Full CI/CD status & all badges: docs/ci-cd/badges.mdx | Telemetry Dashboard: vishnu2kmohan.github.io/mcp-server-langgraph
A production-ready cookie-cutter template for building MCP servers with LangGraph's Functional API. Features comprehensive authentication (JWT), fine-grained authorization (OpenFGA), secrets management (Infisical), and OpenTelemetry-based observability.
π― Opinionated, production-grade foundation for your MCP server projects.
Pick the quickstart that matches your needs:
| Path | Time | What You Get | Best For |
|---|---|---|---|
| Quickstart (Zero Infrastructure) | < 2 min | In-memory agent, no Docker, free LLM tier | Learning, prototyping, exploring |
| Local Development | ~5 min | Redis + PostgreSQL, persistence, dev mode | Feature development, integration testing |
| Full Production | ~20 min | Complete stack: auth, observability, compliance | Production deployment, enterprise features |
New here? β Start with Day-1 Developer Guide for step-by-step instructions
This project uses 19 GitHub Actions workflows with Google Cloud Platform (GCP) Workload Identity Federation for secure deployments.
Quick setup: SECRETS.md | Full CI/CD status: docs/ci-cd/badges.mdx | Workflow details: .github/archive/audits-2025-11/WORKFLOW_AUDIT_REMAINING.md
Quick Links:
- π Use as Template - Generate your own MCP server project
- β‘ Quick Start - Get running in 2 minutes
- π¦ Installation - Setup instructions
- ποΈ Architecture - System design and agentic loop
- π Authentication - Security setup
- π’ Deployment - Production deployment guides
Main Sections:
- Template vs Project Usage - Choose your approach
- Features - Core capabilities and best practices
- Documentation - Complete guides and references
- Requirements - System and service requirements
- Usage - MCP server usage and client configuration
- Testing Strategy - Multi-layered testing approach
- Feature Flags - Dynamic feature control
- Observability - LangSmith and OpenTelemetry
- Configuration - Environment variables and settings
- Security Considerations - Production checklist
- API Gateway & Rate Limiting - Kong integration
- Quality Practices - Code quality standards
- Contributing - Contribution guidelines
- Support - Get help and report issues
# Generate your own MCP server project
uvx cookiecutter gh:vishnu2kmohan/mcp-server-langgraph
# Answer a few questions and get a fully configured project!See Cookiecutter Template Strategy for detailed information.
Choose the approach that matches your goals:
| Use Case | As Template | Clone Directly |
|---|---|---|
| Best For | Building your own custom MCP server | Learning, testing, or using reference implementation |
| Command | uvx cookiecutter gh:vishnu2kmohan/mcp-server-langgraph |
git clone https://github.com/vishnu2kmohan/mcp-server-langgraph.git && cd mcp-server-langgraph && uv sync |
| You Get | Customizable project scaffold: β’ Your project name, author, license β’ Choose features (auth, observability, deployment) β’ Select LLM providers β’ Implement custom tools |
Fully working reference implementation: β’ Example tools ( agent_chat, conversation_search, conversation_get)β’ Complete observability stack β’ Production-ready deployment configs β’ Comprehensive test suite |
| Next Steps | 1. Customize tools in agent.py2. Update authorization in scripts/setup/setup_openfga.py3. Configure .env with your API keys4. Deploy your custom server |
1. Copy .env.example to .env2. Add API keys (GOOGLE_API_KEY, etc.) 3. Run make run-streamable4. See Quick Start for details |
| Learn More | Cookiecutter Template Strategy (ADR-0011) | Quick Start Guide |
π‘ Recommendation: Use As Template for production projects, Clone Directly for learning and testing.
This project achieves reference-quality implementation of Anthropic's AI agent best practices with measurable improvements:
- π― Just-in-Time Context Loading: 60% token reduction via dynamic semantic search (Qdrant)
- β‘ Parallel Tool Execution: 1.5-2.5x faster through concurrent execution with dependency resolution
- π Enhanced Structured Note-Taking: LLM-based 6-category information extraction
- β Complete Agentic Loop: Gather-action-verify-repeat with 40-60% token reduction, 23% quality improvement
See: Complete Assessment | ADR-0023, ADR-0024, ADR-0025
Execute Python code securely with comprehensive validation and sandboxing:
- Dual Backend Support: Docker Engine (local/dev) + Kubernetes Jobs (production)
- AST-Based Validation: Import whitelist, blocks 30+ dangerous modules (os, subprocess, eval, etc.)
