logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

unified-mcp-gateway

A centralized intermediary layer for orchestrating numerous Model Context Protocol (MCP) endpoints, facilitating intelligent workload distribution and immediate status synchronization. It achieves deep synergy with diverse Large Language Models (LLMs) to accelerate software creation pipelines.

Author

unified-mcp-gateway logo

VeriTeknik

Apache License 2.0

Quick Info

GitHub GitHub Stars 32
NPM Weekly Downloads 0
Tools 1
Last Updated 2026-02-19

Tags

mcpcloudllmsmcp serversmcp manageservices veriteknik

Unified MCP Gateway: Centralized AI Orchestration

plugged.in Logo

The Nexus for Interconnected AI Data Streams

Aggregate and govern all your backend MCP instances via a single control plane, featuring an integrated sandbox for testing against any available AI engine.

[![Release Version](https://img.shields.io/badge/version-1.9.0-red?style=for-the-badge)](https://github.com/VeriTeknik/pluggedin-mcp/releases) [![GitHub Popularity](https://img.shields.io/github/stars/VeriTeknik/pluggedin-mcp?style=for-the-badge)](https://github.com/VeriTeknik/pluggedin-mcp/stargazers) [![License Type](https://img.shields.io/github/license/VeriTeknik/pluggedin-mcp?style=for-the-badge)](LICENSE) [![Language Stack](https://img.shields.io/badge/TypeScript-5.1+-orange?style=for-the-badge&logo=typescript)](https://www.typescriptlang.org/) [![Protocol Compliance](https://img.shields.io/badge/MCP-Compliant-yellow?style=for-the-badge)](https://modelcontextprotocol.io/)

📋 System Synopsis

The Unified MCP Gateway functions as sophisticated middleware, unifying disparate Model Context Protocol (MCP) services under one cohesive management facade. It proactively retrieves configuration metadata—including available tools, operational prompts, and data resources—from the central plugged.in Application Hub. Crucially, it employs intelligent routing logic to direct client requests to the optimally configured backend MCP endpoints.

This architecture guarantees transparent connectivity for any standard MCP client (such as Claude, Cline, or Cursor) while unlocking powerful, centralized governance features provided by the plugged.in ecosystem.

Show your appreciation! A GitHub star significantly boosts visibility and encourages sustained feature development.

✨ Primary Functionalities

🚀 Foundational Capabilities

  • Integrated AI Sandbox: Execute instant trials across Claude, Gemini, OpenAI, and xAI engines without requiring individual client configurations.
  • Client Agnosticism: Seamless interoperability with all MCP-enabled clients, including Claude Desktop, Cline, and Cursor.
  • Extensive Server Aggregation: Connects to and manages servers utilizing STDIO, SSE, and Streamable HTTP communication protocols.
  • Dual Communication Modes: Operates natively via STDIO pipes (default) or as a dedicated Streamable HTTP communication hub.
  • Holistic Data Retrieval (RAG): Perform unified searches across documentation held by all connected endpoints.
  • RAG v2 - AI Document Contribution: Enables backend MCP services to contribute, manage, and version documents within the central library, complete with precise model lineage.
  • Omni-Source Notifications: Receive instant alerts originating from any connected model, with optional email forwarding.
  • Context Switching Layer: Instantly pivot between distinct sets of MCP operational configurations (Workspaces).
  • API-Driven Configuration: Capability ingestion relies exclusively on secured plugged.in App endpoints, eliminating manual discovery.
  • Full Protocol Adherence: Comprehensive handling of tools, persistent resources, template definitions, and structured prompts.
  • Per-Server Custom Directives: Supports server-specific preamble instructions formatted per MCP prompt standards.

