No description

Find a file

Manuel Ganter 12beeaacd7 feat: reduced token usage of list operations by reducing the amount of returned fields		2026-01-19 13:49:34 +01:00
.claude	introduced stdio mcp server for edge connect	2026-01-05 11:51:35 +01:00
.github/workflows	Added release pipeline with goreleaser	2026-01-05 14:57:06 +01:00
docs	added OAuth2.1 flow	2026-01-05 16:59:11 +01:00
oauth	fix: oauth2 dev server now supports dynamic client registration	2026-01-07 14:54:42 +01:00
scripts/hooks	fix: pre commit hook using gitleaks	2026-01-07 14:57:33 +01:00
.claudeignore	improved README.md	2026-01-05 12:26:44 +01:00
.env.example	added OAuth2.1 flow	2026-01-05 16:59:11 +01:00
.gitignore	introduced stdio mcp server for edge connect	2026-01-05 11:51:35 +01:00
.gitleaksignore	chore: added gitleaks pre commit hook	2026-01-05 16:04:29 +01:00
.goreleaser.yaml	Added release pipeline with goreleaser	2026-01-05 14:57:06 +01:00
auth.go	Removed unused code	2026-01-05 14:39:40 +01:00
config.go	fix: oauth2 dev server now supports dynamic client registration	2026-01-07 14:54:42 +01:00
go.mod	feat: added multi ui-protocol support	2026-01-12 18:04:26 +01:00
go.sum	feat: added multi ui-protocol support	2026-01-12 18:04:26 +01:00
main.go	Provisionally add MCP UI functionality	2026-01-12 13:24:56 +01:00
Makefile	Partially update README	2026-01-09 17:27:19 +01:00
MCP_UI.md	Provisionally add MCP UI functionality	2026-01-12 13:24:56 +01:00
QUICKSTART.md	Partially update README	2026-01-09 17:27:19 +01:00
README.md	Provisionally add MCP UI functionality	2026-01-12 13:24:56 +01:00
REMOTE_SERVER.md	added server mode	2026-01-05 12:03:50 +01:00
tools.go	feat: reduced token usage of list operations by reducing the amount of returned fields	2026-01-19 13:49:34 +01:00
ui.go	feat: added multi ui-protocol support	2026-01-12 18:04:26 +01:00

README.md

Edge Connect MCP Server

A Model Context Protocol (MCP) server implementation for Edge Connect, providing tools to manage applications and application instances.

Supports both local (stdio) and remote (HTTP/SSE) operation modes.

Features

Interactive UI Resources (MCP-UI)

This server includes rich, interactive web-based visualizations powered by MCP-UI. When using compatible MCP clients, you'll receive beautiful HTML dashboards instead of plain text:

📊 Applications Dashboard - Visual grid of applications with stats, deployment badges, and quick actions
🔍 Application Detail View - Comprehensive property display with JSON viewer
⚡ Instances Dashboard - Interactive table with status indicators and instance management

For clients that don't support UI resources, the server gracefully falls back to text-based responses. See MCP_UI.md for full documentation.

Edge Connect API Tools

This MCP server implements all Edge Connect API endpoints for:

Apps Management

create_app - Create a new Edge Connect application
show_app - Retrieve a specific application by key (includes UI)
list_apps - List all applications matching filter criteria (includes UI)
update_app - Update an existing application
delete_app - Delete an application (idempotent)

App Instance Management

create_app_instance - Create a new application instance on a cloudlet
show_app_instance - Retrieve a specific application instance
list_app_instances - List all application instances matching filter criteria (includes UI)
update_app_instance - Update an existing application instance
refresh_app_instance - Refresh instance state
delete_app_instance - Delete an application instance (idempotent)

Installation

Clone this repository
Build the server:
```
go build -o edge-connect-mcp
```

Configuration

The server is configured via environment variables:

Required Configuration

EDGE_CONNECT_BASE_URL - Base URL of the Edge Connect API (e.g., https://hub.apps.edge.platform.mg3.mdb.osc.live)
EDGE_CONNECT_AUTH_TYPE - Authentication type: token, credentials, or none

Authentication Configuration

For token-based authentication (auth_type=token):

EDGE_CONNECT_TOKEN - Bearer token for authentication

For credentials-based authentication (auth_type=credentials):

EDGE_CONNECT_USERNAME - Username for authentication
EDGE_CONNECT_PASSWORD - Password for authentication

For no authentication (auth_type=none):

No additional configuration required (useful for testing)

Optional Configuration

EDGE_CONNECT_DEFAULT_REGION - Default region to use when not specified in tool calls (default: EU)
EDGE_CONNECT_DEBUG - Enable debug logging (true or 1)

Usage

Running the Server

The server can run in two modes:

1. Local Mode (stdio)

For local integration with Claude Desktop or other MCP clients:

export EDGE_CONNECT_BASE_URL="https://hub.apps.edge.platform.mg3.mdb.osc.live"
export EDGE_CONNECT_AUTH_TYPE="credentials"
export EDGE_CONNECT_USERNAME="your-username"
export EDGE_CONNECT_PASSWORD="your-password"
export EDGE_CONNECT_DEFAULT_REGION="EU"