- Resource Limits: CPU, memory, timeout, disk quotas with enforcement
- Network Isolation: Configurable modes (none/allowlist/unrestricted)
- OWASP Top 10 Defenses: 34 security tests covering injection, deserialization, privilege escalation
- Progressive Tool Discovery: 98%+ token savings via
search_toolsendpoint (Anthropic best practice) - Feature Flagged: Disabled by default (fail-closed security)
Test Coverage: 162 tests (100% passing) | Security: 96% code coverage | Backends: Docker + Kubernetes
See: Implementation Summary | Anthropic MCP Guide
- Multi-LLM Support: 100+ providers via LiteLLM (Anthropic, OpenAI, Google, Azure, Bedrock, Ollama) + open-source models (Llama, Qwen, Mistral)
- MCP Protocol: Standard stdio & StreamableHTTP transports for AI agent exposure
- Enterprise Auth: JWT authentication, Keycloak SSO (OIDC/OAuth2), automatic token refresh, JWKS verification
- Session Management: InMemory (dev) or Redis (prod) with TTL, sliding windows, lifecycle management
- Fine-Grained Authorization: OpenFGA (Zanzibar-style) with role mapping, Keycloak sync, hierarchies
- Secrets Management: Infisical integration + env var fallback
- Observability: Dual stack (OpenTelemetry + LangSmith), Jaeger/Prometheus/Grafana, 30+ metrics, structured JSON logging
- LangGraph Platform: One-command deploy to managed cloud
Complete GDPR compliance with 6 API endpoints (Articles 15-21) and PostgreSQL storage backend. Features include atomic deletions, 7-year audit logs, and 14x cost savings vs Redis. Covers GDPR, HIPAA Β§164.312/Β§164.316, and SOC2 CC6.6/PI1.4.
See: GDPR API Reference | ADR-0041: PostgreSQL Storage | Storage Configuration | GDPR Compliance Guide
Install optional features on demand: Code Execution ([code-execution]), Secrets Management ([secrets]), Self-Hosted Embeddings ([embeddings]), All Features ([all]). Production requires persistent storage (PostgreSQL/Redis) for GDPR complianceβin-memory mode is blocked.
Code Execution: Requires Docker (local) or Kubernetes (production). Enable with ENABLE_CODE_EXECUTION=true.
See: Installation Guide | Code Execution Summary | GDPR Storage Configuration
27+ property tests, 20+ contract tests, performance regression tracking, mutation testing (80%+ target), strict typing (gradual rollout), OpenAPI validation. See Testing Strategy.
Kubernetes-ready for GKE/EKS/AKS with Helm charts, Kustomize overlays, automated CI/CD, HA (anti-affinity, HPA, PDB), 25+ Prometheus alerts, 4 Grafana dashboards. Service mesh compatible. See Deployment Guide.
Primary Resources:
- Mintlify Documentation - Complete guides, tutorials, API references
- API Docs - Interactive OpenAPI/Swagger UI (local)
- 39 Architecture Decision Records - Key ADRs: 0001-LiteLLM, 0002-OpenFGA, 0023-Anthropic Tools, 0024-Agentic Loop
Deployment & Operations:
Examples: Examples Directory with demos for dynamic context loading, parallel execution, note-taking, and complete workflows
- Python: 3.10, 3.11, or 3.12
- Memory: 2GB RAM minimum (4GB recommended for production)
- Disk: 500MB for dependencies + 1GB for optional vector databases
- OS: Linux, macOS, or Windows with WSL2
- Redis: Session storage (or use in-memory mode)
- PostgreSQL: Compliance data storage (optional)
- OpenFGA: Fine-grained authorization (optional)
- Qdrant/Weaviate: Vector database for semantic search
- Jaeger: Distributed tracing visualization
- Prometheus + Grafana: Metrics and monitoring
See Production Checklist for detailed requirements.
