Skip to main content

MCP server for Firegex — CTF regex/proxy firewall

Project description

firegex-mcp

MCP server that exposes Firegex — a CTF regex/proxy firewall — to LLM tooling like Claude Desktop or Claude Code.

Features

  • 49 tools across system, nfregex (kernel-side PCRE2 filter), nfproxy (Python inline proxy), firewall (nftables rules), and porthijack (port redirection).
  • Auto-managed JWT lifecycle: log in on first use, transparently re-login on 401 / secret rotation, single asyncio.Lock to avoid login storms.
  • Plain-text regex on the tool boundary; base64 is handled inside the client.
  • Two ways to push nfproxy Python filters: inline code: str or local path: str (≤ 1 MiB).
  • Pure async httpx client + pydantic v2 DTOs.
  • stdio transport — drop into Claude Desktop or Claude Code as a subprocess.

Install

uvx firegex-mcp        # ephemeral, recommended
# or
pip install firegex-mcp

Configure

All settings are env vars with the FIREGEX_MCP_ prefix:

Env var Default Description
FIREGEX_MCP_BASE_URL http://localhost:4444 Firegex base URL
FIREGEX_MCP_PASSWORD (required) Used at /api/login
FIREGEX_MCP_TIMEOUT_SECONDS 30 HTTP request timeout
FIREGEX_MCP_VERIFY_SSL true Disable for self-signed HTTPS
FIREGEX_MCP_LOG_LEVEL INFO DEBUG/INFO/WARNING/ERROR/CRITICAL

See .env.example for a starter template.

Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %AppData%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "firegex": {
      "command": "uvx",
      "args": ["firegex-mcp"],
      "env": {
        "FIREGEX_MCP_BASE_URL": "http://localhost:4444",
        "FIREGEX_MCP_PASSWORD": "..."
      }
    }
  }
}

Restart Claude Desktop fully (Cmd+Q / tray → Quit), then look for the connector under the + menu.

Claude Code

claude mcp add firegex uvx firegex-mcp --env FIREGEX_MCP_PASSWORD=...

Tools

Grouped by Firegex module. See the design spec for the full catalogue.

  • system (6): get_firegex_status, set_password, change_password, list_interfaces, reset_firegex, login_probe.
  • nfregex (15): services CRUD + regex CRUD/toggle + Prometheus metrics.
  • nfproxy (14): services CRUD + pyfilter toggle + get_pyfilter_code, set_pyfilter_code, set_pyfilter_code_from_file.
  • firewall (6): get_firewall_settings, set_firewall_settings, enable_firewall, disable_firewall, list_firewall_rules, replace_firewall_rules.
  • porthijack (8): services CRUD + rename_phj_service + change_phj_destination.

Development

git clone https://github.com/umbra2728/firegex-mcp
cd firegex-mcp
uv sync --dev
uv run pytest
uv run ruff check src tests
uv run mypy src

Manual smoke test against a real Firegex instance:

# in the firegex repo
python3 run.py start --prebuilt
# back here
FIREGEX_MCP_PASSWORD=test uv run mcp dev src/firegex_mcp/server.py

This opens the MCP Inspector in your browser; you can call every tool by hand.

Releasing

This package ships to PyPI via Trusted Publishing. The workflow runs on any v*.*.* tag.

  1. Bump version in pyproject.toml.
  2. Add a ## [X.Y.Z] - YYYY-MM-DD section to CHANGELOG.md.
  3. Commit, tag, push:
git commit -am "Release vX.Y.Z"
git tag vX.Y.Z
git push --tags

One-time setup (not in repo state):

  • PyPI → Account settings → Add a pending publisher with repo umbra2728/firegex-mcp, workflow release.yml, environment pypi.
  • GitHub → repo → Settings → Environments → create pypi.

License

MIT.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

firegex_mcp-0.1.0.tar.gz (131.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

firegex_mcp-0.1.0-py3-none-any.whl (17.1 kB view details)

Uploaded Python 3

File details

Details for the file firegex_mcp-0.1.0.tar.gz.

File metadata

  • Download URL: firegex_mcp-0.1.0.tar.gz
  • Upload date:
  • Size: 131.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for firegex_mcp-0.1.0.tar.gz
Algorithm Hash digest
SHA256 63b88c815367df16f22aa990dfe92ed9d4e3b0f2b5bc4bed77b6b99f22966f26
MD5 f48327e8b427367b0dd1d555a7c65360
BLAKE2b-256 677a4721eba30050a6d6cff2209592078704ad446b654a8124c22a35e6d16400

See more details on using hashes here.

Provenance

The following attestation bundles were made for firegex_mcp-0.1.0.tar.gz:

Publisher: release.yml on umbra2728/firegex-mcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file firegex_mcp-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: firegex_mcp-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 17.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for firegex_mcp-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c6bfd8e909d27804e820ad54bcf8e3846a8bd54ccbf81f8ffe05e12517b18a3f
MD5 f8320eaba277498312b2289ba18a382e
BLAKE2b-256 0306c3b7a7c5438ac66dd4d0e8c50fa9962e0199de1f22059e7e077ccc2342c5

See more details on using hashes here.

Provenance

The following attestation bundles were made for firegex_mcp-0.1.0-py3-none-any.whl:

Publisher: release.yml on umbra2728/firegex-mcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page