🎯 Feature Spotlight: v1.5.0 (RAG v2 - Document Exchange System)

  • AI Document Genesis: MCP services can now instigate document creation directly into the shared repository.
  • Complete audit trail for generation/modification attribution per AI agent.
  • Chronological versioning with granular change tracking.
  • Content integrity verification via SHA-256 hashing for deduplication.
  • Native ingest support for MD, TXT, JSON, HTML, PDF, and extensible formats.
  • Intelligent Document Indexing: Advanced retrieval queries incorporating AI-driven refinement logic.
  • Filtering capabilities based on generating AI, provider ID, temporal boundaries, metadata tags, and source type.
  • Contextual relevance scoring via semantic matching.
  • Automated abstract generation with key term highlighting.
  • Source scoping: filter by ai_generated, upload, or api origin.
  • MCP-Governed Document Lifecycle:
  • Fine-grained access control: set visibility to private, workspace-level, or globally accessible.
  • Hierarchical structuring for managing document revisions and lineage.
  • Organization via user profiles integrated with project-scoped boundaries.
  • Live progress feedback during background document processing tasks.

🎯 Feature Spotlight: v1.4.0 (Registry v2 Compliance)

  • Secure Token Lifecycle Management: Effortless OAuth credential handling for Streamable HTTP targets.
  • Automatic token acquisition via plugged.in App orchestration.
  • Secure, encrypted storage and renewal mechanisms.
  • Eliminates the need for client-side credential exposure.
  • Bidirectional Alerting Fabric: Enhanced notification system for robust communication.
  • Transmit alerts upstream to the plugged.in App interface.
  • Ingest real-time alerts from downstream MCP entities.
  • Programmatic status marking (read/unread) and deletion.
  • Activity Telemetry: Transparent tracking of operational usage patterns.
  • Every invocation of a remote tool is logged and time-stamped.
  • Data feeds into aggregate trending calculations for service ranking.
  • Provides granular utilization metrics and service popularity indicators.
  • Registry Synchronization: Full adoption of Registry v2 interaction models.
  • Autonomous discovery of registered services.
  • Installation metrics collection and reporting.
  • Support for community-contributed service endpoints.

📦 Enhancements from v1.1.0

  • Streamable HTTP Protocol Support: Native encapsulation and translation for Streamable HTTP transport layers.
  • Standalone HTTP Server Mode: Ability to launch the proxy as a publicly accessible, configurable HTTP listener.
  • Authentication Flexibility: Optional bearer token validation required for securing HTTP interfaces.
  • Persistence Modes: Selection between maintaining connection state (stateful) or treating each interaction independently (stateless).

🎯 Core Functionality from v1.0.0

  • Live Alerting: Monitor all operational activities through a comprehensive alerting mechanism.
  • RAG Linkage: Built-in facility for augmenting queries with context drawn from the plugged.in Document Vault.
  • Inspector Scripts: Introduction of automated diagnostic routines for rigorous debugging.
  • Service Liveness Check: Integrated ping endpoint for proactive connection health verification.

🔧 Tool Classification System

The gateway categorizes available functions into two operational domains:

🔧 Intrinsic Built-in Utilities (Always Active)

These utilities are hard-coded into the proxy runtime and require no external server registration: - pluggedin_discover_tools - High-speed capability enumeration leveraging internal caching mechanisms. - pluggedin_rag_query - Executes advanced RAG v2 searches across the enterprise document repository, supporting AI filtering. - pluggedin_send_notification - Mechanism for dispatching real-time alerts, optionally via electronic mail. - pluggedin_create_document - (Future Release) Utility for persisting AI-generated content into the central knowledge base.

⚡ Dynamic Backend Utilities (Server Dependent)

These functions are dynamically aggregated from actively connected MCP instances and can be toggled on/off: - Data persistence interfaces (e.g., PostgreSQL, SQLite drivers). - Local file system manipulation tools. - External API interaction modules. - Any custom function exposed by a conforming MCP host.

The integrated discovery mechanism intelligently merges both sets, granting AI agents immediate access to the complete functional spectrum.

🚀 Capability Enumeration Execution

# Rapid enumeration - utilizes cache for sub-second returns
pluggedin_discover_tools()

# Force data synchronization - returns current status while initiating background fetch 
pluggedin_discover_tools({"force_refresh": true})

# Specific endpoint introspection
pluggedin_discover_tools({"server_uuid": "specific-identifier-here"})

Example Output Structure:

## 🔧 Intrinsic Utilities (Always Available):
1. **pluggedin_discover_tools** - Accelerated discovery via caching logic
2. **pluggedin_rag_query** - Semantic RAG v2 traversal with AI context refinement
3. **pluggedin_send_notification** - Dispatch alerts across notification channels
4. **pluggedin_create_document** - (Pending) Persist AI artifacts to the library

## ⚡ Dynamic Backend Utilities (Total: 8) - Harvested from Hosts:
1. **sql_query_readonly** - Execute non-mutating SQL statements
2. **secure_random_int** - Produce cryptographically sound random integers
...