# Run in stdio mode (default)
./edge-connect-mcp

# Or explicitly specify stdio mode
./edge-connect-mcp -mode stdio

2. Remote Mode (HTTP/SSE)

For remote access over HTTP with Server-Sent Events:

export EDGE_CONNECT_BASE_URL="https://hub.apps.edge.platform.mg3.mdb.osc.live"
export EDGE_CONNECT_AUTH_TYPE="credentials"
export EDGE_CONNECT_USERNAME="your-username"
export EDGE_CONNECT_PASSWORD="your-password"
export EDGE_CONNECT_DEFAULT_REGION="EU"

# Remote server configuration
export MCP_SERVER_MODE="remote"
export MCP_REMOTE_HOST="0.0.0.0"
export MCP_REMOTE_PORT="8080"

# Optional: Enable authentication for remote access
export MCP_REMOTE_AUTH_REQUIRED="true"
export MCP_REMOTE_AUTH_TOKENS="your-secret-token-1,your-secret-token-2"

# Run in remote mode
./edge-connect-mcp -mode remote -host 0.0.0.0 -port 8080

Command-line flags override environment variables:

-mode: Server mode (stdio or remote)
-host: Host to bind to (remote mode only)
-port: Port to bind to (remote mode only)

3. Remote Mode with OAuth 2.1 (Recommended for Production)

For production deployments, use OAuth 2.1 authorization:

# Edge Connect API configuration (unchanged)
export EDGE_CONNECT_BASE_URL="https://hub.apps.edge.platform.mg3.mdb.osc.live"
export EDGE_CONNECT_AUTH_TYPE="credentials"
export EDGE_CONNECT_USERNAME="your-username"
export EDGE_CONNECT_PASSWORD="your-password"

# MCP Server configuration
export MCP_SERVER_MODE="remote"
export MCP_REMOTE_HOST="0.0.0.0"
export MCP_REMOTE_PORT="8080"

# OAuth 2.1 configuration
export OAUTH_ENABLED="true"
export OAUTH_MODE="resource_server"
export OAUTH_RESOURCE_URI="https://mcp.example.com"
export OAUTH_AUTH_SERVERS="https://auth.example.com"
export OAUTH_ISSUER="https://auth.example.com"
export OAUTH_JWKS_URL="https://auth.example.com/.well-known/jwks.json"

# Run the server
./edge-connect-mcp -mode remote

For local development/testing with the built-in basic authorization server:

# Enable built-in authorization server
export OAUTH_AUTH_SERVER_ENABLED="true"
export OAUTH_AUTH_SERVER_PORT="8081"
export OAUTH_CLIENT_ID="test-client"
export OAUTH_REDIRECT_URI="http://localhost:5173/callback"

# Use localhost URIs
export OAUTH_RESOURCE_URI="http://localhost:8080"
export OAUTH_AUTH_SERVERS="http://localhost:8081"
export OAUTH_ISSUER="http://localhost:8081"
export OAUTH_JWKS_URL="http://localhost:8081/.well-known/jwks.json"

./edge-connect-mcp -mode remote

The server provides these OAuth endpoints:

MCP Server (Protected Resource):

GET /.well-known/oauth-protected-resource - Protected Resource Metadata (RFC 9728)

Basic Authorization Server (if enabled):

GET /authorize - Authorization endpoint
POST /token - Token endpoint
GET /.well-known/jwks.json - JWKS endpoint
GET /.well-known/oauth-authorization-server - Authorization server metadata (RFC 8414)

For detailed OAuth setup and security best practices, see:

Integrating with Claude Code (CLI)

To add this MCP server to Claude Code, use the mcp add command:

# Add the MCP server
claude mcp add edge-connect

# Configure the command
claude mcp edit edge-connect --set command=/path/to/edge-connect-mcp

# Set environment variables
claude mcp edit edge-connect --set-env EDGE_CONNECT_BASE_URL=https://hub.apps.edge.platform.mg3.mdb.osc.live
claude mcp edit edge-connect --set-env EDGE_CONNECT_AUTH_TYPE=credentials
claude mcp edit edge-connect --set-env EDGE_CONNECT_USERNAME=your-username
claude mcp edit edge-connect --set-env EDGE_CONNECT_PASSWORD=your-password
claude mcp edit edge-connect --set-env EDGE_CONNECT_DEFAULT_REGION=EU

Or edit your Claude Code settings file directly:

Location: ~/.claude.json (Linux/macOS) or %APPDATA%\claude-code\settings.json (Windows)

{
  "mcpServers": {
    "edge-connect": {
      "command": "/path/to/edge-connect-mcp",
      "env": {
        "EDGE_CONNECT_BASE_URL": "https://hub.apps.edge.platform.mg3.mdb.osc.live",
        "EDGE_CONNECT_AUTH_TYPE": "credentials",
        "EDGE_CONNECT_USERNAME": "your-username",
        "EDGE_CONNECT_PASSWORD": "your-password",
        "EDGE_CONNECT_DEFAULT_REGION": "EU"
      }
    }
  }
}

