Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Secure MCP Serverlist all available tools with their permissions"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Secure MCP Server by perfecXion.ai
██████╗ ███████╗██████╗ ███████╗███████╗ ██████╗██╗ ██╗██╗ ██████╗ ███╗ ██╗
██╔══██╗██╔════╝██╔══██╗██╔════╝██╔════╝██╔════╝╚██╗██╔╝██║██╔═══██╗████╗ ██║
██████╔╝█████╗ ██████╔╝█████╗ █████╗ ██║ ╚███╔╝ ██║██║ ██║██╔██╗ ██║
██╔═══╝ ██╔══╝ ██╔══██╗██╔══╝ ██╔══╝ ██║ ██╔██╗ ██║██║ ██║██║╚██╗██║
██║ ███████╗██║ ██║██║ ███████╗╚██████╗██╔╝ ██╗██║╚██████╔╝██║ ╚████║
╚═╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═════╝ ╚═╝ ╚═══╝
.aiA production-ready, secure, and scalable Model Context Protocol (MCP) server engineered by perfecXion.ai for enterprise deployments. Features advanced security, comprehensive monitoring, and high availability.
Features
Core Capabilities
Model Context Protocol (MCP) v0.5.0 - Full implementation of the MCP specification
WebSocket & HTTP Transport - Dual transport layer support for flexible client connectivity
Tool Management - Dynamic tool registration, validation, and execution
Context Management - Efficient context handling with configurable limits and caching
Security Features
Multi-Factor Authentication - JWT + TOTP/SMS-based 2FA
SAML 2.0 Integration - Enterprise SSO support
End-to-End Encryption - TLS 1.3 with certificate pinning
Vault Integration - HashiCorp Vault for secrets management
Rate Limiting - Configurable per-endpoint and per-user limits
RBAC - Role-based access control with granular permissions
Enterprise Features
High Availability - Multi-region deployment with automatic failover
Horizontal Scaling - Kubernetes-native with auto-scaling
Monitoring & Observability - Prometheus, Grafana, and distributed tracing
Audit Logging - Comprehensive audit trails for compliance
Database Support - PostgreSQL with read replicas and Redis caching
Message Queue Integration - RabbitMQ/Kafka for async processing
Installation
NPM Package Installation
Server Package
npm install @perfecxion/secure-mcp-serverClient SDK
npm install @perfecxion/secure-mcp-clientDocker Installation
docker pull perfecxion/secure-mcp-server:latestQuick Start
Prerequisites
Node.js >= 20.0.0
Docker & Docker Compose
PostgreSQL 15+
Redis 7+
(Optional) Kubernetes cluster for production deployment
Using NPM Package
import { SecureMCPServer } from '@perfecxion/secure-mcp-server';
const server = new SecureMCPServer({
port: 3000,
auth: {
jwt: { secret: process.env.JWT_SECRET },
apiKeys: true
}
});
await server.start();Using Client SDK
import { SecureMCPClient } from '@perfecxion/secure-mcp-client';
const client = new SecureMCPClient({
serverUrl: 'https://mcp.example.com',
apiKey: 'your-api-key'
});
await client.connect();
const tools = await client.listTools();Local Development
Clone the repository
git clone https://github.com/perfecxion-ai/secure-mcp.git
cd secure-mcpInstall dependencies
npm installConfigure environment
cp .env.example .env
# Edit .env with your configurationStart dependencies
docker-compose up -d postgres redis vaultInitialize database
npm run db:migrate
npm run db:generateInitialize Vault
npm run vault:initStart the server
npm run devThe server will be available at:
WebSocket:
ws://localhost:3000HTTP API:
http://localhost:3000/apiHealth Check:
http://localhost:3000/healthMetrics:
http://localhost:3000/metrics
Docker Deployment
# Build the image
npm run docker:build
# Run with docker-compose
npm run docker:runKubernetes Deployment
# Deploy to development environment
npm run k8s:deploy
# Deploy to production (requires kubectl context)
kubectl apply -k kubernetes/overlays/productionArchitecture Overview
graph TB
subgraph "Client Layer"
C1[MCP Client]
C2[Web Client]
C3[Mobile App]
end
subgraph "Gateway Layer"
LB[Load Balancer]
WAF[Web Application Firewall]
end
subgraph "Application Layer"
API[API Server]
WS[WebSocket Server]
AUTH[Auth Service]
end
subgraph "Data Layer"
PG[(PostgreSQL)]
REDIS[(Redis Cache)]
VAULT[(HashiCorp Vault)]
end
subgraph "Monitoring"
PROM[Prometheus]
GRAF[Grafana]
LOG[ELK Stack]
end
C1 & C2 & C3 --> LB
LB --> WAF
WAF --> API & WS
API & WS --> AUTH
API --> PG & REDIS
AUTH --> VAULT
API & WS --> PROM
PROM --> GRAF
API & WS --> LOGProject Structure
secure-mcp-server/
├── src/ # Source code
│ ├── auth/ # Authentication & authorization
│ ├── config/ # Configuration management
│ ├── database/ # Database models & migrations
│ ├── monitoring/ # Metrics & health checks
│ ├── security/ # Security middleware & utilities
│ ├── server/ # WebSocket & HTTP servers
│ ├── tools/ # MCP tool implementations
│ └── utils/ # Utility functions
├── tests/ # Test suites
│ ├── unit/ # Unit tests
│ ├── integration/ # Integration tests
│ ├── security/ # Security tests
│ └── performance/ # Performance tests
