Skip to content

← Projects

MCP Connector Factory

One hardened MCP-server skeleton, forked per backend — two Claude custom connectors built from the same codebase, with deliberately different security postures.

Role
Software Engineer Intern · Coldwell Banker Indonesia
Timeline
2026
Status
Published
  • Python 3.11
  • FastAPI
  • JSON-RPC 2.0
  • OAuth 2.0 facade
  • Docker
  • Cloudflare Tunnel
  • 348 tests
View on GitHub

Client

  • Claude app

    custom connector

  • Bearer token

    pasted as secret

Shared skeleton

  • JSON-RPC 2.0

    init · list · call

  • Auth + OAuth facade

    bearer · const-time

  • Audit log

    JSON-line · before/after

Fork

  • lark_client

    fetch-all + filter

  • web_client

    JWT login-refresh

Backend · posture

  • Lark Bitable

    writes live · admin

  • NestJS REST API

    read-only · 2 kill switches

Highlights

  • One hardened MCP-server skeleton, forked per backend

    Around 80–95% identical across both forks, proving it's a template and not a one-off.

  • Two deliberate security postures

    Lark Bitable writes live on an admin tier; the NestJS REST connector is read-only, with writes behind two kill switches and a dry-run default.

  • 348 tests, fully mocked

    Constant-time bearer auth, JSON-line audit logging, and a hand-rolled JSON-RPC 2.0 layer with no MCP SDK dependency.

Read more on GitHub