Verify the server is working:

# List MCP servers
claude mcp list

# Test the connection
claude mcp test edge-connect

Integrating with Claude Desktop

Local Integration (stdio mode)

Add the server to your Claude Desktop configuration file:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "edge-connect": {
      "command": "/path/to/edge-connect-mcp",
      "env": {
        "EDGE_CONNECT_BASE_URL": "https://hub.apps.edge.platform.mg3.mdb.osc.live",
        "EDGE_CONNECT_AUTH_TYPE": "credentials",
        "EDGE_CONNECT_USERNAME": "your-username",
        "EDGE_CONNECT_PASSWORD": "your-password",
        "EDGE_CONNECT_DEFAULT_REGION": "EU"
      }
    }
  }
}

Remote Integration (HTTP/SSE mode)

Start the server in remote mode:

./edge-connect-mcp -mode remote -host 0.0.0.0 -port 8080

Connect to the remote server using SSE endpoint:
```
http://your-server:8080/sse
```
If authentication is enabled, include Bearer token in requests:
```
Authorization: Bearer your-secret-token
```

The remote server provides:

SSE Endpoint: http://host:port/sse - MCP communication via Server-Sent Events
Health Check: http://host:port/health - Server health status

Tool Examples

Create an Application

{
  "organization": "my-org",
  "name": "my-app",
  "version": "1.0.0",
  "deployment": "docker",
  "image_path": "https://registry-1.docker.io/library/nginx:latest",
  "access_ports": "tcp:80",
  "default_flavor_name": "EU.small"
}

List Applications

{
  "organization": "my-org"
}

Create an Application Instance

{
  "organization": "my-org",
  "instance_name": "my-instance",
  "cloudlet_org": "cloudlet-org",
  "cloudlet_name": "cloudlet-01",
  "app_org": "my-org",
  "app_name": "my-app",
  "app_version": "1.0.0",
  "flavor_name": "EU.small"
}

List Application Instances

{
  "organization": "my-org",
  "app_name": "my-app"
}

Security

This implementation follows the security guidelines from CLAUDE.md:

Edge Connect API Security

Authentication: Supports token-based auth and credentials-based auth for Edge Connect API
Input Validation: All inputs are strictly validated using JSON schemas
Error Handling: Errors are properly categorized without leaking sensitive details
Transport Security: Expects HTTPS/TLS connections to the Edge Connect API
Least Privilege: Scoped access based on authentication credentials

Remote Server Security

When running in remote mode:

OAuth 2.1 Authorization (Recommended): Full OAuth 2.1 support with JWT validation, PKCE, and RFC 8707 token audience binding
Simple Bearer Token Authentication: Optional Bearer token validation for remote access (fallback)
Rate Limiting: Basic rate limiting to prevent DoS attacks
CORS: Configurable CORS headers for web client access
Timeouts: Request/response timeouts to prevent resource exhaustion
Graceful Shutdown: Proper shutdown handling for safe termination

Production Recommendations:

Use OAuth 2.1 with a production authorization server (Auth0, Cognito, Keycloak)
Deploy behind a reverse proxy with HTTPS/TLS termination
Use firewall rules to restrict access to trusted networks
Enable rate limiting at the reverse proxy level
Monitor and log all access attempts
Follow security best practices in docs/OAUTH_SECURITY.md

Development/Testing:

For simple testing, use MCP_REMOTE_AUTH_REQUIRED=true with bearer tokens
For OAuth testing, use the built-in basic authorization server
Never use the basic authorization server in production

Dependencies

edp.buildth.ing/DevFW-CICD/edge-connect-client/v2 - Edge Connect Go SDK
github.com/modelcontextprotocol/go-sdk - Model Context Protocol Go SDK
github.com/MCP-UI-Org/mcp-ui/sdks/go/server - MCP-UI Go SDK for interactive visualizations

Development

Project Structure

.
├── main.go                    # Server entry point and initialization
├── config.go                  # Configuration loading and validation
├── tools.go                   # MCP tool definitions and handlers
├── ui.go                      # MCP-UI visualization generators
├── auth.go                    # Authentication utilities
├── oauth/                     # OAuth 2.1 implementation
│   ├── oauth.go              # OAuth types and interfaces
│   ├── authz_server.go       # Basic authorization server
│   ├── resource_server.go    # Protected resource server
│   ├── middleware.go         # OAuth middleware
│   ├── token_validator.go    # JWT token validation
│   ├── jwks.go               # JWKS key management
│   ├── pkce.go               # PKCE implementation
│   └── storage.go            # In-memory storage
├── MCP_UI.md                  # MCP-UI integration documentation
├── README.md                  # This file
└── .env.example              # Example environment configuration

Building

go build -o edge-connect-mcp

Testing

Set up your environment variables and run the server:

./edge-connect-mcp

The server will start in stdio mode and communicate via JSON-RPC over stdin/stdout.

License

See LICENSE file for details.

Support

For issues or questions, please refer to the Edge Connect documentation or contact support.