MCP Multiagent Bridge

# Release Notes - v1.0.0-beta **Release Date:** October 27, 2025 **Status:** Beta Release - Production-Ready for Development/Testing Environments --- ## 🎉 Initial Public Release Claude Code Bridge is a secure, production-lean MCP server that enables two Claude Code CLI sessions to communicate and collaborate on complex tasks without sharing workspaces or credentials. ### ✨ Key Features **Secure Multi-Agent Coordination:** - HMAC-SHA256 session token authentication - Automatic secret redaction (API keys, passwords, tokens) - Atomic messaging with SQLite WAL mode - 3-hour conversation expiration - Comprehensive audit trail **YOLO Mode with 4-Stage Safeguards:** - Environment variable gate (`YOLO_MODE=1`) - Interactive confirmation with typed phrase - One-time random code validation - Time-limited approval tokens (5-minute TTL) - Single-use tokens with audit logging - Dry-run mode by default **Rate Limiting:** - 10 requests per minute - 100 requests per hour - 500 requests per day - Per-session tracking with automatic reset **Production-Ready Architecture:** - Message bridge only (no auto-execution) - Schema validation for all MCP tools - Command validation with whitelist/blacklist - Comprehensive error handling - Extensible design for future features --- ## 📦 What's Included ### Core Components - **`claude_bridge_secure.py`** - Main MCP server with rate limiting - **`yolo_guard.py`** - Multi-stage confirmation system - **`rate_limiter.py`** - Token bucket rate limiter - **`bridge_cli.py`** - CLI management tool - **`yolo_mode.py`** - Optional command execution (with safeguards) ### Testing & Security - **`test_bridge.py`** - Core functionality tests - **`test_security.py`** - Security component verification - No secrets in repository history - Secret scanning performed ### Documentation - **README.md** - Complete usage guide with policy warnings - **SECURITY.md** - Responsible disclosure policy & threat model - **CONTRIBUTING.md** - Contribution guidelines - **QUICKSTART.md** - 5-minute getting started guide - **EXAMPLE_WORKFLOW.md** - Real-world collaboration scenarios - **YOLO_MODE.md** - Command execution safety guide ### Governance - **LICENSE** - MIT License - **`.gitignore`** - Comprehensive secret prevention - **`requirements.txt`** - Pinned dependencies --- ## 🛡️ Security Highlights ### Defense-in-Depth Approach 1. **Environment Gate:** Requires explicit YOLO_MODE=1 2. **User Confirmation:** Typed phrase validation 3. **Random Code:** One-time code prevents automation 4. **Approval Tokens:** Time-limited, single-use tokens 5. **Rate Limiting:** Prevents abuse across multiple time windows 6. **Audit Logging:** Complete trail of all operations ### Policy Compliance - ✅ Anthropic Acceptable Use Policy - ✅ Anthropic Responsible Scaling Policy - ✅ OpenAI Usage Policies (if adapted) - ✅ Transparent risk disclosure --- ## 🚀 Getting Started ### 1. Installation ```bash # Clone repository git clone https://github.com/YOUR_USERNAME/mcp-multiagent-bridge.git cd mcp-multiagent-bridge # Install dependencies pip install mcp>=1.0.0 # Make executable chmod +x claude_bridge_secure.py ``` ### 2. Configure MCP Server Add to `~/.claude.json`: ```json { "mcpServers": { "bridge": { "command": "python3", "args": ["/absolute/path/to/claude_bridge_secure.py"], "env": {} } } } ``` ### 3. Start Collaborating See [QUICKSTART.md](QUICKSTART.md) for a complete walkthrough. --- ## ⚠️ Important Warnings ### Beta Status This is a **beta release** suitable for: - Development and testing environments - Isolated workspaces - Human-supervised operations **Not recommended for:** - Production systems without additional safeguards - Unattended automation - Critical infrastructure ### YOLO Mode Command execution is **disabled by default** and requires: - Explicit environment variable (`YOLO_MODE=1`) - Multi-stage user confirmation - Approval tokens for each execution - Human supervision at all times See [YOLO_MODE.md](YOLO_MODE.md) and [SECURITY.md](SECURITY.md) for complete safety guidelines. --- ## 📊 Statistics - **Lines of Code:** ~4,500 (including tests + docs) - **Python Files:** 8 - **Documentation Files:** 6 - **Test Coverage:** Core security components verified - **Dependencies:** 1 (mcp) - **License:** MIT --- ## 🤝 Contributing We welcome contributions! Please see: - [CONTRIBUTING.md](CONTRIBUTING.md) - Contribution guidelines - [SECURITY.md](SECURITY.md) - Security policy - [GitHub Issues](../../issues) - Bug reports & feature requests - [GitHub Discussions](../../discussions) - Questions & ideas --- ## 🔐 Security Found a security issue? Please follow our [responsible disclosure policy](SECURITY.md). **Contact:** - GitHub Security Advisories (preferred) - Email: danny.stocker@gmail.com --- ## 📜 License MIT License - Copyright © 2025 Danny Stocker See [LICENSE](LICENSE) for full terms. --- ## 🙏 Acknowledgments Built with: - [Claude Code](https://docs.claude.com/claude-code) by Anthropic - [Model Context Protocol (MCP)](https://modelcontextprotocol.io/) - Python 3.11+ Special thanks to the Claude Code and MCP communities for inspiration and support. --- ## 📈 Roadmap Future enhancements being considered: - Message encryption at rest - Docker sandbox for YOLO mode - Web dashboard for monitoring - OAuth/OIDC authentication - Plugin system for custom commands See open [issues](../../issues) and [discussions](../../discussions) for details. --- ## 📞 Support - **Documentation:** [README.md](README.md) - **Quick Start:** [QUICKSTART.md](QUICKSTART.md) - **Examples:** [EXAMPLE_WORKFLOW.md](EXAMPLE_WORKFLOW.md) - **Issues:** [GitHub Issues](../../issues) - **Discussions:** [GitHub Discussions](../../discussions) --- **Release Tag:** v1.0.0-beta **Release Date:** 2025-10-27 **Commit:** [View on GitHub](../../commit/main) --- *This is the initial public release. Thank you for trying Claude Code Bridge!*