from the system (contingent upon configuration enablement).
  • Reactivate Account: Restore functionality for a previously suspended user entity.

6. Configuration Parameterization

  • Function Toggling: Globally enable or disable discrete gateway operations via the configuration file (.env).
  • Localization Support: Customize the gateway's systemic prompts to your preferred vernacular (e.g., English or German).
  • SSL Validation: Toggle certificate validation for secure gateway connections.

7. Exception Reporting and Audit Trail

Detailed error diagnostics and logging are provided for: - Malformed transmissions - Authentication denials - API communication faults - Configurable feedback when attempting to access a disabled operation.

8. Protective Measures

  • Token-Based Identity Check: Guarantees secure and regulated access to gateway functionalities.
  • Constrained Cohort Access: Option to restrict access to assignableGroups for heightened data separation.

Practical Application Scenarios

  1. Client Support Operations: Leverage dialogue functionalities to construct advanced, responsive conversational systems.
  2. Data Repository Governance: Administer and retrieve structured data by managing assets and their cohort affiliations.
  3. Multi-Party Workflow Coordination: Create, revise, and assign users to cohorts for collaborative process execution.
  4. Feature Customization: Activate only the capabilities essential for your intended application.

Operational Guidance

  1. Copy the template configuration file privateGPT.env.json.example to privateGPT.env.json using a command like cp .\privateGPT.env.json.example .\privateGPT.env.json e.g. with cp .\privateGPT.env.json.example .\privateGPT.env.json
  2. Parameterize the gateway by modifying the privateGPT.env.json file.
  3. Initiate the gateway using the supplied execution script.
  4. Interface with the gateway via programmatic calls (API) to utilize its suite of features.

Consult the API Specification Document for granular operational instructions and feature demonstrations pertaining to each interface endpoint.

The privateGPT Gateway serves as a potent utility for governing structured discourse and data within a customizable operational domain. Tailor its features to meet your specific requirements for peak efficacy and operational command.

Deployment Procedure

  1. Retrieve the repository source code: bash git clone https://github.com/privateGPT-dev/MCP-Server-for-MAS-Developments.git cd MCP-Server-for-MAS-Developments

Decision Point: Manual Setup or Automated Execution.

Manual step-by-step Deployment

  1. Install the Node Package Manager (npm), for example: bash sudo apt install npm

  2. Acquire Required Libraries bash npm install

  3. Compile Application Artifacts: bash npm run build

or Automated Execution

  1. Grant execution rights to InstallMPCServer.sh (Linux): bash sudo chmod +x InstallMPCServer.sh

  2. Run the Utility Script; completion confirmation is required. Monitor output for any reported anomalies. bash ./InstallMPCServer.sh

Configuration Directives

Proxy Layer Directives

This section elucidates the settings contained within the Proxy_Config structure utilized by the system.

Proxy Engagement

If an intermediary proxy is engaged, an authentication Header must be specified for that Proxy mechanism.

Key Description Example Value
USE_PROXY Determines whether the application should route true
requests through a proxy server.

Illustration of configuration for an HAProxy backend. Only transmissions bearing the identifier 1234567890ABCDEFHIJ within the header will be permitted:

bash backend mcpserver.mydomain.com acl valid_header req.hdr(X-Custom-Header) -m str "1234567890ABCDEFHIJ" http-request deny unless valid_header http-request del-header X-Custom-Header server stable 172.16.123.4:443 ssl verify none

Header Obfuscation Status

Key Description Example Value
HEADER_ENCRYPTED Indicates if the custom proxy access header is encrypted. true
  • "true": The access identifier header is obfuscated. Utilize the obfuscation utility located in the security directory on the gateway to encrypt the Header.
  • "false": The access identifier header is transmitted as clear text.

Access Identifier Header

The specific value of the custom header employed for proxy authentication or access throttling. If HEADER_ENCRYPTED is set to "true", this value must be de-obfuscated prior to utilization.

Key Description Example Value
ACCESS_HEADER Used for proxy authentication or access control. 123abc..

