Windows Operations MCP

TECHNICAL_ARCHITECTURE.md•19.1 KiB

# 🏗️ Nest Protect MCP Server - Technical Architecture **Last Updated**: September 20, 2025 **Version**: 1.0.0 (Production) **Framework**: FastMCP 2.12.3 **Status**: ✅ **PRODUCTION READY** --- ## 🎯 Architecture Overview The Nest Protect MCP Server follows a **modular, layered architecture** designed for maintainability, scalability, and robust error handling. The system integrates Google's Smart Device Management API with the Message Control Protocol (MCP) to provide Claude Desktop with comprehensive smart home device control. ### 🆕 **Enhanced Architecture Features** - **✅ Enhanced Logging**: Comprehensive debugging and monitoring system - **✅ Pydantic V2 Models**: Modern data validation and serialization - **✅ Error Recovery**: Robust error handling with detailed logging - **✅ Production Stability**: Tested and verified operational reliability ``` ┌─────────────────────────────────────────────────────────────┐ │ Claude Desktop │ │ (MCP Client) │ └─────────────────────┬───────────────────────────────────────┘ │ STDIO Transport │ JSON-RPC Messages ┌─────────────────────▼───────────────────────────────────────┐ │ FastMCP Server │ │ (fastmcp_server.py) │ │ ┌─────────────────────────────────────────────────────────┤ │ │ Tool Registry (20 tools) │ │ │ • Device Status • Authentication │ │ │ • Device Control • Configuration │ │ │ • System Status • Help & Documentation │ │ └─────────────────────────────────────────────────────────┤ └─────────────────────┬───────────────────────────────────────┘ │ ┌─────────────────────▼───────────────────────────────────────┐ │ Tool Layer │ │ (tools/ directory) │ │ ┌─────────────────────────────────────────────────────────┤ │ │ • device_status.py • auth_tools.py │ │ │ • device_control.py • config_tools.py │ │ │ • system_status.py • help_tool.py │ │ │ • about_tool.py │ │ └─────────────────────────────────────────────────────────┤ └─────────────────────┬───────────────────────────────────────┘ │ ┌─────────────────────▼───────────────────────────────────────┐ │ State Management │ │ (state_manager.py) │ │ ┌─────────────────────────────────────────────────────────┤ │ │ • Application State (AppState) │ │ │ • OAuth Token Management │ │ │ • Configuration Storage │ │ │ • HTTP Session Pooling │ │ └─────────────────────────────────────────────────────────┤ └─────────────────────┬───────────────────────────────────────┘ │ ┌─────────────────────▼───────────────────────────────────────┐ │ External Services │ │ ┌─────────────────────────────────────────────────────────┤ │ │ Google Smart Device Management API │ │ │ • OAuth 2.0 Authentication │ │ │ • Device Discovery & Status │ │ │ • Device Control Commands │ │ │ • Real-time Event Streaming │ │ └─────────────────────────────────────────────────────────┤ └─────────────────────────────────────────────────────────────┘ ``` --- ## 🏛️ Core Components ### **1. FastMCP Server Layer** **File**: `src/nest_protect_mcp/fastmcp_server.py` **Purpose**: Central application orchestrator and tool registry **Key Features**: - **Tool Registration**: 24 tools registered with enhanced decorators - **Type Safety**: Full Pydantic model integration - **Error Handling**: Centralized exception management - **STDIO Transport**: Optimized for Claude Desktop communication **Tool Organization**: ```python # Tool Categories (24 total) Device Status (3) → Real-time device monitoring Device Control (5) → Direct device manipulation System Status (3) → Server health & diagnostics Help Tools (3) → Tool discovery & assistance Authentication (3) → OAuth 2.0 flow management Configuration (5) → Settings & preferences About/Info (2) → Documentation & device support ``` ### **2. Tool Implementation Layer** **Directory**: `src/nest_protect_mcp/tools/` **Architecture Pattern**: Function-based with async/await **Core Modules**: #### **device_status.py** - **Purpose**: Real-time device monitoring - **API Integration**: Google Smart Device Management API - **Key Functions**: - `list_devices()` - Device discovery - `get_device_status(device_id)` - Health monitoring - `get_device_events(device_id, hours)` - Event history #### **device_control.py** - **Purpose**: Direct device manipulation - **Safety Features**: Built-in validation and warnings - **Key Functions**: - `hush_alarm(device_id)` - Silence false alarms - `sound_alarm(device_id, type, duration)` - Testing ⚠️ - `arm_disarm_security(device_id, action)` - Security control #### **auth_tools.py** - **Purpose**: OAuth 2.0 authentication flow - **Security**: Secure