Using uv (10-100x faster than pip, reproducible builds):
# From PyPI
uv pip install mcp-server-langgraph
# Or clone and develop
git clone https://github.com/vishnu2kmohan/mcp-server-langgraph.git
cd mcp-server-langgraph
uv sync # Installs all dependencies from pyproject.toml + uv.lockVerify: python -c "import mcp_server_langgraph; print(mcp_server_langgraph.__version__)"
See: Complete Installation Guide for Docker, venv setup, optional dependencies, and configuration
System Flow: MCP Client β Auth Middleware (JWT + OpenFGA) β LangGraph Agent β Observability Stack (Jaeger/Prometheus/Grafana)
Agentic Loop: Implements Anthropic's gather-action-verify-repeat cycle with 6 enhancements:
- Just-in-Time Context Loading: Dynamic semantic search (60% token reduction)
- Context Compaction: Prevents overflow (40-60% token reduction)
- Parallel Tool Execution: Concurrent execution (1.5-2.5x speedup)
- Enhanced Note-Taking: LLM-based 6-category extraction
- Output Verification: LLM-as-judge pattern (23% quality improvement)
- Iterative Refinement: Up to 3 self-correction attempts
See: Architecture Overview | ADR-0024: Agentic Loop | ADR-0025: Enhancements | All ADRs
Multi-Database Design: Single PostgreSQL instance with dedicated databases per service for clear separation of concerns and optimized schema management.
| Database | Purpose | Tables | Managed By | Retention |
|---|---|---|---|---|
| gdpr / gdpr_test | GDPR compliance data (user profiles, consents, audit logs) | 5 tables | Schema migrations | 7 years (audit logs) |
| openfga / openfga_test | OpenFGA authorization (relationship tuples, policies) | 3 tables | OpenFGA service | Indefinite |
| keycloak / keycloak_test | Keycloak authentication (users, realms, clients) | 3 tables | Keycloak service | Indefinite |
Databases use environment-aware naming for clear separation:
# Development/Staging/Production
gdpr, openfga, keycloak
# Test Environment
gdpr_test, openfga_test, keycloak_testDetection: Automatic environment detection from POSTGRES_DB variable (suffix _test triggers test mode)
Database initialization is fully automated via migrations/000_init_databases.sh:
- Environment detection (dev vs test)
- Create all 3 databases (idempotent)
- Apply GDPR schema migrations
- Validate table structure (5 GDPR tables)
Validation: Runtime validation via src/mcp_server_langgraph/health/database_checks.py ensures architecture compliance per ADR-0056.
# Docker Compose (automatic initialization)
docker-compose up -d postgres
# Manual validation
python -c "
from mcp_server_langgraph.health.database_checks import validate_database_architecture
import asyncio
result = asyncio.run(validate_database_architecture())
print(f'Valid: {result.is_valid}')
print(f'Databases: {list(result.databases.keys())}')
"See: ADR-0060: Database Architecture | Migration Script | Database Validation Module
Get the complete stack running in 2 minutes:
# Quick start script handles everything
./scripts/docker-compose-quickstart.shThis starts:
- Agent API: http://localhost:8000 (MCP agent)
- OpenFGA: http://localhost:8080 (authorization)
- OpenFGA Playground: http://localhost:3001
- Jaeger UI: http://localhost:16686 (distributed tracing)
- Prometheus: http://localhost:9090 (metrics)
- Grafana: http://localhost:3000 (visualization, admin/admin)
- PostgreSQL: localhost:5432 (OpenFGA storage)
Then setup OpenFGA:
python scripts/setup/setup_openfga.py
# Add OPENFGA_STORE_ID and OPENFGA_MODEL_ID to .env
docker-compose restart agentTest the agent:
curl http://localhost:8000/healthSee Docker Compose documentation for details.
uv sync # Install dependencies
make git-hooks # Setup git hooks (REQUIRED for contributors)
cp .env.example .env # Configure (add GOOGLE_API_KEY)
docker-compose up -d openfga postgres # Start infrastructure
python scripts/setup/setup_openfga.py # Setup auth (save IDs to .env)
python -m mcp_server_langgraph.mcp.server_streamable # Run agent
curl http://localhost:8000/health # TestGit Hooks (2-stage validation):
- Pre-commit (< 30s): Fast validation on changed files - commit frequently!