📚 RAG v2 Context Interaction Examples

The advanced RAG v2 framework ensures meticulous attribution for all AI-mediated document operations:

# Retrieve knowledge based on generation source model
pluggedin_rag_query({
  "query": "microservices topology",
  "filters": {
    "modelName": "Claude 3 Opus",
    "source": "ai_generated",
    "tags": ["architecture"]
  }
})

# Comprehensive search spanning all ingest methods
pluggedin_rag_query({
  "query": "production rollout blueprint",
  "filters": {
    "dateFrom": "2024-01-01",
    "visibility": "workspace"
  }
})

# Future: Initiate AI artifact creation (Upcoming)
pluggedin_create_document({
  "title": "Strategic Review Summary",
  "content": "# Quarterly Findings\n\nKey takeaways...",
  "format": "md",
  "tags": ["strategy", "quarterly"],
  "metadata": {
    "model": {
      "name": "Gemini Advanced",
      "provider": "Google"
    }
  }
})

🚀 Deployment Guide

Prerequisites

  • Node.js runtime environment (Version 18 minimum; v20+ recommended).
  • An active API authorization credential obtained from the plugged.in Developer Portal (plugged.in/api-keys).

Installation via Package Manager

# Install and initiate execution using npx (targets latest stable release)
npx -y @pluggedin/pluggedin-mcp-proxy@latest --pluggedin-api-key YOUR_API_KEY

🔄 Migration Path to v1.0.0

Users migrating from older versions should consult the comprehensive Migration Guide for necessary transition steps.

# Execute upgrade command
npx -y @pluggedin/pluggedin-mcp-proxy@1.0.0 --pluggedin-api-key YOUR_API_KEY

Configuration for Client Applications

Claude Desktop Integration

Inject the following structure into your Claude Desktop configuration settings:

{
  "mcpServers": {
    "unified_gateway": {
      "command": "npx",
      "args": ["-y", "@pluggedin/pluggedin-mcp-proxy@latest"],
      "env": {
        "PLUGGEDIN_API_KEY": "YOUR_API_KEY"
      }
    }
  }
}

Cline Integration

Use this configuration block within your Cline setup:

{
  "mcpServers": {
    "unified_gateway": {
      "command": "npx",
      "args": ["-y", "@pluggedin/pluggedin-mcp-proxy@latest"],
      "env": {
        "PLUGGEDIN_API_KEY": "YOUR_API_KEY"
      }
    }
  }
}

Cursor Integration

Cursor natively supports direct command-line argument passing:

npx -y @pluggedin/pluggedin-mcp-proxy@latest --pluggedin-api-key YOUR_API_KEY

⚙️ Operational Parameters

Environment Variables

Variable Purpose Mandatory Default Value
PLUGGEDIN_API_KEY Credential for plugged.in Backend Access Yes N/A
PLUGGEDIN_API_BASE_URL Root endpoint for the plugged.in Service No https://plugged.in

Command Line Flags

Runtime arguments override environment variable settings:

npx -y @pluggedin/pluggedin-mcp-proxy@latest --pluggedin-api-key YOUR_API_KEY --pluggedin-api-base-url https://enterprise.cloud.net

Transport Configuration Flags

Flag Description Default
--transport <mode> Protocol: stdio or streamable-http stdio
--port <number> Listen socket designation for HTTP mode 12006
--stateless Activate connectionless mode for HTTP false
--require-api-auth Enforce Bearer token validation on HTTP ingress false

For a complete parameter reference, invoke:

npx -y @pluggedin/pluggedin-mcp-proxy@latest --help

🌐 Streamable HTTP Deployment

The gateway can function as a persistent HTTP service, enabling remote connections and web integration.