token handling and storage - **Key Functions**: - `initiate_oauth_flow()` - Start OAuth process - `handle_oauth_callback(code, state)` - Process responses - `refresh_access_token()` - Token renewal ### **3. State Management Layer** **File**: `src/nest_protect_mcp/state_manager.py` **Design Pattern**: Singleton with async context managers **Key Features**: - **Centralized State**: Single source of truth for application state - **OAuth Management**: Secure token storage and renewal - **HTTP Session Pooling**: Optimized connection reuse - **Legacy Compatibility**: Backward compatibility layer **State Model**: ```python class AppState(BaseModel): config: Any = None # ProtectConfig instance access_token: Optional[str] = None # Current OAuth token refresh_token: Optional[str] = None # Token renewal capability token_expires_in: Optional[int] = None oauth_state: Optional[str] = None # CSRF protection http_session: Optional[ClientSession] = None # aiohttp session ``` ### **4. Data Models Layer** **File**: `src/nest_protect_mcp/models.py` **Framework**: Pydantic v2 with validation **Core Models**: #### **ProtectConfig** - **Purpose**: Application configuration management - **Validation**: Required fields with sensible defaults - **OAuth Fields**: Client credentials and project configuration #### **ProtectDeviceState** - **Purpose**: Device state representation - **Real-time Data**: Battery, sensors, connectivity - **Historical Data**: Events, maintenance, alerts --- ## 🔄 Data Flow Architecture ### **Typical Request Flow** ``` 1. Claude Desktop → JSON-RPC Request ┌─────────────────────────────────────┐ │ {"method": "tools/call", │ │ "params": {"name": "get_device_..} │ └─────────────────────────────────────┘ ↓ 2. FastMCP Server → Tool Resolution ┌─────────────────────────────────────┐ │ @app.tool("get_device_status") │ │ async def get_device_status(...) │ └─────────────────────────────────────┘ ↓ 3. Tool Function → State Management ┌─────────────────────────────────────┐ │ state = get_app_state() │ │ token = state.access_token │ └─────────────────────────────────────┘ ↓ 4. HTTP Request → Google API ┌─────────────────────────────────────┐ │ async with aiohttp.ClientSession() │ │ GET /enterprises/.../devices/... │ └─────────────────────────────────────┘ ↓ 5. Response Processing → Data Validation ┌─────────────────────────────────────┐ │ Pydantic model validation │ │ Error handling & logging │ └─────────────────────────────────────┘ ↓ 6. Claude Desktop ← JSON Response ┌─────────────────────────────────────┐ │ {"result": {...}, "success": true} │ └─────────────────────────────────────┘ ``` --- ## 🔐 Security Architecture ### **Authentication Flow** ``` 1. OAuth 2.0 Initiation ┌─────────────────────────────────────┐ │ User → initiate_oauth_flow() │ │ Returns: Google authorization URL │ └─────────────────────────────────────┘ ↓ 2. User Authorization (External) ┌─────────────────────────────────────┐ │ User authenticates with Google │ │ Grants device access permissions │ └─────────────────────────────────────┘ ↓ 3. Callback Processing ┌─────────────────────────────────────┐ │ handle_oauth_callback(code, state) │ │ Exchanges code for access tokens │ └─────────────────────────────────────┘ ↓ 4. Token Storage ┌─────────────────────────────────────┐ │ Secure storage in application state │ │ Automatic refresh token handling │ └─────────────────────────────────────┘ ``` ### **Security Features** - ✅ **OAuth 2.0 PKCE** - Proof Key for Code Exchange - ✅ **State Parameter** - CSRF protection - ✅ **Token Expiration** - Automatic refresh handling - ✅ **Secure Storage** - In-memory token management - ✅ **API Rate Limiting** - Respect Google API quotas - ✅ **Input Validation** - Pydantic model validation --- ## 🚀 Performance Architecture ### **Async/Await Design** - **Non-blocking I/O**: All HTTP requests use aiohttp - **Concurrent Processing**: Multiple API calls can be processed simultaneously - **Resource Efficiency**: Single event loop for all operations ### **Connection Management** ```python # HTTP Session Pooling async with aiohttp.ClientSession() as session: # Reuse connections for multiple requests # Automatic connection pooling # DNS caching and keep-alive ``` ### **Caching Strategy** - **Token Caching**: OAuth tokens cached until expiration - **Device State**: Short-term caching for frequently accessed data - **Configuration**: In-memory configuration caching ### **Error Handling Strategy** ```python # Multi-layer error handling try: result = await api_call() except aiohttp.ClientError as e: # Network-level