Important Notices

  • Ensure that ACCESS_HEADER is appropriately secured if HEADER_ENCRYPTED is set to "true".
  • Verify proxy server parameters meticulously to prevent connectivity interruptions.

Server Runtime Parameters

For establishing secure certificate-based identity verification, generate a configuration file (e.g., privateGPT.env.json) containing your privateGPT credentials. Settings can be adjusted within the .env file to tailor the gateway and its resident functionalities.

Generate the requisite cryptographic keys (if SSH keys are absent, use ssh-keygen -t rsa), and extract the .pem files as follows: bash ssh-keygen -p -m PEM -f ~/.ssh/id_rsa ssh-keygen -f ~/.ssh/id_rsa.pub -e -m PEM > ~/.ssh/id_rsa_public.pem

Following this procedure, you are capable of producing Ciphertext representations of credentials via the Credential Obfuscation Utility and validating the cipher using the Credential De-obfuscation Utility. Refer to the Security chapter within this document for a detailed explanation of the process.

Subsequently, you must furnish the SSL/TLS certificates server.crt and server.key to ensure all communication with clients and agents is encrypted. If you elect to employ self-signed certificates, they can be generated by executing a command such as the following: bash openssl req -x509 -newkey rsa:2048 -nodes -keyout server.key -out server.crt -days 365 -subj "/CN=localhost"

Note: Clients and agents possess the capability to detect the use of self-signed certificates, which are generally considered less trustworthy than official certificates where organizational verification is present. Nevertheless, clients and agents can consent to transactions using these certificates via the appropriate configuration setting (consult the description of the relevant client/agent parameters).

Below is a sample .env configuration file for the privateGPT server, including descriptions for each setting. Customize these values to fit your environment and requirements.

Communication Port

Key Description Example Value
PORT The port on which the MCP server runs. 5000

Localization Setting

The system natively supports: de, en, pt, es, nl, fr. Any language can be readily introduced by modifying the privateGPT-messages.js file. This file requires storage updates in both the /src and /dist directories post-modification.

Key Description Example Value
LANGUAGE The language for the server's system messages (en or de). "de"

SSL Certification Verification

Key Description Example Value
SSL_VALIDATE Use "false" only if the server's certificate cannot be validated by the client. "false"

Credential Obfuscation Setting

Key Description Example Value
PW_ENCRYPTION If set to "true" the server only accepts passwords in Ciphertext. "false"
PUBLIC_KEY Specifies the file system path to the server's public PEM file used for RSA. "~/.ssh/id_rsa_public.pem"
PRIVATE_KEY Specifies the file system path to the server's private key file used for RSA. "~/.ssh/id_rsa_public.pem"

Secure Socket Layer (SSL/TLS)

Key Description Example Value
ENABLE_TLS If set to "true" the server only provides TLS encrypted communication with clients and agents. "true"
SSL_KEY_PATH Specifies the file system path to the server's SSL/TLS Key file used for SSL/TLS. "~/.ssh/certs/server.key"
SSL_CERT_PATH Specifies the file system path to the server's certificate used for SSL/TLS. "~/.ssh/certs/server.crt"

Operational Constraints

Key Description Example Value
RESTRICTED_GROUPS Setting true prevents client access to assignableGroups. true
ENABLE_OPEN_AI_COMP_API Setting true allows the compatibility mode for OpenAI API. false

Event Recording Settings

Key Description Example Value
WRITTEN_LOGFILE Enable logfile. If set to false, no logfile logs/server.log will be written. If this option is set to ‘true’, the log can be retrieved via http://<ip>:3000' of the server. |true`
LOG_IPs Log IP's of the cleints/agents. If it is set to false, this information is replaced by ***** and cannot be restored. false
ANONYMOUS_MODE Deactivate everything that has to do with logging. No communication, errors or similar are written/saved or displayed. false

Feature Toggle Controls

Determine the accessibility of discrete gateway operations. Set the corresponding value to true to enable the feature, or false to disable it. Disabled features will return a notification indicating their unavailability.