Initialization Examples

# Launch on default port (12006) using STDIO authentication
npx -y @pluggedin/pluggedin-mcp-proxy@latest --transport streamable-http --pluggedin-api-key YOUR_API_KEY

# Specify alternate listening port
npx -y @pluggedin/pluggedin-mcp-proxy@latest --transport streamable-http --port 8080 --pluggedin-api-key YOUR_API_KEY

# Activate mandatory API key protection for HTTP access
npx -y @pluggedin/pluggedin-mcp-proxy@latest --transport streamable-http --require-api-auth --pluggedin-api-key YOUR_API_KEY

# Deploy in connectionless mode (Stateless)
npx -y @pluggedin/pluggedin-mcp-proxy@latest --transport streamable-http --stateless --pluggedin-api-key YOUR_API_KEY

HTTP Interface Schemas

  • POST /mcp - Primary endpoint for transmitting JSON-RPC messages.
  • GET /mcp - Optional server-sent event (SSE) stream for continuous updates.
  • DELETE /mcp - Command to cleanly sever an active stateful session.
  • GET /health - Operational status check endpoint.

Session Persistence Protocol

In the default stateful configuration, clients must utilize the mcp-session-id header to maintain session context across multiple transactions:

# Initial request establishes a session ID
curl -X POST http://localhost:12006/mcp \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -d '{"jsonrpc":"2.0","method":"tools/list","id":1}'

# Subsequent requests reuse the retrieved session ID
curl -X POST http://localhost:12006/mcp \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -H "mcp-session-id: RETRIEVED_SESSION_ID" \
  -d '{"jsonrpc":"2.0","method":"tools/call","params":{"name":"tool_name"},"id":2}'

Secure HTTP Authentication

When --require-api-auth is enabled, credentials must be transmitted using the HTTP Bearer scheme:

curl -X POST http://localhost:12006/mcp \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -d '{"jsonrpc":"2.0","method":"ping","id":1}'

🐳 Containerized Operation (Docker)

The proxy is container-ready, facilitating streamlined deployment.

Image Construction

Assuming Docker is active, navigate to the root of the pluggedin-mcp directory and execute:

docker build -t pluggedin-mcp-proxy:latest .

A robust .dockerignore file is utilized to minimize the build context size.

Execution Scenarios

STDIO Mode (For Inspection Tools)

Run the container interactively to pipe directly to MCP clients like the Inspector:

docker run -it --rm \
  -e PLUGGEDIN_API_KEY="YOUR_API_KEY" \
  -e PLUGGEDIN_API_BASE_URL="YOUR_CUSTOM_ENDPOINT" \
  --name mcp_stdio_instance 
  pluggedin-mcp-proxy:latest

Streamable HTTP Server Mode

Deploy as a background HTTP service:

docker run -d --rm \
  -e PLUGGEDIN_API_KEY="YOUR_API_KEY" \
  -e PLUGGEDIN_API_BASE_URL="YOUR_CUSTOM_ENDPOINT" \
  -p 12006:12006 \
  --name mcp_http_service 
  pluggedin-mcp-proxy:latest \
  --transport streamable-http --port 12006

Substitute placeholders with actual credentials. The container defaults to port 12006.

Connecting via MCP Inspector

Once the HTTP container is live, direct the Inspector to the container's process stream:

npx @modelcontextprotocol/inspector docker://mcp_http_service

Termination

Stopping the foreground execution container (using Ctrl+C) will trigger automatic cleanup due to the --rm flag.

🏗️ Internal Service Blueprint

The Unified MCP Gateway serves as a translation layer between external MCP clients and the distributed backend services:

sequenceDiagram
    participant Client as MCP Client (e.g., Cursor)
    participant Proxy as Unified MCP Gateway
    participant App as plugged.in App Hub
    participant Backends as Backend MCP Services