- Pre-push (8-12 min): Comprehensive validation matching CI - prevents surprises!
See: Complete Installation Guide | Day-1 Developer Guide | Git Hooks Guide
SECURITY NOTE: As of version 2.8.0, InMemoryUserProvider no longer seeds default users (alice, bob, admin) to prevent hard-coded credential vulnerabilities (CWE-798).
For testing/development with InMemoryUserProvider, explicitly create users:
from mcp_server_langgraph.auth.user_provider import InMemoryUserProvider
# Create provider with password hashing
provider = InMemoryUserProvider(use_password_hashing=True)
# Add test users
provider.add_user(
username="testuser",
password="secure-password-123",
email="[email protected]",
roles=["user", "premium"]
)
provider.add_user(
username="admin",
password="admin-secure-password",
email="[email protected]",
roles=["admin"]
)For Production: Use KeycloakUserProvider instead of InMemoryUserProvider. See Authentication for configuration details.
python -m mcp_server_langgraph.mcp.server_stdiopython examples/client_stdio.pyAdd to your MCP client config (e.g., Claude Desktop):
{
"mcpServers": {
"langgraph-agent": {
"command": "python",
"args": ["/path/to/mcp_server_langgraph/src/mcp_server_langgraph/mcp/server_stdio.py"]
}
}
}Enterprise-grade authentication and fine-grained authorization powered by Keycloak and OpenFGA:
| Feature | Technology | Use Case | Guide |
|---|---|---|---|
| JWT Authentication | Keycloak RS256 | All API calls require tokens (15min lifetime) | Migration Guide |
| Service Principals | Keycloak + 30-day refresh | Machine-to-machine authentication | Service Principals |
| API Keys | Bcrypt-hashed keys β JWT | Long-lived keys for automation | API Key Management |
| Identity Federation | LDAP, SAML, OIDC | Integrate existing identity providers (Google, Azure AD, Okta) | Identity Federation |
| SCIM Provisioning | SCIM 2.0 | Automated user/group sync from enterprise systems | SCIM Provisioning |
| Fine-Grained Authz | OpenFGA (Zanzibar) | Relationship-based access control per tool/resource | OpenFGA Setup |
Quick Example (JWT Authentication):
# 1. Login to get JWT
response = httpx.post("http://localhost:8000/auth/login",
json={"username": "alice", "password": "alice123"})
token = response.json()["access_token"]
# 2. Use token in tool calls
response = httpx.post("http://localhost:8000/message",
json={"method": "tools/call", "params": {"name": "agent_chat", "arguments": {"token": token, "message": "Hello!"}}})Development Users (
alice/alice123(premium user) |bob/bob123(standard user) |admin/admin123(admin)
Production: Use AUTH_PROVIDER=keycloak with proper SSO. See Keycloak Integration Guide for setup.
Production-grade pipeline with 19 GitHub Actions workflows organized into four categories:
- π CI/CD: Main pipeline (Python 3.10-3.12, multi-arch Docker), E2E tests, quality tests (property/contract/mutation), coverage tracking
- π Security: Trivy/CodeQL/secrets scanning, GCP compliance validation, drift detection (6-hour intervals)
- π Deployment: Automated staging deploys, manual production approval, version management
- π€ Automation: Dependabot auto-merge, link checking, stale issue management
Key Metrics: 12 min avg build (66% faster), 80%+ coverage enforced, ~$40/month cost, automated staging + manual prod approval
See: Complete CI/CD Documentation | Workflow Details | CI/CD Status
Multi-layered testing approach ensuring production quality:
| Test Type | Count | Command | Purpose |
|---|---|---|---|
| Unit Tests | ~400 tests | make test-unit |
Fast tests with mocked dependencies (2-5s) |
| Integration Tests | ~200 tests | make test-integration |
End-to-end with real infrastructure |
| Property Tests | 27+ tests | make test-property |