Key Description Example Value
ENABLE_LOGIN Enables or disables the login function. true
ENABLE_LOGOUT Enables or disables the logout function. true
ENABLE_CHAT Enables or disables the chat functionality. true
ENABLE_CONTINUE_CHAT Enables or disables continuing a chat. true
ENABLE_GET_CHAT_INFO Enables or disables retrieving chat information. true
ENABLE_DELETE_ALL_CHATS Enables or disables retrieving chat information. true
ENABLE_DELETE_CHAT Enables or disables retrieving chat information. true
ENABLE_LIST_GROUPS Enables or disables listing groups. true
ENABLE_STORE_GROUP Enables or disables creating a group. true
ENABLE_DELETE_GROUP Enables or disables deleting a group. false
ENABLE_CREATE_SOURCE Enables or disables creating a source. true
ENABLE_EDIT_SOURCE Enables or disables editing a source. true
ENABLE_DELETE_SOURCE Enables or disables deleting a source. true
ENABLE_GET_SOURCE Enables or disables retrieving a source. true
ENABLE_LIST_SOURCES Enables or disables listing sources. true
ENABLE_STORE_USER Enables or disables creating a user. true
ENABLE_EDIT_USER Enables or disables editing a user. false
ENABLE_DELETE_USER Enables or disables deleting a user. false
ENABLE_REACTIVATE_USER Enables or disables reactivating a user. false

Service Interaction

  • Enable a Function: Set the corresponding value in the .env file to true.
  • Disable a Function: Set the corresponding value in the .env file to false.
  • The gateway will respond with a message indicating that the feature is disabled.

Example .env entry: dotenv { "privateGPT_Url": { "PRIVATE_GPT_API_URL": "https:///api/v1", "API_URL": "https:///api/v1" }, "Proxy_Config": { "USE_PROXY": "true", "HEADER_ENCRYPTED": "true", "ACCESS_HEADER": "Example: BptfJBeRGLbZas+..." }, "Server_Config": { "PORT": 5000, "LANGUAGE": "en", "SSL_VALIDATE": "false", "PW_ENCRYPTION": "true", "ALLOW_KEYGEN": "false", "PUBLIC_KEY": "~/.ssh/id_rsa_public.pem", "PRIVATE_KEY": "~/.ssh/id_rsa", "ENABLE_TLS": "true", "SSL_KEY_PATH": "~/.ssh/certs/server.key", "SSL_CERT_PATH": "~/.ssh/certs/server.crt" }, "Restrictions": { "RESTRICTED_GROUPS": false, "ENABLE_OPEN_AI_COMP_API": true }, "Logging": { "WRITTEN_LOGFILE": true, "LOG_IPs": true, "ANONYMOUS_MODE": false }, "Functions": { "ENABLE_LOGIN": true, "ENABLE_LOGOUT": true, "ENABLE_CHAT": true, "ENABLE_CONTINUE_CHAT": true, "ENABLE_GET_CHAT_INFO": true, "ENABLE_DELETE_ALL_CHATS": true, "ENABLE_DELETE_CHAT": true, "ENABLE_LIST_GROUPS": true, "ENABLE_STORE_GROUP": true, "ENABLE_DELETE_GROUP": true, "ENABLE_CREATE_SOURCE": true, "ENABLE_EDIT_SOURCE": true, "ENABLE_DELETE_SOURCE": true, "ENABLE_GET_SOURCE": true, "ENABLE_LIST_SOURCES": true, "ENABLE_STORE_USER": true, "ENABLE_EDIT_USER": false, "ENABLE_DELETE_USER": false, "ENABLE_REACTIVATE_USER": true } }

Service Interaction

Start the gateway: bash node dist/index.js

The gateway will initiate operation and monitor stdio channels for MCP directives.

Error Handling

The gateway manages various failure scenarios: - Authentication shortfalls - Network anomalies - Ill-formed requests - API service errors - Rate limitation violations - Time-out conditions

Errors are mapped to corresponding MCP error identifiers and include detailed diagnostic messages.

