firm-mcp-server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@firm-mcp-serverpush my current VS Code context to Firm session"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
firm-mcp-server
Python MCP server (port 8012) that bridges VS Code Copilot agents to the [Firm](https://github.com/the server) Gateway ecosystem. Companion to setup-vs-agent-firm.
Tools (138)
Module | Tool | Description | Gaps |
vs_bridge |
| Push VS Code context → Firm session | — |
vs_bridge |
| Pull Firm session state → VS Code | — |
vs_bridge |
| Associate workspace path ↔ session ID | — |
vs_bridge |
| Bridge health check | — |
gateway_fleet |
| Parallel health-check all instances | — |
gateway_fleet |
| Register a Gateway instance | — |
gateway_fleet |
| Remove a Gateway instance | — |
gateway_fleet |
| Broadcast to all instances | — |
gateway_fleet |
| Sync config+skills to all instances | — |
gateway_fleet |
| List instances | — |
delivery_export |
| Create draft PR on GitHub | — |
delivery_export |
| Create Jira ticket (ADF) | — |
delivery_export |
| Create Linear issue (GraphQL) | — |
delivery_export |
| Post Slack digest (Block Kit) | — |
delivery_export |
| Write local Markdown deliverable | — |
delivery_export |
| Auto-route by | — |
security_audit |
| Scan files for SQL injection + XSS patterns | C1 |
security_audit |
| Detect | C2 |
security_audit |
| Detect ephemeral SESSION_SECRET in .env/compose | C3 |
security_audit |
| Detect Funnel without rate limiter → CRITICAL | H8 |
acp_bridge |
| Persist ACP session to | C4 |
acp_bridge |
| Restore persisted ACP session by run_id | C4 |
acp_bridge |
| List ACP sessions active in last N hours | C4 |
acp_bridge |
| Inject env vars to spawned sessions (allowlist) | H3 |
acp_bridge |
| Schedule cron with sandbox enforcement | H4 |
acp_bridge |
| Advisory file lock with owner tracking ( | H5 |
acp_bridge |
| ACPX plugin version pin (≥0.1.15) + streaming mode check | 3.1 |
reliability_probe |
| WS probe with backoff — detects close 1006, returns | H6/H7 |
reliability_probe |
| Detect version drift in docs vs package.json | M5 |
reliability_probe |
| Detect zombie channel SDK deps (LINE, Baileys…) | M1 |
reliability_probe |
| Generate MADR + commit path for architecture decisions | M6 |
gateway_hardening |
| Verify Gateway auth config — CRITICAL if Funnel without password | H2 |
gateway_hardening |
| Check Baileys/channel credential integrity and freshness | M3 |
gateway_hardening |
| Verify HMAC signing secrets for all inbound webhook channels | M4 |
gateway_hardening |
| Detect debug/trace logging and missing redactPatterns | M7 |
gateway_hardening |
| Validate ~/.firm/workspace (AGENTS.md, SOUL.md, staleness) | M8 |
runtime_audit |
| Verify Node.js ≥ 22.12.0 (CVE-2025-59466, CVE-2026-21636) | C5 |
runtime_audit |
| Detect hardcoded secrets in config.json (migrate to | C6 |
runtime_audit |
| Verify HTTP security headers (HSTS, X-Content-Type-Options, Referrer-Policy) | H9 |
runtime_audit |
| Detect dangerous gateway.nodes.allowCommands override | H10 |
runtime_audit |
| Verify trusted-proxy config coherence (bind + trustedProxies + auth mode) | H11 |
runtime_audit |
| Verify session.maintenance.maxDiskBytes / highWaterBytes configured | M15 |
runtime_audit |
| Detect dmPolicy=allowlist with empty allowFrom (fail-closed) across 9 channels | M16 |
advanced_security |
| Verify External Secrets lifecycle (audit/configure/apply/reload) | C7 |
advanced_security |
| Verify channel auth path canonicalization (encoded traversal) | C8 |
advanced_security |
| Verify exec approval plan immutability (symlink cwd rebind) | C9 |
advanced_security |
| Verify hook session-key routing hardening | H12 |
advanced_security |
| Verify $include hardlink escape + file-size guardrails | H13 |
advanced_security |
| Detect prototype pollution (proto, constructor, prototype) in config | H14 |
advanced_security |
| Verify safeBins entries have explicit profiles | H15 |
advanced_security |
| Verify group policy default is fail-closed (allowlist) | H16 |
config_migration |
| Verify shell env sanitization (LD_PRELOAD, DYLD_*, ZDOTDIR) | H17 |