Edge case discovery with Hypothesis |
| Contract Tests | 20+ tests | make test-contract |
MCP protocol compliance validation |
| Performance Tests | Baseline tracking | make test-regression |
Latency monitoring (p95 thresholds) |
| Mutation Tests | 80%+ target | make test-mutation |
Test effectiveness measurement |
Quick Start: make test (runs unit + integration tests)
Coverage Report: make test-coverage (opens htmlcov/index.html)
Complete Details: See Testing Documentation for metrics, strategies, and CI/CD integration
Tests run in parallel across multiple GitHub Actions workflows for comprehensive quality assurance:
| Workflow | Tests | Duration | Trigger | Status Check |
|---|---|---|---|---|
| ci.yaml | Unit tests (pytest -m "unit and not llm") |
~5-10 min | Every PR, push to main/develop | β Required |
| integration-tests.yaml | Integration tests (pytest -m integration) |
~8-12 min | Every PR, push to main/develop | β Required |
| e2e-tests.yaml | E2E tests (pytest -m e2e) + API tests |
~15-20 min | Every PR, push to main/develop, weekly | β Required |
| quality-tests.yaml | Property, contract, performance tests | ~10-15 min | Every PR, push to main/develop | β Required |
Infrastructure:
- ci.yaml: Fast unit tests with mocked dependencies
- integration-tests.yaml: Full Docker stack with 4x parallelization via pytest-split (PostgreSQL:9432, Redis:9379, OpenFGA:9080, Keycloak:9082, Qdrant:9333)
- e2e-tests.yaml: Full Docker stack on offset ports for complete user journey validation
- quality-tests.yaml: Property-based testing (Hypothesis), contract validation (MCP protocol), performance regression tracking
Parallelization:
- integration-tests.yaml uses pytest-split with matrix strategy (4 groups) for 4x faster execution
- Each group runs independently for maximum CI efficiency
Pre-push Hooks:
- Fast mode (default): Optimized unit tests (~2-3 min) via pytest-xdist parallel execution
- Comprehensive mode:
make validate-pre-pushruns all test suites including integration tests (~8-12 min)
Best Practice: All workflows run in parallel for fast feedback. Integration tests now have full CI visibility with parallelization, catching infrastructure issues before merge.
Control features dynamically without code changes:
# Enable/disable features via environment variables
FF_ENABLE_PYDANTIC_AI_ROUTING=true # Type-safe routing (default: true)
FF_ENABLE_LLM_FALLBACK=true # Multi-model fallback (default: true)
FF_ENABLE_OPENFGA=true # Authorization (default: true)
FF_OPENFGA_STRICT_MODE=false # Fail-closed vs fail-open (default: false)
FF_PYDANTIC_AI_CONFIDENCE_THRESHOLD=0.7 # Routing confidence (default: 0.7)
# All flags with FF_ prefix (20+ available)Key Flags:
enable_pydantic_ai_routing: Type-safe routing with confidence scoresenable_llm_fallback: Automatic fallback to alternative modelsenable_openfga: Fine-grained authorization (disable for development)openfga_strict_mode: Fail-closed (deny on error) vs fail-open (allow on error)enable_experimental_*: Master switches for experimental features
See: src/mcp_server_langgraph/core/feature_flags.py for all flags and validation
Dual observability stack: OpenTelemetry for infrastructure + LangSmith for LLM-specific tracing.
Set LANGSMITH_API_KEY for automatic tracing of all LLM calls. Features: prompt engineering, evaluations, user feedback, cost tracking, debugging. View at smith.langchain.com.
End-to-end distributed tracing with Jaeger (http://localhost:16686), metrics with Prometheus (http://localhost:9090), structured JSON logging with trace correlation. Automatic collection of 30+ metrics (tool calls, auth failures, response duration).
Quick Start: Run docker compose up to launch full observability stack (Jaeger, Prometheus, Grafana).
