devflow-ai/src/mcp/README.md

Enterprise-grade AI agent orchestration with swarm management UI dashboard

# MCP (Model Context Protocol) Implementation

This directory contains a comprehensive implementation of the Model Context Protocol (MCP) for Claude-Flow, providing robust server lifecycle management, tool registration and discovery, protocol version negotiation, security, performance monitoring, and integration with the broader orchestration system.

## Overview

The MCP implementation provides:

- **Server Lifecycle Management**: Start, stop, restart, and health monitoring
- **Tool Registry**: Registration, discovery, and capability negotiation
- **Protocol Management**: Version compatibility checking and negotiation
- **Security**: Authentication, authorization, and session management
- **Performance Monitoring**: Real-time metrics, alerting, and optimization suggestions
- **Orchestration Integration**: Seamless integration with Claude-Flow components

## Architecture

```
┌─────────────────────────────────────────────────────────────┐
│                MCP Orchestration Integration                │
├─────────────────────────────────────────────────────────────┤
│  ┌─────────────────┐  ┌─────────────────┐  ┌─────────────────┐ │
│  │ Lifecycle Mgr   │  │ Performance Mon │  │ Protocol Mgr    │ │
│  └─────────────────┘  └─────────────────┘  └─────────────────┘ │
├─────────────────────────────────────────────────────────────┤
│  ┌─────────────────┐  ┌─────────────────┐  ┌─────────────────┐ │
│  │   MCP Server    │  │  Tool Registry  │  │  Auth Manager   │ │
│  └─────────────────┘  └─────────────────┘  └─────────────────┘ │
├─────────────────────────────────────────────────────────────┤
│  ┌─────────────────┐  ┌─────────────────┐  ┌─────────────────┐ │
│  │ Request Router  │  │ Session Manager │  │ Load Balancer   │ │
│  └─────────────────┘  └─────────────────┘  └─────────────────┘ │
├─────────────────────────────────────────────────────────────┤
│  ┌─────────────────┐  ┌─────────────────┐  ┌─────────────────┐ │
│  │ Stdio Transport │  │ HTTP Transport  │  │ WebSocket (TBD) │ │
│  └─────────────────┘  └─────────────────┘  └─────────────────┘ │
└─────────────────────────────────────────────────────────────┘
```

## Core Components

### 1. MCP Server (`server.ts`)

The main MCP server implementation providing:

- Protocol-compliant request/response handling
- Tool execution and management
- Session management
- Health status reporting
- Integration with orchestration components

```typescript
import { MCPServer } from './mcp/server.js';

const server = new MCPServer(config, eventBus, logger);
await server.start();
```

### 2. Lifecycle Manager (`lifecycle-manager.ts`)

Manages server lifecycle with robust error handling:

- State management (stopped, starting, running, stopping, error)
- Health monitoring with configurable intervals
- Auto-restart with exponential backoff
- Graceful shutdown with timeout
- Event emission for state changes

```typescript
import { MCPLifecycleManager } from './mcp/lifecycle-manager.js';

const lifecycle = new MCPLifecycleManager(config, logger, serverFactory);
await lifecycle.start();
```

### 3. Tool Registry (`tools.ts`)

Enhanced tool registration and discovery:

- Capability-based tool registration
- Tool discovery by category, tags, and permissions
- Metrics tracking (invocations, success rate, execution time)
- Protocol version compatibility checking
- Input validation with JSON Schema

```typescript
import { ToolRegistry } from './mcp/tools.js';

const registry = new ToolRegistry(logger);
registry.register(tool, capability);
const tools = registry.discoverTools({ category: 'filesystem' });
```

### 4. Protocol Manager (`protocol-manager.ts`)

Handles protocol version negotiation:

- Version compatibility checking
- Capability negotiation
- Feature support detection
- Deprecation warnings
- Migration guidance

```typescript
import { MCPProtocolManager } from './mcp/protocol-manager.js';

const protocolManager = new MCPProtocolManager(logger);
const result = await protocolManager.negotiateProtocol(clientParams);
```

### 5. Authentication Manager (`auth.ts`)

Comprehensive security implementation:

- Multiple auth methods (token, basic, OAuth)
- Session management with timeouts
- Permission-based authorization
- Rate limiting and brute force protection
- Token refresh and revocation

```typescript
import { AuthManager } from './mcp/auth.js';

const auth = new AuthManager(authConfig, logger);
const result = await auth.authenticate(request, session, context);
```