config_migration |
| Verify plugin install integrity/pin + drift detection | H18 |
config_migration |
| Verify hooks.token ≠ gateway.auth.token | H19 |
config_migration |
| Verify OTEL secret redaction in diagnostics export | M17 |
config_migration |
| Verify control-plane RPC rate limiting config | M21 |
observability |
| Ingest JSONL traces into SQLite for offline analysis | T1 |
observability |
| Validate CI workflow completeness (lint, test, secrets) | T6 |
memory_audit |
| Verify pgvector config (HNSW index, dimensions, distance metrics) | T3 |
memory_audit |
| Audit knowledge graph integrity (orphan nodes, cycles, TTL) | T9 |
agent_orchestration |
| Task DAG execution with topological sort + parallel layers | T4 |
agent_orchestration |
| Check orchestration status by ID or list all | T4 |
i18n_audit |
| Scan locale files for missing keys, empty values, interpolation mismatches | T5 |
skill_loader |
| Lazy-load SKILL.md metadata (YAML front-matter, 5min cache) | T7 |
skill_loader |
| Keyword/tag search across cached skills with relevance scoring | T7 |
n8n_bridge |
| Export agent pipeline as n8n-compatible workflow JSON | T8 |
n8n_bridge |
| Validate & import n8n workflow JSON into workspace | T8 |
browser_audit |
| Validate Playwright/Puppeteer headless config for agents | T10 |
hebbian_memory |
| Ingest JSONL session logs → SQLite (PII stripped) — CDC §4.1 | — |
hebbian_memory |
| Compute/apply Hebbian weight updates on Layer 2 — CDC §4.3 | — |
hebbian_memory |
| Co-activation pattern analysis (Jaccard similarity) — CDC §4.3 | — |
hebbian_memory |
| Dashboard: weights, atrophy, promotions — CDC §7 | — |
hebbian_memory |
| Validate 4-layer Claude.md structure — CDC §3.3 | — |
hebbian_memory |
| Audit PII stripping config — CDC §5.2 | — |
hebbian_memory |
| Validate learning rate, decay, thresholds — CDC §4.3 | — |
hebbian_memory |
| Cosine similarity drift detection vs baseline — CDC §5.1 | — |
a2a_bridge |
| Generate agent-card.json from SOUL.md (RC v1.0) | G1 |
a2a_bridge |
| Validate A2A Agent Card against RC v1.0 spec | G2 |
a2a_bridge |
| Send message/task to an A2A agent (SendMessage) | G3 |
a2a_bridge |
| Get task status or list tasks (RC v1.0) | G4 |
a2a_bridge |
| Cancel a running A2A task (CancelTask) | G5 |
a2a_bridge |
| Subscribe to task updates via SSE | G6 |
a2a_bridge |
| CRUD for push notification webhooks (RC v1.0) | G7 |
a2a_bridge |
| Discover agents via Agent Cards or SOUL.md scan | G8 |
platform_audit |
| Audit Firm secrets v2 lifecycle (2026.2+) | G9 |
platform_audit |
| Validate agent routing bindings | G10 |
platform_audit |
| TTS/voice channel security audit | G11 |
platform_audit |
| Validate trust model and multi-user heuristics | G12 |
platform_audit |
| Self-update supply chain integrity check | G13 |
platform_audit |
| Plugin SDK integrity validation | G14 |
platform_audit |
| Content boundary & anti-prompt-injection audit | G15 |
platform_audit |
| SQLite-vec memory backend validation | G16 |
platform_audit |
| Claude 4.6 adaptive thinking configuration check | 3.1 |
ecosystem_audit |
| MCP Gateway firewall policy audit | G17 |
ecosystem_audit |
| RAG pipeline health & config audit | G18 |
ecosystem_audit |
| Sandbox execution isolation audit | G19 |
ecosystem_audit |
| Context rot / cognitive health detection | G20 |
ecosystem_audit |
| Cryptographic audit trail / provenance tracking | G21 |
ecosystem_audit |
| Usage/cost tracking and analysis | G22 |
ecosystem_audit |
| Token optimization analysis | G23 |
spec_compliance |
| Audit MCP elicitation capability compliance | S4 |
spec_compliance |
| Audit MCP Tasks capability compliance | S5 |
spec_compliance |
| Audit MCP Resources & Prompts compliance | S6 |
spec_compliance |
| Audit MCP audio content support | H3 |
spec_compliance |
| Audit JSON Schema dialect compliance | H5 |
spec_compliance |
| Audit Streamable HTTP / SSE transport | H6 |
spec_compliance |
| Audit icon metadata support | H7 |
prompt_security |
| Scan text for 16 injection/jailbreak patterns | H2 |
prompt_security |