├── docker/ # Docker configurations
├── kubernetes/ # Kubernetes manifests
│ ├── base/ # Base configurations
│ └── overlays/ # Environment-specific overlays
├── scripts/ # Deployment & utility scripts
├── docs/ # Documentation
└── monitoring/ # Monitoring configurationsConfiguration
The server uses a hierarchical configuration system with environment-specific overrides:
Base Configuration -
src/config/default.tsEnvironment Variables -
.envfileSecrets Management - HashiCorp Vault
Runtime Configuration - Kubernetes ConfigMaps
Key Configuration Options
{
server: {
port: 3000,
host: "0.0.0.0",
corsOrigins: ["http://localhost:*"],
maxRequestSize: "10mb",
timeout: 30000
},
auth: {
jwtSecret: process.env.JWT_SECRET,
jwtExpiry: "1h",
refreshExpiry: "7d",
mfaRequired: true,
sessionTimeout: 3600000
},
database: {
url: process.env.DATABASE_URL,
maxConnections: 20,
ssl: { rejectUnauthorized: true }
},
redis: {
host: process.env.REDIS_HOST,
port: 6379,
password: process.env.REDIS_PASSWORD,
tls: true
},
security: {
rateLimit: {
windowMs: 60000,
maxRequests: 100
},
helmet: {
contentSecurityPolicy: true,
hsts: { maxAge: 31536000 }
}
}
}API Documentation
Authentication Endpoints
POST /api/auth/register
Register a new user account.
curl -X POST http://localhost:3000/api/auth/register \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "SecureP@ssw0rd!",
"name": "John Doe"
}'POST /api/auth/login
Authenticate and receive JWT tokens.
curl -X POST http://localhost:3000/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "SecureP@ssw0rd!"
}'POST /api/auth/refresh
Refresh access token using refresh token.
curl -X POST http://localhost:3000/api/auth/refresh \
-H "Authorization: Bearer <refresh_token>"WebSocket Connection
const WebSocket = require('ws');
const ws = new WebSocket('ws://localhost:3000', {
headers: {
'Authorization': 'Bearer <access_token>'
}
});
ws.on('open', () => {
// Send MCP request
ws.send(JSON.stringify({
jsonrpc: '2.0',
method: 'tools/list',
id: 1
}));
});
ws.on('message', (data) => {
console.log('Received:', JSON.parse(data));
});Testing
Run All Tests
npm testTest Categories
npm run test:unit # Unit tests
npm run test:integration # Integration tests
npm run test:security # Security tests
npm run test:performance # Performance tests
npm run test:coverage # Coverage reportLoad Testing
npm run load-test # Artillery load test
npm run stress-test # Artillery stress test
npm run benchmark # Autocannon benchmarkMonitoring
The server exposes comprehensive metrics and health endpoints:
Metrics:
http://localhost:3000/metrics(Prometheus format)Health:
http://localhost:3000/healthReady:
http://localhost:3000/ready
Grafana Dashboards
Access pre-configured dashboards:
npm run monitor:start
# Open http://localhost:3001 (admin/admin)Available dashboards:
System Overview
API Performance
WebSocket Connections
Database Performance
Security Events
Error Tracking
Security
Security Features
Authentication & Authorization
JWT-based authentication with refresh tokens
Multi-factor authentication (TOTP/SMS)
SAML 2.0 SSO integration
Session management with Redis
Data Protection
TLS 1.3 encryption in transit
AES-256-GCM encryption at rest
Certificate pinning for critical endpoints
Secure key rotation
Access Control
Role-based access control (RBAC)
Attribute-based access control (ABAC)
API key management
IP whitelisting
Security Monitoring
Real-time threat detection
Audit logging
Anomaly detection
Security event correlation
Security Best Practices
Regular dependency updates via Dependabot
Security scanning with Snyk
Penetration testing suite included
OWASP Top 10 compliance
SOC 2 Type II ready
ISO 27001 compliant
Performance
Benchmarks
Metric | Value | Conditions |
Requests/sec | 10,000+ | Single instance, 4 vCPU |
WebSocket Connections | 50,000+ | Single instance, 8GB RAM |
P95 Latency | <50ms | Normal load |
P99 Latency | <100ms | Normal load |
Throughput | 1GB/s | Data transfer |
Optimization Features
Connection pooling
Redis caching layer
Database query optimization
Lazy loading
Request batching
Response compression
Contributing
Please read our Developer Guide for details on our code of conduct and the process for submitting pull requests.
Development Workflow
Fork the repository
Create a feature branch (
git checkout -b feature/amazing-feature)Commit your changes (
git commit -m 'Add amazing feature')Push to the branch (
git push origin feature/amazing-feature)Open a Pull Request
Code Standards
TypeScript strict mode
ESLint configuration
Prettier formatting
95% test coverage requirement
Security review required for auth changes
Support
Documentation: Full Documentation
Issues: GitHub Issues
Security: security@perfecxion.ai
License
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
About perfecXion.ai
Connect With Us
🌐 Website: perfecxion.ai
💼 LinkedIn: perfecXion.ai