Exposed Utilities

Credential Obfuscation Utility

Derive an obfuscated credential for the client and/or the server's Proxy_Config->Password entry: bash node security/generate_encrypted_password.js ~/.ssh/id_rsa_public.pem

Check the derived obfuscated credential

To verify the obfuscation, execute: bash node security/generate_decrypted_password.js ~/.ssh/id_rsa

Refer to the sections Encrypted Password Generation Tool and Encrypted Password Decryption Tool below for supplementary information

Encrypted Password Generation Tool

Overview

The Encrypted Password Generation Tool is a Node.js script designed to securely encrypt user passwords using RSA public-key cryptography. This tool ensures that sensitive password data remains protected during transmission and storage by leveraging robust encryption mechanisms. It is an essential component for systems requiring secure password handling and transmission between clients and servers.

Features

  • Secure Encryption: Utilizes RSA (Rivest–Shamir–Adleman) public-key cryptography to encrypt sensitive passwords.
  • User-Friendly Interface: Prompts users to input their passwords securely via the command line.
  • Error Handling: Provides comprehensive error messages for missing keys or encryption issues.
  • Flexible Integration: Can be integrated into larger systems requiring secure password handling and encryption.

How It Works

  1. Public Key Loading: The script loads the RSA public key from a specified file path provided as a command-line argument.
  2. Password Input: It prompts the user to enter their password securely via the command line.
  3. Encryption Process: Using the loaded public key and RSA_PKCS1_PADDING, the script encrypts the entered password.
  4. Output: The encrypted password is displayed in Base64 format, ready for secure transmission or storage.

Prerequisites

  • Node.js: Ensure that Node.js is installed on your system. You can download it from the Node.js Official Website.
  • RSA Public Key: You must have access to the RSA public key (id_rsa_public.pem) used for encrypting the password.

Installation

  • Install Dependencies: The script uses built-in Node.js modules, so no additional dependencies are required. However, ensure that your Node.js version supports ES6 modules. bash rm -rf node_modules package-lock.json npm cache clean --force npm install

Usage

  1. Prepare Your RSA Public Key: Ensure you have your RSA public key (id_rsa_public.pem) stored securely on your MCP server.

  2. Run the Script, you will find it at the security directory of the MCP server:: Execute the script using Node.js, providing the path to your public key as a command-line argument. bash node encrypt_password.js /path/to/your/id_rsa_public.pem

    Example: bash node security/encrypt_password.js ~/.ssh/id_rsa_public.pem

  3. Enter Your Password: When prompted, input your password securely. bash Please enter your password: **

  4. View the Encrypted Password: The script will output the encrypted password in Base64 format. bash Encrypted Password:

Encrypted Password Decryption Tool

Overview

The Encrypted Password Decryption Tool is a Node.js script designed to securely decrypt encrypted passwords using RSA private-key cryptography. This tool ensures that sensitive password data remains protected during transmission and storage by leveraging robust encryption and decryption mechanisms. To verify or decrypt an encrypted password, use the private key. This is helpful to ensure that the encryption was performed correctly.

Features

  • Secure Decryption: Utilizes RSA (Rivest–Shamir–Adleman) private-key cryptography to decrypt sensitive password data.
  • Error Handling: Provides comprehensive error messages for missing keys or decryption issues.
  • User-Friendly Interface: Prompts users to input encrypted passwords securely via the command line.
  • Flexible Integration: Can be integrated into larger systems requiring secure password handling.

How It Works

  1. Private Key Loading: The script loads the RSA private key from a specified file path provided as a command-line argument.
  2. Encrypted Password Input: It prompts the user to enter an encrypted password in Base64 format.
  3. Decryption Process: Using the loaded private key and RSA_PKCS1_PADDING, the script decrypts the encrypted password.
  4. Output: The decrypted plaintext password is displayed in the console.

Prerequisites

  • Node.js: Ensure that Node.js is installed on your system. You can download it from Node.js Official Website.
  • RSA Private Key: You must have access to the RSA private key (id_rsa) on your MCP server used for decrypting the password.