| Batch scan multiple texts for injection patterns | H2 |
auth_compliance |
| Audit OAuth 2.1 / OIDC Discovery compliance | H4 |
auth_compliance |
| Check OAuth scopes restrict tool access properly | H4 |
compliance_medium |
| Audit tool deprecation lifecycle | M1 |
compliance_medium |
| Audit circuit breaker / resilience config | M2 |
compliance_medium |
| Audit GDPR compliance and data residency | M3 |
compliance_medium |
| Audit agent DID (decentralized identity) | M4 |
compliance_medium |
| Audit multi-model routing and fallback chain | M5 |
compliance_medium |
| Audit MCP resource links in tool results | M6 |
market_research |
| Full competitive landscape analysis (feature matrix, SWOT, positioning) | — |
market_research |
| TAM/SAM/SOM market sizing (top-down + bottom-up) | — |
market_research |
| Financial benchmarking — unit economics, pricing, revenue | — |
market_research |
| Structured web research & OSINT intelligence gathering | — |
market_research |
| Professional Markdown market research report generator | — |
market_research |
| Continuous competitive monitoring (add/remove/update/status) | — |
legal_status |
| Compare legal forms (SAS, SARL, EURL…) on multi-criteria grid | — |
legal_status |
| Simulate IS/IR tax burden per legal form | — |
legal_status |
| Analyze social protection by dirigeant status | — |
legal_status |
| Audit governance clauses & shareholder pacts | — |
legal_status |
| Step-by-step company creation checklist | — |
location_strategy |
| Geo-economic attractiveness analysis by zone | — |
location_strategy |
| Real estate market scan (buy/rent/coworking) | — |
location_strategy |
| Multi-criteria site scoring (20 criteria) | — |
location_strategy |
| Map tax incentives & public aids by zone | — |
location_strategy |
| Total cost of occupancy simulation over N years | — |
supplier_management |
| Search & filter suppliers by category/region/certification | — |
supplier_management |
| Multi-criteria supplier evaluation (15 criteria) | — |
supplier_management |
| Supplier TCO analysis (direct + indirect + hidden costs) | — |
supplier_management |
| Contract clause compliance audit (14 mandatory clauses) | — |
supplier_management |
| Supplier risk monitoring (add/remove/update/status) | — |
Related MCP server: MCP Server Demo
Quick start
python3 -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
cp .env.example .env # fill in tokens
bash scripts/start.shAdd to VS Code settings.json:
"mcp.servers": {
"firm-extensions": { "url": "http://127.0.0.1:8012/mcp" }
}Scripts
bash scripts/start.sh # start in background
bash scripts/stop.sh # graceful stop
bash scripts/status.sh # PID + HTTP + tool countTests
pip install -r requirements-dev.txt
python -m pytest tests/test_smoke.py -v2272 tests (1961 unit + 311 integration), 94.6% coverage, covering:
Server starts and answers
pinginitializereturns correct capabilities +__version__All 115 tools registered with valid
inputSchemavs_context_pushdegrades gracefully without Gatewayfirm_export_documentwrites local fileUnknown method returns JSON-RPC error -32601
Unknown tool returns descriptive error
Timing-safe auth (I21), SQL injection guard (I24), session_id regex (I41)
ConfigPathInput traversal blocking across all 21 config-path models (I27)
Health/healthz endpoints return correct tool count + version (I35)
Shared
config_helpers:load_config,get_nested,mask_secret(I25)Hebbian memory: harvest PII stripping, weight update dry-run, layer validation, drift detection, Pydantic traversal guards
Security
Auth: timing-safe
hmac.compare_digeston Bearer token — no timing side-channel (I21)Request limit:
client_max_size=2MBon aiohttpApplication(I22)Tool timeout:
asyncio.wait_forwithTOOL_TIMEOUT_S(default 120s) on all async tool calls (I23)SQL injection guard:
table_namevalidated by Pydantic regex^[a-zA-Z_][a-zA-Z0-9_]{0,127}$+ runtime whitelist in handler (I24)Session ID regex:
^[a-zA-Z0-9_\-:.]+$on allsession_idfields — no injection (I41)Centralized version:
__version__inmain.py— single source of truth (I37)DRY helpers:
config_helpers.py— sharedload_config,get_nested,mask_secret(I25)ConfigPathInput base: 21 models inherit traversal guard from single base class (I27)