### 6. Performance Monitor (`performance-monitor.ts`)

Real-time performance monitoring:

- Request/response time tracking
- Percentile calculations (P50, P95, P99)
- Custom alerting rules
- Optimization suggestions
- Resource usage monitoring

```typescript
import { MCPPerformanceMonitor } from './mcp/performance-monitor.js';

const monitor = new MCPPerformanceMonitor(logger);
const requestId = monitor.recordRequestStart(request, session);
monitor.recordRequestEnd(requestId, response);
```

### 7. Orchestration Integration (`orchestration-integration.ts`)

Seamless integration with Claude-Flow:

- Component health monitoring
- Tool registration for orchestration features
- Event forwarding and coordination
- Reconnection logic with exponential backoff
- Cross-component communication

```typescript
import { MCPOrchestrationIntegration } from './mcp/orchestration-integration.js';

const integration = new MCPOrchestrationIntegration(
  mcpConfig,
  orchestrationConfig,
  components,
  logger,
);
await integration.start();
```

## Quick Start

### Basic Server Setup

```typescript
import { MCPIntegrationFactory } from './mcp/index.js';

// Development setup
const { server, lifecycleManager, performanceMonitor } =
  await MCPIntegrationFactory.createDevelopmentSetup(logger);

await lifecycleManager.start();
```

### Full Integration Setup

```typescript
import { MCPOrchestrationIntegration } from './mcp/orchestration-integration.js';

const integration = new MCPOrchestrationIntegration(
  mcpConfig,
  {
    enabledIntegrations: {
      orchestrator: true,
      swarm: true,
      agents: true,
      resources: true,
      memory: true,
      monitoring: true,
      terminals: true,
    },
    autoStart: true,
    enableMetrics: true,
    enableAlerts: true,
  },
  {
    orchestrator,
    swarmCoordinator,
    agentManager,
    resourceManager,
    memoryManager,
    messageBus,
    monitor,
    eventBus,
    terminalManager,
  },
  logger,
);

await integration.start();
```

### Tool Registration

```typescript
// Register a simple tool
server.registerTool({
  name: 'filesystem/read',
  description: 'Read file contents',
  inputSchema: {
    type: 'object',
    properties: {
      path: { type: 'string' },
    },
    required: ['path'],
  },
  handler: async (input) => {
    const { path } = input as { path: string };
    return await fs.readFile(path, 'utf-8');
  },
});

// Register with enhanced capabilities
const toolRegistry = new ToolRegistry(logger);
toolRegistry.register(tool, {
  name: 'filesystem/read',
  version: '1.0.0',
  description: 'Read file contents with encoding support',
  category: 'filesystem',
  tags: ['file', 'read', 'io'],
  supportedProtocolVersions: [{ major: 2024, minor: 11, patch: 5 }],
  requiredPermissions: ['filesystem.read'],
});
```

## Configuration

### MCP Config

```typescript
const mcpConfig: MCPConfig = {
  transport: 'http',
  host: '0.0.0.0',
  port: 3000,
  tlsEnabled: true,
  enableMetrics: true,
  auth: {
    enabled: true,
    method: 'token',
    tokens: ['secure-token-here'],
    users: [
      {
        username: 'admin',
        password: 'hashed-password',
        permissions: ['*'],
        roles: ['admin'],
      },
    ],
  },
  loadBalancer: {
    enabled: true,
    maxRequestsPerSecond: 100,
    maxConcurrentRequests: 50,
  },
  sessionTimeout: 3600000, // 1 hour
  maxSessions: 1000,
};
```

### Orchestration Config

```typescript
const orchestrationConfig: MCPOrchestrationConfig = {
  enabledIntegrations: {
    orchestrator: true,
    swarm: true,
    agents: true,
    resources: true,
    memory: true,
    monitoring: true,
    terminals: true,
  },
  autoStart: true,
  healthCheckInterval: 30000,
  reconnectAttempts: 3,
  reconnectDelay: 5000,
  enableMetrics: true,
  enableAlerts: true,
};
```

## Monitoring and Alerting

### Performance Metrics

The performance monitor tracks:

- Request count and success rate
- Response time percentiles (P50, P95, P99)
- Throughput (requests per second)
- Memory and CPU usage
- Error rates by category

