Remote MCP server deployment#2151
Open
nesanders wants to merge 12 commits into
Open
Conversation
- New page at /learn/ai-tools explaining how to connect AI assistants (Claude Desktop, ChatGPT) to MAPLE via MCP - Covers: what MCP is, what users can ask, 4 example prompts, step-by-step setup with validated external links, privacy notes - NavbarLinkAiTools added to Learn dropdown (mobile + desktop) - navigation.aiTools and titles.ai_tools i18n keys added - How MAPLE Uses AI page links to the new guide Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Processes all collections concurrently (CONCURRENCY=8) and retries quota-exhausted requests with exponential backoff (up to 6 retries, 1s base, 2x multiplier + jitter) rather than failing permanently. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…un deploy - mcp-server/Dockerfile: two-stage build (builder compiles TS, runtime installs prod deps only); listens on PORT=8080/HOST=0.0.0.0 for Cloud Run; uses Workload Identity (no credentials file) - mcp-server/.dockerignore: excludes tests, dev scripts, .env files - next.config.js: proxies /api/mcp → MCP_SERVER_URL/mcp when env var is set, keeping the public endpoint at mapletestimony.org/api/mcp Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- rateLimit.ts: 60 req/min + 1,000 req/day per token (in-memory, resets on daily UTC boundary); applied after auth middleware on POST /mcp - index-http.ts: wire in rateLimitMiddleware - Cloud Run service deployed to digital-testimony-dev (us-central1): max-instances=2, 512Mi, 30s timeout, Workload Identity service account - Artifact Registry repo maple-mcp created in us-central1 - Billing budget: $60/month (~$2/day) with 50%/100% alerts Vertex AI QPM quota reduction (200 QPM / ~$1/day) requires manual action in Cloud Console — CLI cannot reduce below service default. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…e Cloud Run - pages/api/mcp.ts: server-side proxy that fetches a Google identity token for Cloud Run IAM and forwards the user's MAPLE token in X-Maple-Authorization; Cloud Run URL never exposed to clients - mcp-server/auth.ts: check X-Maple-Authorization first (proxy path), fall back to Authorization (direct/local path) - next.config.js: remove dead MCP_SERVER_URL rewrite (replaced by API route) - mcp-server/create-agent-key.ts: fix stale /sse curl example → /mcp - IAM: roles/run.invoker granted to Compute Engine and App Engine default service accounts so Next.js Cloud Run can invoke the MCP service - google-auth-library added to main package.json Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- functions/src/mcp/proxy.ts: mcpProxy onRequest function that fetches a Google identity token for Cloud Run IAM and forwards the user MAPLE token in X-Maple-Authorization; Cloud Run stays --no-allow-unauthenticated - functions/src/index.ts: export mcpProxy - firebase.json: add hosting rewrite /api/mcp → mcpProxy (us-central1) - Remove pages/api/mcp.ts — static export doesn't support API routes - google-auth-library added to functions/package.json - AiTools.tsx: add TODO to update connection config once proxy is live - roles/run.invoker granted to App Engine default SA (Firebase Functions) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Picked up automatically by Firebase CLI at deploy time via the .env.digital-testimony-dev file convention. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…Tested as working by connecting Claude to firebase function. - proxy.ts: use GCP metadata server for identity token (google-auth-library getRequestHeaders() returns Headers object, not plain object — bracket access returns undefined); forward Accept + MCP-Protocol-Version headers from client so MCP content negotiation works end-to-end - proxy.ts: remove google-auth-library dependency (metadata server is more reliable in GCP-hosted environments) - auth.ts: add X-Maple-Token header support (Firebase Functions strips Authorization from allUsers-accessible functions); precedence order: X-Maple-Authorization > X-Maple-Token > Authorization - AiTools.tsx: update config snippet to use X-Maple-Token header Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove resolved TODO comment - Fix Claude Desktop platform (Mac/Windows, not mobile) - Fix ChatGPT link to consumer-facing help article - Reframe token step in plain language for non-technical users Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
nesanders
requested review from
Mephistic,
alexjball,
kiminkim724,
mertbagt,
mvictor55,
sashamaryl and
timblais
as code owners
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
nesanders
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this does
Adds a remotely deployed MCP (Model Context Protocol) server so AI assistants like Claude and ChatGPT can search MAPLE's database of bills, testimony, and ballot questions in real time via natural language queries.
What's in this PR
MCP server (
mcp-server/)search_bills,search_testimony,search_ballot_questions,search_policies,list_topics,list_committees,list_sponsorsindex-http.ts) + stdio transport for local useagentKeysFirestore collection)Firebase Function proxy (
functions/src/mcp/proxy.ts)mcpProxyfunction exposes the MCP server at/api/mcpvia Firebase Hosting rewriteX-Maple-Tokenheader for a GCP identity token to call the private Cloud Run serviceEmbedding infrastructure
createVectorIndexer.ts: writes embeddings as FirestoreVectorValue(plain arrays are invisible to vector indexes)backfill-embeddings-parallel.ts: parallel backfill with exponential backoff on quota errorsmigrate-embeddings-to-vector.ts: one-time migration for existing plain-array embeddingsfirestore.indexes.jsonUser guide
/learn/ai-toolsexplaining the feature for non-technical advocatesWhat's deployed to dev
maple-mcp-server(private, max 2 instances,digital-testimony-dev)mcpProxydeployed and tested end-to-end ✓What's NOT done yet (before prod deploy)
mcpProxyfunction to prod/api/mcphosting rewrite activates on next CI hosting deploy — the nav link to/learn/ai-toolsshould not be publicly promoted until that deploy completes