    Client ->> Proxy: Query for Tool Manifest / Execute Call
    Proxy ->> App: API Fetch: Get Metadata & Routing Rules
    App -->> Proxy: Return Consolidated Configuration Map

    alt Capability Listing Request
        Client ->> Proxy: Execute pluggedin_discover_tools
        alt Cache Hit
            Proxy -->> Client: Instantaneous Return (Static + Cached Dynamic)
        else Cache Miss / Forced Refresh
            Proxy ->> App: Initiate Background Metadata Synchronization
            App ->> Backends: Discover & Report Fresh Capabilities
            Proxy -->> Client: Return Current View + In-Progress Status
        end
    end

    Client ->> Proxy: Invoke Tool 'X' / Resource Read
    alt Internal Static Tool
        Proxy ->> Client: Execute & Return Local Result
    else External Tool Routing
        Proxy ->> App: Resolve Tool 'X' to Target Server 'S'
        App -->> Proxy: Provide Server 'S' Connection Details
        Proxy ->> Backends: Route Request to Server 'S'
        Backends -->> Proxy: Deliver Service Result
    end
    Proxy -->> Client: Finalized Response Payload

🔄 Operational Flow Dynamics

  1. Bootstrap: The gateway initializes by retrieving the active service topology from the plugged.in App.
  2. Intelligent Enumeration (pluggedin_discover_tools):
  3. Cache Priority: First attempts retrieval from local, time-stamped data store (< 1 second latency).
  4. Immediate Feedback: Issues a response containing intrinsic tools and any cached dynamic tool definitions.
  5. Asynchronous Update: If a refresh is mandated, it executes the discovery phase concurrently while serving the potentially stale data.
  6. Full Scan: A complete, live enumeration is only triggered upon cache expiry or explicit user command.
  7. Capability Mapping: The gateway resolves all endpoints via dedicated App APIs:
  8. tools/list: Ingests definitions from /api/tools, merging intrinsic and dynamic sets.
  9. resources/list: Pulls document metadata from /api/resources.
  10. resource-templates/list: Fetches template schemas from /api/resource-templates.
  11. prompts/list: Consolidates user-defined instructions and server-specific prompts from /api/prompts.
  12. Target Resolution: When an action is invoked, the proxy determines the destination host:
  13. tools/call: Identifies the target backend based on the tool name prefix and consults its internal routing registry.
  14. resources/read: Queries /api/resolve/resource?uri=... to locate the hosting service.
  15. prompts/get: Checks for overriding custom instructions before querying the prompt resolution service.
  16. Forwarding: The standardized MCP request is encapsulated and forwarded across the network to the designated backend handler.
  17. Data Return: Results from the backend are normalized back into the MCP structure and returned to the originating client.

🔒 Security Posture

The Unified MCP Gateway enforces rigorous security protocols to safeguard operational integrity and data confidentiality:

Input Integrity Checks

  • Command Execution Safeguard: All execution parameters are rigorously vetted against defined allowlists.
  • Configuration Parsing: Secure handling of environment variables, including robust parsing of quoted and multi-line entries from .env files.
  • Credential Validation: Strict pattern matching for API keys and authentication tokens (e.g., length and hex character validation).

Network Defense Mechanisms

  • Server-Side Request Forgery (SSRF) Mitigation: Strict URL filtering blocks attempts to reach:
  • Internal network loops (127.0.0.1, ::1).
  • Private IP subnets (e.g., 10.x.x.x, 192.168.x.x).
  • Non-routable address spaces.
  • Well-known sensitive service ports (SSH, database listeners).
  • Header Injection Blocking: Defense against malformed or malicious headers:
  • Prohibition of known dangerous headers.
  • Validation against RFC 7230 naming conventions.
  • Detection and rejection of null bytes and control characters.
  • Enforcement of strict header payload size limits (8KB).
  • Traffic Throttling: Implemented rate limits:
  • Tool execution requests: Capped at 60 per minute.
  • App Hub API calls: Capped at 100 per minute.
  • Information Leakage Prevention: Sanitization routines strip sensitive details from error responses before they reach the client.

Process Isolation & Execution

  • Safe Invocation: Utilizes execFile() over exec() to bypass shell interpretation vulnerabilities.
  • Permitted Utilities: Execution is strictly limited to:
  • node, npx (Node environment tools).
  • python, python3 (Standard Python interpreters).
  • uv, uvx, uvenv (Modern Python package management tools).
  • Argument Scrubbing: All command arguments undergo stripping of shell metacharacters and control codes.
  • Environment Control: Careful management over inherited environment variables.