See: Complete Observability Guide | LangSmith Integration | Monitoring Setup
The agent uses the functional API with:
- State Management: TypedDict-based state with message history
- Conditional Routing: Dynamic routing based on message content
- Tool Integration: Extensible tool system (extend in
src/mcp_server_langgraph/core/agent.py) - Checkpointing: Conversation persistence with MemorySaver
Add tools in src/mcp_server_langgraph/core/agent.py:
def custom_tool(state: AgentState) -> AgentState:
# Your tool logic
return state
workflow.add_node("custom_tool", custom_tool)
workflow.add_edge("router", "custom_tool")All settings via environment variables, Infisical, or .env file. Key variable categories:
- LLM:
ANTHROPIC_API_KEY,MODEL_NAME(Claude Sonnet 4.5 default),GOOGLE_API_KEY - Auth/Session:
JWT_SECRET_KEY,OPENFGA_STORE_ID,OPENFGA_MODEL_ID,AUTH_PROVIDER(inmemory/keycloak) - Observability:
OTLP_ENDPOINT,LANGSMITH_API_KEY,LOG_LEVEL - Anthropic Features: Dynamic context loading, parallel execution, verification (all disabled by default)
- Secrets Loading: Infisical (preferred) β Environment variables β Defaults
See: Complete Configuration Reference | Config Source Code | Example .env
Access Grafana at http://localhost:3000 (admin/admin) and create dashboards using:
- Prometheus datasource: Metrics visualization
- Jaeger datasource: Trace exploration
Example queries:
- Request rate:
rate(agent_tool_calls_total[5m]) - Error rate:
rate(agent_calls_failed_total[5m]) - P95 latency:
histogram_quantile(0.95, agent_response_duration_bucket)
π Production Checklist:
- Store JWT secret in Infisical
- Use production Infisical project with proper access controls
- Configure OpenFGA with PostgreSQL backend (not in-memory)
- Enable OpenFGA audit logging
- Enable TLS for all services (OTLP, OpenFGA, PostgreSQL)
- Implement rate limiting on MCP endpoints
- Use production-grade user database
- Review and minimize OpenFGA permissions
- Set up secret rotation in Infisical
- Enable monitoring alerts for auth failures
- Implement token rotation and revocation
- Use separate OpenFGA stores per environment
- Enable MFA for Infisical access
Choose your deployment platform based on operational needs:
| Platform | Deploy Time | Best For | Key Features | Guide |
|---|---|---|---|---|
| LangGraph Platform | uvx langgraph-cli deploy |
Zero-ops, full observability | Managed hosting, auto-scaling, integrated LangSmith | Guide |
| Google Cloud Run | ~5 min | Serverless, pay-per-use | 0-100+ instances, auto HTTPS, Secret Manager | Guide |
| Kubernetes (GKE) | ~30 min | Production, multi-cloud | Full Terraform, 32 overlays, Workload Identity, π’ Prod Ready | Guide |
| Kubernetes (EKS) | ~30 min | AWS production | Full Terraform, Karpenter, IRSA, RDS/ElastiCache, π’ Prod Ready | Guide |
| Kubernetes (AKS) | ~45 min | Azure production | Manual deployment, π΄ Alpha (Terraform in dev) | Guide |
| Docker Compose | 2 min | Local development | Full stack with observability, quick iteration | Guide |
| Helm Charts | 10 min | K8s with customization | Flexible values, multi-environment support | Guide |
Kubernetes Platform Maturity:
- GKE: Full automation (dev/staging/prod), 32 Kustomize overlays, Cloud SQL, Workload Identity
- EKS: Full automation (dev/staging/prod), Karpenter autoscaling, IRSA, RDS/ElastiCache
- AKS: Manual deployment only, Terraform automation under development
- Rancher/Tanzu: Generic manifests, community-supported
Quick Kubernetes Deploy:
# Helm deployment
helm install langgraph-agent ./deployments/helm/langgraph-agent --set image.tag=v1.0.0
# Or Kustomize
kubectl apply -k deployments/kustomize/overlays/productionSee: Complete Deployment Guide | Production Checklist | GKE Staging Setup
Kong API Gateway integration provides:
- Rate Limiting: Tiered limits (60-1000 req/min) per consumer/tier
- Authentication: JWT, API Key, OAuth2
- Traffic Control: Request transformation, routing, load balancing
- Security: IP restriction, bot detection, CORS
- Monitoring: Prometheus metrics, request logging
# Deploy with Kong rate limiting
helm install langgraph-agent ./deployments/helm/langgraph-agent \
--set kong.enabled=true \
--set kong.rateLimitTier=premium
# Or apply Kong manifests directly
kubectl apply -k deployments/kubernetes/kong/See Kong Gateway Integration for complete Kong setup and rate limiting configuration.