Installation

  • Install Dependencies: The script uses built-in Node.js modules, so no additional dependencies are required. However, ensure that your Node.js version supports ES6 modules.

Usage

  1. Prepare Your RSA Private Key: Ensure you have your RSA private key (id_rsa) stored securely on your machine.

  2. Run the Script, you will find it at the security directory of the MCP server:: Execute the script using Node.js, providing the path to your private key as a command-line argument. bash node decrypt_password.js /path/to/your/id_rsa

    Example: bash node decrypt_password.js ~/.ssh/id_rsa

  3. Enter the Encrypted Password: When prompted, input the encrypted password in Base64 format. bash Please enter the encrypted password:

  4. View the Decrypted Password: The script will output the decrypted plaintext password. bash Decrypted Password: your_plaintext_password

This will decrypt the encrypted password and display the original value.

Important Notices

  • Ensure that the ~/.ssh/id_rsa_public.pem (public key) and ~/.ssh/id_rsa (private key) files exist and have the correct permissions.
  • The encryption tool relies on the public key, while the decryption tool requires the private key.

Repository Layout

MCP Server for MAS Developments – Complete Project Overview

This repository contains the MCP Server and all related client implementations.
Below you will find a complete directory structure as listed from the project root, including: - clients (C# .Net, C++, Go, Java, JavaScript, PHP, Python), - dist, - docs, - logs, - security, - src, - tests, - ver, and all subfolders/files.

Note:
This is a direct directory listing with minimal commentary.

Repository Layout (Full Listing)