Hebbian PII stripping: 9 regex patterns (email, phone, IP, API keys, SSN, JWT, AWS keys) applied before any session storage — CDC §5.2
Hebbian drift detection: TF-IDF cosine similarity vs baseline (no external API) — CDC §5.1
Hebbian weight caps: auto-update capped at 0.95, atrophy floor at 0.0, dry_run=True default — CDC §4.3
GitHub PRs always created as drafts with
needs-reviewlabelTokens masked in logs (last 4 chars only) via
mask_secret()Context capped at 32 KB per WS payload
fleet.jsonandacp_sessions.jsonwritten atomically (os.replace)Workspace lock via
fcntl.LOCK_EX | LOCK_NB(advisory, crash-safe)fleet_session_inject_env: allowlist regex — only known provider keys acceptedfleet_cron_schedule: command allowlist regex + blocklist (rm,dd,mkfs…)Path traversal guard (
..) on all file-path Pydantic fieldsAll AI outputs carry human-review disclaimer
Gap coverage (Firm audit)
ID | Severity | Description | Coverage |
C1 | CRITICAL | SQL injection in API endpoints |
|
C2 | CRITICAL | Sandbox disabled ( |
|
C3 | CRITICAL | SESSION_SECRET ephemeral / in config |
|
C4 | CRITICAL | ACP sessions lost on restart (in-memory) |
|
H1 | HIGH |
|
|
H2 | HIGH | Gateway Funnel without auth.mode=password |
|
H3 | HIGH | Spawned sessions get no env vars |
|
H4 | HIGH | Cron not blocked in sandbox |
|
H5 | HIGH | Race condition on workspace lock |
|
H6 | HIGH | Gateway silently drops on macOS sleep |
|
H7 | HIGH | WS close code 1006 not handled |
|
H8 | HIGH | No rate limiting on Tailscale Funnel |
|
M1 | MEDIUM |
|
|
M2 | MEDIUM | Test coverage threshold 70% | factory 80% threshold + CTO SOUL.md |
M3 | MEDIUM | Baileys creds.json no integrity/age check |
|
M4 | MEDIUM | Webhook HMAC signature verification missing |
|
M5 | MEDIUM | Docs version stale vs package.json |
|
M6 | MEDIUM | No ADRs for architecture decisions |
|
M7 | MEDIUM | Logging verbose / no redactPatterns |
|
M8 | MEDIUM | ~/.firm/workspace integrity unchecked |
|
C5 | CRITICAL | Node.js < 22.12.0 (CVE-2025-59466, CVE-2026-21636) |
|
C6 | CRITICAL | Hardcoded secrets in config.json (no secrets workflow) |
|
H9 | HIGH | HTTP security headers absent (HSTS, X-Content-Type-Options) |
|
H10 | HIGH | gateway.nodes.allowCommands dangerous override |
|
H11 | HIGH | Trusted-proxy misconfigured (bind+proxies+auth mode) |
|
M15 | MEDIUM | Session disk budget not configured (maxDiskBytes) |
|
M16 | MEDIUM | dmPolicy=allowlist with empty allowFrom (fail-open) |
|
C7 | CRITICAL | External Secrets lifecycle not validated (inline creds) |
|
C8 | CRITICAL | Plugin channel HTTP auth bypass (path canonicalization) |
|
C9 | CRITICAL | Exec approval plan mutability (symlink cwd rebind) |
|
H12 | HIGH | Hook session-key routing unrestricted |
|
H13 | HIGH | Config $include hardlink escape + file-size |
|
H14 | HIGH | Prototype pollution in config merge |
|
H15 | HIGH | SafeBins without explicit profile = unrestricted interpreter |
|
H16 | HIGH | Group policy default not fail-closed |
|
H17 | HIGH | Shell env not sanitized (LD_PRELOAD, DYLD_*) |
|
H18 | HIGH | Plugin install integrity/pin not tracked |
|
H19 | HIGH | hooks.token = gateway.auth.token (reuse) |
|
M17 | MEDIUM | OTEL secret redaction missing in diagnostics |
|
M21 | MEDIUM | Control-plane RPC rate limiting absent |
|
T1 | TOOL | No observability pipeline for JSONL traces |
|
T3 | TOOL | pgvector memory config unchecked |
|
T4 | TOOL | No parallel agent orchestration (task DAG) |
|
T5 | TOOL | No i18n/localization audit |
|
T6 | TOOL | No CI pipeline completeness check |
|
T7 | TOOL | Skills loaded eagerly (no lazy loading) |
|
T8 | TOOL | No n8n workflow automation bridge |
|
T9 | TOOL | Knowledge graph integrity unchecked |
|
T10 | TOOL | Browser automation config unchecked |
|
⚠️ Contenu généré par IA — validation humaine requise avant utilisation.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/romainsantoli-web/mcp-openclaw'
If you have feedback or need assistance with the MCP directory API, please join our Discord server