The agent supports multiple MCP transports:
- StreamableHTTP (Recommended): Modern HTTP streaming for production
- stdio: For Claude Desktop and local applications
# StreamableHTTP (recommended for web/production)
python -m mcp_server_langgraph.mcp.server_streamable
# stdio (local/desktop)
python -m mcp_server_langgraph.mcp.server_stdio
# Access StreamableHTTP endpoints
POST /message # Main MCP endpoint (streaming or regular)
GET /tools # List tools
GET /resources # List resourcesWhy StreamableHTTP?
- β Modern HTTP/2+ streaming
- β Better load balancer/proxy compatibility
- β Proper request/response pairs
- β Full MCP spec compliance
- β Works with Kong rate limiting
Registry compliant - Includes manifest files for MCP Registry publication.
See MCP Registry Guide for registry deployment and transport configuration.
Quality Score: 9.6/10 across 7 dimensions (Code Organization, Testing, Type Safety, Documentation, Error Handling, Observability, Security).
Quality Gates: Pre-commit hooks (Ruff linting + formatting, mypy type checking, bandit security scanning) + CI/CD (unit/integration/property/contract/regression/mutation tests, OpenAPI validation). All tests run on Python 3.10-3.12.
Linting & Formatting (consolidated to Ruff for 10-100x faster performance):
make lint-check- Run Ruff linter (replaces flake8 + isort checks)make lint-fix- Auto-fix linting issues + format code (replaces black + isort)make lint-format- Format code only (replaces black)make lint-type-check- Run mypy type checking (unchanged)make lint-security- Run bandit security scan (unchanged)
Testing:
make test-unit- Fast unit tests with mocked dependenciesmake test-integration- End-to-end with real infrastructuremake test-coverage- Generate coverage reportmake validate-pre-push- Quick validation (skip integration tests)CI_PARITY=1 make validate-pre-push- Full CI-equivalent validation (includes integration tests)
Development: Branch protection, conventional commits, code review required, 59 ADRs documenting architectural decisions.
See: Complete Development Guide | Testing Strategy | Contributing Guidelines
Thanks to all the amazing people who have contributed to this project! π
This project follows the all-contributors specification.
Want to be listed here? See CONTRIBUTING.md!
Need help? Check out our Support Guide for:
- π Documentation links
- π¬ Where to ask questions
- π How to report bugs
- π Security reporting
MIT - see LICENSE file for details
Built with:
- LangGraph - Agent framework
- MCP - Model Context Protocol
- OpenFGA - Authorization
- LiteLLM - Multi-LLM support
- OpenTelemetry - Observability
Special thanks to the open source community!
We welcome contributions from the community! π
-
Read the guides:
- CONTRIBUTING.md - Contribution guidelines
- Development Guide - Developer setup
-
Find something to work on:
-
Get help:
This project uses tiered validation hooks optimized for developer productivity:
| Stage | Duration | What Runs | When |
|---|---|---|---|
| Pre-commit | < 30s | Formatting, linting, quick checks | Every commit |
| Pre-push | 8-12min | Unit, smoke, API, integration tests | Every push |
| CI/Full | 12-15min | Complete validation with CI profile | Pull requests, CI |
Key Points:
- Pre-push uses dev profile (25 property test examples) for faster iteration
- CI uses ci profile (100 property test examples) for thorough validation
- Integration tests included in pre-push for CI parity
- Bypass for emergencies:
git push --no-verify(use sparingly!)
Validation Tiers:
make validate-commit # Tier-1: < 30s (quick checks)
make validate-push # Tier-2: 3-5min (focused validation)
make validate-pre-push # Tier-3: 8-12min (CI-equivalent, includes integration)See CONTRIBUTING.md for detailed validation workflow.
- π» Code: Features, bug fixes, performance improvements
- π Documentation: Guides, tutorials, API docs
- π§ͺ Testing: Unit tests, integration tests, test coverage
- π Security: Security improvements, audits
- π Translations: i18n support (future)
- π‘ Ideas: Feature requests, architecture discussions
All contributors will be recognized in our Contributors section!