Streamable HTTP Security Features

  • Discovery Opt-Out: Tool listing operations function without requiring upfront authentication, aiding initial handshake flexibility.
  • Session Integrity: Session identifiers are generated using high-entropy cryptographic randomness.
  • Web Access Control: Configurable Cross-Origin Resource Sharing (CORS) policies.
  • Payload Limits: Enforced maximum payload size to prevent denial-of-service via oversized POST bodies.

Core Security Utilities Module

A dedicated module (security-utils.ts) encapsulates: - Bearer token format validation. - SSRF-proof URL validation logic. - Dynamic argument cleaning routines. - Environment variable integrity checks. - Integrated rate limiting logic. - Error message scrubbing function.

Refer to SECURITY.md for a complete audit trail of the security implementation.

🧩 Synergy with the plugged.in Application

The Unified MCP Gateway is architecturally designed for maximal cohesion with the plugged.in App, which serves as the control surface:

  • Configuration Management: Provides the web UI for centrally managing all connected MCP service definitions.
  • Centralized Metadata Hub: Acts as the single source of truth for Tools, Resources, Templates, and Prompt definitions.
  • RAG v2 Core: Hosts the Document Library where users upload content, enabling AI models to generate knowledge with verifiable provenance.
  • Instruction Oversight: Facilitates centralized editing of custom system instructions.
  • Workspace Isolation: Enables organization of different operational environments.
  • Interactive Testing: Features a web-based sandbox for immediate validation against any integrated AI model.
  • Credential Vault: Manages API keys and OAuth credentials securely.
  • AI Document Lifecycle: Oversees the creation, searching, and versioning of AI-contributed knowledge artifacts.

📚 External References

🤝 Community Contribution

We welcome constructive input. Please submit modifications through a formal Pull Request.

📝 Update Log

Version 1.9.0 (Projected Sept 2025) - Hardened Security Release

🔒 Advanced HTML Integrity Enforcement

  • Library Migration: Switched from legacy regex methods to the robust sanitize-html utility.
  • XSS Defense: Comprehensive fortification against Cross-Site Scripting vectors.
  • Attribute Context Safety: Improved sanitization rules applied specifically within HTML attribute parsing contexts.
  • Logging Integrity: Addressed format string injection vulnerabilities present in historical logging utilities.
  • Test Verification: Expanded security test suite to confirm resistance to modern XSS payloads.

🛡️ General Security Hardening

  • CodeQL Resolution: All findings reported by GitHub CodeQL static analysis have been rectified.
  • Input Defenses: Broad strengthening of validation routines across all ingress points.
  • Dependency Management: Integration of sanitize-html as a core, essential dependency.
  • Test Coverage: Significant uplift in security-focused unit testing.

Version 1.5.0 (Projected Jan 2025) - Knowledge Contribution Layer

🤖 AI Document Exchange System

  • Generative Artifacts: Backend MCP agents are now authorized to write new documents directly to the shared repository.
  • Provenance Tracking: Detailed metadata captures the generating AI agent and modification history.
  • Sophisticated Querying: Advanced retrieval filters now include AI model identifiers, provider IDs, temporal bounds, and source provenance.
  • Version Control: Automated tracking of document revisions originating from AI updates.
  • Format Versatility: Support for indexing documents across numerous formats.

🔍 Enhanced RAG Capabilities

  • Semantic Search Optimization: Leveraging advanced indexing techniques (e.g., PostgreSQL FTS) for superior relevance ranking.
  • Contextual Filtering: Granular control over results based on privacy levels, attribution, and data origin.
  • Abstract Generation: Automatic creation of summary snippets with highlighted search terms.
  • Performance Tweak: Query latency reduction through indexing improvements.

Version 1.2.0 (Projected Jan 2025)

🔒 Security Overhauls

  • SSRF Shielding: Implemented aggressive blocking logic for all private, loopback, and reserved network addressing.
  • Execution Whitelisting: Strict enforcement of allowed executable binaries for subprocess calls.
  • HTTP Header Protection: Introduction of robust header sanitation middleware.
  • Compatibility: Improved adherence to Smithery protocols by enabling unauthenticated tool discovery.