errors logger.error(f"Network error: {e}") return {"error": "connectivity_issue"} except AuthenticationError as e: # Token refresh needed await refresh_token() return await retry_request() except ValidationError as e: # Data validation errors logger.error(f"Validation error: {e}") return {"error": "invalid_data"} ``` --- ## 📊 Monitoring & Observability ### **Structured Logging** ```python import structlog logger = structlog.get_logger() logger.info("Device status retrieved", device_id=device_id, response_time=duration, battery_level=status.battery) ``` ### **Metrics Collection** - **Response Times**: Track API call performance - **Error Rates**: Monitor failure frequencies - **Token Usage**: OAuth token refresh patterns - **Device Health**: Track device online/offline status ### **Health Checks** - **API Connectivity**: Regular Google API health checks - **Token Validity**: Automatic token validation - **System Resources**: Memory and CPU monitoring - **Tool Availability**: Ensure all 24 tools are functional --- ## 🔧 Development Architecture ### **Code Organization** ``` src/nest_protect_mcp/ ├── __init__.py # Package initialization ├── __main__.py # CLI entry point ├── fastmcp_server.py # Main FastMCP application ├── state_manager.py # State management layer ├── models.py # Pydantic data models ├── exceptions.py # Custom exception classes └── tools/ # Tool implementation modules ├── __init__.py ├── device_status.py # Device monitoring tools ├── device_control.py # Device control tools ├── system_status.py # System health tools ├── auth_tools.py # Authentication tools ├── config_tools.py # Configuration tools ├── help_tool.py # Help system tools └── about_tool.py # Information tools ``` ### **Testing Strategy** - **Unit Tests**: Individual tool function testing - **Integration Tests**: End-to-end API integration - **Mock Testing**: Google API response simulation - **Performance Tests**: Load and stress testing ### **CI/CD Pipeline** - **Code Quality**: Black, isort, flake8, ruff - **Type Checking**: mypy with strict configuration - **Dependency Management**: pip-tools for locked dependencies - **Documentation**: Automatic API documentation generation --- ## 🔮 Scalability Considerations ### **Horizontal Scaling** - **Stateless Design**: All state in external storage - **Load Balancing**: Multiple server instances - **Session Affinity**: Not required due to stateless design ### **Vertical Scaling** - **Memory Optimization**: Efficient object lifecycle management - **CPU Optimization**: Async processing for I/O bound operations - **Connection Pooling**: Reuse HTTP connections ### **Future Enhancements** - **WebSocket Support**: Real-time device events - **Message Queuing**: Async task processing - **Database Integration**: Persistent state storage - **Microservices**: Service decomposition for large deployments --- ## 📋 Technical Debt & Improvements ### **Current Technical Debt** 1. **Pydantic V2 Migration** - Some V1 patterns still in use 2. **Test Coverage** - Need comprehensive test suite 3. **Documentation** - API documentation could be more complete 4. **Error Messages** - Some error messages could be more user-friendly ### **Planned Improvements** 1. **Performance Optimization** - Connection pooling enhancements 2. **Enhanced Monitoring** - Metrics dashboard integration 3. **Advanced Error Handling** - Retry logic and circuit breakers 4. **Multi-Home Support** - Support for multiple Nest home configurations --- ## 🎯 Architecture Principles ### **Design Principles Applied** - ✅ **Single Responsibility** - Each tool has one clear purpose - ✅ **Dependency Injection** - State management through injection - ✅ **Interface Segregation** - Clean separation between layers - ✅ **Open/Closed Principle** - Easy to extend with new tools - ✅ **Async First** - Non-blocking I/O throughout ### **Quality Attributes** - ✅ **Reliability** - Robust error handling and recovery - ✅ **Maintainability** - Clear code organization and documentation - ✅ **Testability** - Modular design enables comprehensive testing - ✅ **Performance** - Optimized for low-latency responses - ✅ **Security** - OAuth 2.0 and secure token management --- This technical architecture provides a solid foundation for a production-ready MCP server that can scale to support enterprise use cases while maintaining excellent performance and reliability characteristics. 🏗️

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/sandraschi/windows-operations-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

TECHNICAL_ARCHITECTURE.md•19.1 KiB