text MCP-Server-for-MAS-Developments/ ├── dist │ └── public │ ├── index.html │ └── privateGPT-mcp-logo.png ├── docs │ └── images │ ├── alternative mcp client.png │ ├── mcp-general-architecture.png │ └── privateGPT-MCP.png ├── logs ├── security │ ├── generate_decrypted_password.js │ └── generate_encrypted_password.js ├── src │ ├── index.js │ ├── logger.js │ ├── privateGPT-messages.js │ ├── public │ │ ├── index.html │ │ └── privateGPT-mcp-logo.png │ ├── services │ │ └── privateGPT-service.ts │ └── types │ └── api.ts ├── tests ├── ver │ ├── index_np.js │ └── index_proxy_np.js └── clients ├── C# .Net │ ├── 1.0 mcp_login │ │ ├── bin │ │ │ └── Debug │ │ │ └── net9.0 │ │ ├── obj │ │ │ └── Debug │ │ │ └── net9.0 │ │ ├── mcp_login.csproj │ │ └── Program.cs │ ├── 1.1 mcp_logout │ │ ├── bin │ │ │ └── Debug │ │ │ └── net9.0 │ │ ├── obj │ │ │ └── Debug │ │ │ └── net9.0 │ │ ├── mcp_logout.csproj │ │ └── Program.cs │ ├── 2.0 mcp_chat │ │ ├── bin │ │ │ └── Debug │ │ │ └── net9.0 │ │ ├── obj │ │ │ └── Debug │ │ │ └── net9.0 │ │ ├── mcp_chat.csproj │ │ └── Program.cs │ ├── 2.1 mcp_continue_chat │ ├── 2.2 mcp_get_chat_info │ ├── 3.0 mcp_create_source │ ├── 3.1 mcp_get_source │ ├── 3.2 mcp_list_sources │ ├── 3.3 mcp_edit_source │ ├── 3.4 mcp_delete_source │ ├── 4.0 mcp_list_groups │ ├── 4.1 mcp_store_group │ ├── 4.2 mcp_delete_group │ ├── 5.0 mcp_store_user │ ├── 5.1 mcp_edit_user │ ├── 5.2 mcp_delete_user │ ├── Code Archiv │ │ ├── mcp_chat.cs │ │ ├── mcp_continue_chat.cs │ │ ├── ... │ │ └── mcp_store_user.cs │ └── README.md (14,924 bytes) ├── C++ │ ├── 1.0 mcp_login │ │ ├── MCPLoginClient.cpp │ │ └── MCPLoginClient.exe │ ├── 1.1 mcp_logout │ ├── 2.0 mcp_chat │ ├── 2.1 mcp_continue_chat │ ├── 2.2 mcp_get_chat_info │ ├── 3.0 mcp_create_source │ ├── 3.1 mcp_get_source │ ├── 3.2 mcp_list_sources │ ├── 3.3 mcp_edit_source │ ├── 3.4 mcp_delete_source │ ├── 4.0 mcp_list_groups │ ├── 4.1 mcp_store_group │ ├── 4.2 mcp_delete_group │ ├── 5.0 mcp_store_user │ ├── 5.1 mcp_edit_user │ ├── 5.2 mcp_delete_user │ ├── 9.0 mcp_keygen │ └── README.md (15,109 bytes) ├── Go │ ├── 1.0 mcp_login │ │ ├── MCPLoginClient.go │ │ └── MCPLoginClient.exe │ ├── 1.1 mcp_logout │ ├── 2.0 mcp_chat │ ├── 2.1 mcp_continue_chat │ ├── 2.2 mcp_get_chat_info │ ├── 3.0 mcp_create_source │ ├── 3.1 mcp_get_source │ ├── 3.2 mcp_list_sources │ ├── 3.3 mcp_edit_source │ ├── 3.4 mcp_delete_source │ ├── 4.0 mcp_list_groups │ ├── 4.1 mcp_store_group │ ├── 4.2 mcp_delete_group │ ├── 5.0 mcp_store_user │ ├── 5.1 mcp_edit_user │ ├── 5.2 mcp_delete_user │ ├── 9.0 mcp_keygen │ └── README.md (14,903 bytes) ├── Java │ ├── 1.0 mcp_login │ │ ├── json-20241224.jar │ │ ├── MCPLoginClient.class │ │ └── MCPLoginClient.java │ ├── 1.1 mcp_logout │ ├── 2.0 mcp_chat │ ├── 2.1 mcp_continue_chat │ ├── 2.2 mcp_get_chat_info │ ├── 3.0 mcp_create_source │ ├── 3.1 mcp_get_source │ ├── 3.2 mcp_list_sources │ ├── 3.3 mcp_edit_source │ ├── 3.4 mcp_delete_source │ ├── 4.0 mcp_list_groups │ ├── 4.1 mcp_store_group │ ├── 4.2 mcp_delete_group │ ├── 5.0 mcp_store_user │ ├── 5.1 mcp_edit_user │ ├── 5.2 mcp_delete_user │ └── README.md (16,208 bytes) ├── JavaScript │ ├── 1.0 mcp_login │ │ └── MCPLoginClient.js │ ├── 1.1 mcp_logout │ ├── 2.0 mcp_chat │ ├── 2.1 mcp_continue_chat │ ├── 2.2 mcp_get_chat_info │ ├── 3.0 mcp_create_source │ ├── 3.1 mcp_get_source │ ├── 3.2 mcp_list_sources │ ├── 3.3 mcp_edit_source │ ├── 3.4 mcp_delete_source │ ├── 4.0 mcp_list_groups │ ├── 4.1 mcp_store_group │ ├── 4.2 mcp_delete_group │ ├── 5.0 mcp_store_user │ ├── 5.1 mcp_edit_user │ ├── 5.2 mcp_delete_user │ ├── 9.0 mcp_keygen │ └── README.md (15,692 bytes) ├── PHP │ ├── 1.0 mcp_login │ │ └── MCPLoginClient.php │ ├── 1.1 mcp_logout │ ├── 2.0 mcp_chat │ ├── 2.1 mcp_continue_chat │ ├── 2.2 mcp_get_chat_info │ ├── 3.0 mcp_create_source │ ├── 3.1 mcp_get_source │ ├── 3.2 mcp_list_sources │ ├── 3.3 mcp_edit_source │ ├── 3.4 mcp_delete_source │ ├── 4.0 mcp_list_groups │ ├── 4.1 mcp_store_group │ ├── 4.2 mcp_delete_group │ ├── 5.0 mcp_store_user │ ├── 5.1 mcp_edit_user │ ├── 5.2 mcp_delete_user │ ├── 9.0 mcp_keygen │ └── README.md (15,636 bytes) └── Python ├── 1.0 mcp_login │ └── MCPLoginClient.py ├── 1.1 mcp_logout ├── 2.0 mcp_chat ├── 2.1 mcp_continue_chat ├── 2.2 mcp_get_chat_info ├── 3.0 mcp_create_source ├── 3.1 mcp_get_source ├── 3.2 mcp_list_sources ├── 3.3 mcp_edit_source ├── 3.4 mcp_delete_source ├── 4.0 mcp_list_groups ├── 4.1 mcp_store_group ├── 4.2 mcp_delete_group ├── 5.0 mcp_store_user ├── 5.1 mcp_edit_user ├── 5.2 mcp_delete_user ├── 9.0 mcp_keygen └── README.md (15,630 bytes)