🚀 Performance Optimizations

  • Container Footprint: Utilized multi-stage Docker builds to produce minimal final images.
  • Dependency Pruning: Development/testing dependencies are deliberately omitted from production Docker artifacts.
  • Resource Footprint: Optimized memory and CPU usage, favoring low-overhead execution.

🔧 Technical Refinements

  • Improved error surfacing within the Streamable HTTP transport layer.
  • Enhanced resource management for connection sessions.
  • Broad refactoring for superior TypeScript type safety.

Version 1.1.0 (Projected Dec 2024)

🚀 Feature Introduction

  • Streamable HTTP Native Support: Full implementation of the modern Streamable HTTP communication standard for downstream servers.
  • Web Listener Mode: Capability to initiate the proxy as a standalone HTTP server accessible via network protocols.
  • Session Flexibility: Introduction of configuration toggles for persistent (stateful) versus ephemeral (stateless) session handling.
  • Access Control: Optional implementation of Bearer token validation for HTTP ingress points.
  • Service Health Endpoint: Addition of a designated GET /health interface.

🔧 Development Updates

  • Upgraded internal MCP SDK dependency to v1.13.1 for protocol feature parity.
  • Integrated Express.js framework for streamlined HTTP server construction.
  • Comprehensive update to TypeScript interfaces for better developer ergonomics.

Version 1.0.0 (Projected June 2025)

🎯 Milestone Features

  • Real-Time Alerting Fabric: Comprehensive system for tracking and broadcasting all service interactions.
  • Contextual Retrieval (RAG): Foundation laid for document-augmented query processing via the plugged.in Hub.
  • Diagnostic Scripts: Introduction of automated routines for testing and debugging functionality.
  • Liveness Endpoint: Availability of a dedicated endpoint for external service monitoring.

🔒 Foundational Security

  • Input Validation: Established baseline defenses against injection via input sanitization.
  • URL Scrutiny: Implemented initial layer of SSRF defense on all network operations.
  • Environment Hardening: Secure parsing protocols for runtime configuration variables.
  • Error Disclosure Control: Sanitized internal errors to prevent leakage of implementation details.

🐛 Stability Fixes

  • Resolved issues related to JSON-RPC message demarcation (separating stdout/stderr streams).
  • Corrected logic for localhost URL identification during development configuration.
  • Fixed edge cases in API key processing within testing scripts.
  • General improvements to connection resilience and memory allocation.

🔧 Tooling & DX

  • New suite of inspector scripts for continuous integration testing.
  • Enhanced verbosity in error messages for easier debugging.
  • Adoption of structured logging principles, utilizing stderr appropriately.
  • Migration to strict TypeScript typing throughout the codebase.

Consult Release Notes for exhaustive documentation.

🧪 Testing and Development

Local Development Environment

Tests are bundled for development purposes but are configured to be omitted during lightweight Docker image construction.

# Execute full local test suite
npm test
# OR use the dedicated script
./scripts/test-local.sh

# Initiate continuous testing upon file change
npm run test:watch

# Launch tests with interactive UI coverage reporting
npm run test:ui

Optimized Docker Builds

The production Docker build emphasizes efficiency: - Leverages multi-stage compilation for smaller final artifacts. - Excludes all testing apparatus and development dependencies from the final runtime layer. - Optimized for execution environments with constrained resources.

# Build the minimal, production-ready image
docker build -t pluggedin-mcp:release .

# Verify resulting image footprint
docker images pluggedin-mcp:release

📄 Licensing

This software is distributed under the permissive terms of the MIT License; see the accompanying LICENSE file for full details.

🙏 Recognition

WIKIPEDIA NOTE ON CLOUD COMPUTING: Cloud computing is defined by ISO as "a paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand." This concept, colloquially known as 'the cloud,' evolved significantly from 1960s time-sharing systems. The actual 'cloud' metaphor for service virtualization emerged around 1994 within General Magic's planning, later popularized in 1996.

See Also

`