### Custom Alerts

```typescript
performanceMonitor.addAlertRule({
  id: 'high_latency',
  name: 'High Response Time',
  metric: 'p95ResponseTime',
  operator: 'gt',
  threshold: 5000, // 5 seconds
  duration: 60000, // 1 minute
  enabled: true,
  severity: 'high',
  actions: ['log', 'notify', 'escalate'],
});
```

### Optimization Suggestions

The system automatically generates optimization suggestions based on:

- Response time patterns
- Memory usage trends
- Throughput bottlenecks
- Error rate analysis

## Security Features

### Authentication Methods

1. **Token Authentication**: Static or generated tokens
2. **Basic Authentication**: Username/password with bcrypt hashing
3. **OAuth**: JWT token validation (extensible)

### Authorization

- Permission-based access control
- Role-based authorization
- Tool-specific permissions
- Session-based authorization

### Security Measures

- Rate limiting with exponential backoff
- Brute force protection
- Token expiration and refresh
- Session timeout management
- Input validation and sanitization

## Error Handling

### Reconnection Logic

- Exponential backoff for failed connections
- Circuit breaker pattern for failing components
- Health check recovery
- Graceful degradation

### Error Recovery

- Automatic restart on critical failures
- State preservation during restarts
- Error categorization and handling
- Rollback capabilities

## Testing

Comprehensive test suite covering:

- Unit tests for all components
- Integration tests for cross-component interaction
- Performance benchmarks
- Security validation
- Protocol compliance testing

```bash
npm test src/mcp/tests/mcp-integration.test.ts
```

## Transport Implementations

### Stdio Transport (`transports/stdio.ts`)

For command-line and process-based communication:

- Standard input/output handling
- Process lifecycle management
- Error stream handling

### HTTP Transport (`transports/http.ts`)

For web-based communication:

- RESTful API endpoints
- WebSocket upgrade support
- CORS handling
- TLS/SSL support

### WebSocket Transport (Planned)

For real-time bidirectional communication:

- Connection management
- Message framing
- Reconnection handling

## Extension Points

### Custom Tools

Implement custom tools by providing:

- Tool definition with schema
- Handler function
- Capability information
- Permission requirements

### Custom Transports

Implement the `ITransport` interface:

- Request/response handling
- Connection management
- Health status reporting

### Custom Authentication

Extend the `AuthManager` class:

- Custom authentication methods
- Integration with external providers
- Custom permission models

## Best Practices

### Performance

- Use batch operations for multiple requests
- Implement proper caching strategies
- Monitor memory usage and clean up resources
- Use connection pooling for HTTP transport

### Security

- Always use HTTPS in production
- Implement proper token rotation
- Use strong password hashing (bcrypt)
- Monitor for suspicious activity

### Reliability

- Implement health checks for all components
- Use graceful shutdown procedures
- Monitor system resources
- Implement proper logging and alerting

### Scalability

- Use load balancing for high traffic
- Implement horizontal scaling strategies
- Monitor performance metrics
- Use asynchronous operations where possible

## Troubleshooting

### Common Issues

1. **Connection Failures**: Check network connectivity and firewall settings
2. **Authentication Errors**: Verify tokens and credentials
3. **Performance Issues**: Monitor metrics and check for bottlenecks
4. **Memory Leaks**: Review resource cleanup and garbage collection

### Debug Mode

Enable debug logging:

```typescript
const logger = createLogger({ level: 'debug' });
```

### Health Checks

Monitor component health:

```typescript
const health = await server.getHealthStatus();
console.log('Server healthy:', health.healthy);
console.log('Metrics:', health.metrics);
```

## Future Enhancements

- WebSocket transport implementation
- Advanced load balancing algorithms
- Machine learning-based optimization
- Enhanced security features (2FA, SSO)
- Distributed deployment support
- Real-time collaboration features

## API Reference

See the individual component files for detailed API documentation:

- [Server API](./server.ts)
- [Lifecycle Manager API](./lifecycle-manager.ts)
- [Tool Registry API](./tools.ts)
- [Protocol Manager API](./protocol-manager.ts)
- [Auth Manager API](./auth.ts)
- [Performance Monitor API](./performance-monitor.ts)
- [Orchestration Integration API](./orchestration-integration.ts)