This repository is governed under the MIT License terms - consult the LICENSE file for definitive specifics.

WIKIPEDIA: XMLHttpRequest (XHR) is an API in the form of a JavaScript object whose methods transmit HTTP requests from a web browser to a web server. The methods allow a browser-based application to send requests to the server after page loading is complete, and receive information back. XMLHttpRequest is a component of Ajax programming. Prior to Ajax, hyperlinks and form submissions were the primary mechanisms for interacting with the server, often replacing the current page with another one.

== History == The concept behind XMLHttpRequest was conceived in 2000 by the developers of Microsoft Outlook. The concept was then implemented within the Internet Explorer 5 browser (1999). However, the original syntax did not use the XMLHttpRequest identifier. Instead, the developers used the identifiers ActiveXObject("Msxml2.XMLHTTP") and ActiveXObject("Microsoft.XMLHTTP"). As of Internet Explorer 7 (2006), all browsers support the XMLHttpRequest identifier. The XMLHttpRequest identifier is now the de facto standard in all the major browsers, including Mozilla's Gecko layout engine (2002), Safari 1.2 (2004) and Opera 8.0 (2005).

=== Standards === The World Wide Web Consortium (W3C) published a Working Draft specification for the XMLHttpRequest object on April 5, 2006. On February 25, 2008, the W3C published the Working Draft Level 2 specification. Level 2 added methods to monitor event progress, allow cross-site requests, and handle byte streams. At the end of 2011, the Level 2 specification was absorbed into the original specification. At the end of 2012, the WHATWG took over development and maintains a living document using Web IDL.

== Usage == Generally, sending a request with XMLHttpRequest has several programming steps.

Create an XMLHttpRequest object by calling a constructor: Call the "open" method to specify the request type, identify the relevant resource, and select synchronous or asynchronous operation: For an asynchronous request, set a listener that will be notified when the request's state changes: Initiate the request by calling the "send" method: Respond to state changes in the event listener. If the server sends response data, by default it is captured in the "responseText" property. When the object stops processing the response, it changes to state 4, the "done" state. Aside from these general steps, XMLHttpRequest has many options to control how the request is sent and how the response is processed. Custom header fields can be added to the request to indicate how the server should fulfill it, and data can be uploaded to the server by providing it in the "send" call. The response can be parsed from the JSON format into a readily usable JavaScript object, or processed gradually as it arrives rather than waiting for the entire text. The request can be aborted prematurely or set to fail if not completed in a specified amount of time.

== Cross-domain requests ==

In the early development of the World Wide Web, it was found possible to brea

See Also

MCP
Servers Mcp
Cheatsheets
IAM Policy: Self-Manage User Permissions Cheatsheets
Password
Password PNG Icons
User
User PNG Icons
Man Pages
true Man Pages
Man Pages
source Man Pages
Man Pages
chat Man Pages
Man Pages
security Man Pages
MCP
Public Mcp
← Back to Apis And Http Requests🙏  Credits & Acknowledgments
`