requestrocket-mcp

MCP Server for RequestRocket - A comprehensive Model Context Protocol server that provides complete CRUD access to RequestRocket's API, enabling AI assistants to manage clients, credentials, targets, proxies, and monitor request history with built-in security features.

Overview

This MCP server provides complete API coverage for RequestRocket, allowing AI assistants like Cursor to interact with all aspects of your RequestRocket infrastructure. With full CRUD operations, security-first design, and comprehensive error handling, this server enables seamless RequestRocket management through natural language commands.

Quick Start

1. Install dependencies:

   pip install -r requirements.txt

2. Configure credentials:

   cp .env.example .env
   # Edit .env and add your API key and client ID

3. Test the server:

   python test_server.py

4. Add to Cursor (see Configuration section below)

5. Start using:

   "@requestrocket List all my clients"

Features

🎯 Complete API Coverage

• Full CRUD Operations: Create, Read, Update, and Delete for all core resources
• Client Management: Complete client lifecycle management
• Credentials Management: Full credential CRUD with automatic secret sanitization
• Targets Management: Complete target API configuration
• Proxies Management: Full proxy lifecycle with execution capabilities
• Request History & Telemetry: Comprehensive monitoring and analytics

🔒 Security-First Design

• Automatic Secret Sanitization: Credential secrets redacted by default in all responses
• Opt-in Disclosure: Secrets only visible when explicitly requested with include_secrets=True
• Request Header Protection: Proxy authentication headers hidden by default
• No Credential Logging: API keys and tokens never logged
• Safety Warnings: Destructive operations include clear warnings

🛡️ Safety Features

• Delete Protection: All delete operations include warnings about permanent data loss
• Client Delete Guard: Extra protection prevents accidental deletion of default client
• Dependency Warnings: Clear messages about impact on dependent resources
• Consistent Error Handling: Comprehensive error messages across all operations

📊 Monitoring & Analytics

• Request History: View recent requests with full details
• Proxy Telemetry: Hourly/daily metrics for proxy performance
• Request Filtering: Filter by proxy, date range, processing status
• Performance Metrics: Response times, success rates, error rates

Prerequisites

• Python 3.10 or higher
• RequestRocket API key
• RequestRocket Client ID
• Cursor IDE

Installation

1. Clone and navigate to this directory:

   cd jsonrest-mcp

2. Create a virtual environment (recommended):

   python -m venv .venv
   
   # On Windows
   .venv\Scripts\activate
   
   # On macOS/Linux
   source .venv/bin/activate

3. Install dependencies:

   pip install -r requirements.txt

4. Configure environment variables:

   • Copy .env.example to .env:

     # On Windows
     copy .env.example .env
     
     # On macOS/Linux
     cp .env.example .env

   • Edit .env and add your RequestRocket credentials:

     REQUESTROCKET_API_KEY=your_actual_api_key_here
     REQUESTROCKET_BASE_URL=https://api.requestrocket.com
     REQUESTROCKET_CLIENT_ID=your_client_id_here
     REQUESTROCKET_STAGE=
     REQUESTROCKET_TIMEOUT=30
     DELETE_ENABLED=FALSE

   • Leave the REQUESTROCKET_STAGE blank

5. Test the installation:

   python test_server.py

   This verifies that all modules load correctly and credentials are configured.

Configuration for Cursor

Add this server to your Cursor MCP settings:

1. Open Cursor Settings:

   • Press Ctrl+Shift+P (Windows/Linux) or Cmd+Shift+P (macOS)
   • Type "Preferences: Open User Settings (JSON)"
   • Or navigate to: File → Preferences → Settings → Extensions → MCP

2. Add the MCP server configuration:

{
  "mcp.servers": {
    "requestrocket": {
      "command": "python",
      "args": [
        "E:\\jsonrest-mcp\\requestrocket_server.py"
      ]
    }
  }
}

Note: Replace the path with the absolute path to your requestrocket_server.py file.

3. Restart Cursor for the changes to take effect.

Available Tools

This server provides 50+ MCP tools organized by resource type. All tools follow consistent patterns with comprehensive error handling.

🏢 Client Management

find_client_by_name ⭐ NEW - IMPORTANT

Search for clients by name (case-insensitive). CRITICAL: Always use this tool when user mentions a client by name (e.g., "MCP client", "production client") to avoid creating resources in the wrong organization.

• Parameters: client_name (required)
• Returns: Matching clients with their client_id
• Use case: User says "create proxy in MCP client" → First call find_client_by_name("MCP") to get the client_id

list_clients

List all clients accessible to the authenticated user.

get_client_details

Get detailed information about a specific client.

• Parameters: client_id (optional)

create_client

Create a new client organization.

• Parameters: client_name (required), client_region (optional)

update_client 🆕

Update an existing client's configuration.

• Parameters: client_id (required), update_data (dict)
• Updatable fields: clientName, clientActive, clientRegion

delete_client 🆕

Delete a client organization (⚠️ EXTREME WARNING - cascading deletion).

• Parameters: client_id (required, cannot use env default)
• Safety: Extra protection against accidental deletion of default client

Example usage:

"@requestrocket List all my clients"
"@requestrocket Create a new client named 'Production'"
"@requestrocket Update client abc-123 to change the name"

---

🔑 Credentials Management

list_credentials

List all credentials with automatic secret sanitization.

• Parameters: client_id (optional), include_secrets (bool, default: false)
• Security: Secrets redacted by default, use include_secrets=True to view

get_credential_details

Get details for a specific credential with secret protection.

• Parameters: credential_id (required), client_id (optional), include_secrets (bool)

create_credential

Create a new credential for API authentication.

• Parameters: credential_name, credential_type, credential_data, client_id (optional)
• Supported types: key, bearer, basic, oauth2, customToken, none

update_credential 🆕

Update an existing credential's configuration.

• Parameters: credential_id (required), update_data (dict), client_id (optional)
• Security: Response secrets are automatically sanitized

delete_credential 🆕

Delete a credential (⚠️ WARNING - affects dependent proxies).

• Parameters: credential_id (required), client_id (optional)

Example usage:

"@requestrocket List my credentials (without secrets)"
"@requestrocket Create an API key credential for my production API"
"@requestrocket Show credential abc-123 details including secrets"

---

🎯 Targets Management

list_targets

List all target APIs configured for a client.

• Parameters: client_id (optional)

get_target_details

Get details for a specific target API.

• Parameters: target_id (required), client_id (optional)

create_target

Create a new target API endpoint.

• Parameters: target_name, target_url, credential_id (optional), client_id (optional)

update_target 🆕

Update an existing target's configuration.

• Parameters: target_id (required), update_data (dict), client_id (optional)
• Updatable fields: targetName, targetBaseURL, targetTestPath, targetActive

delete_target 🆕

Delete a target (⚠️ WARNING - affects dependent proxies).

• Parameters: target_id (required), client_id (optional)

Example usage:

"@requestrocket List all my targets"
"@requestrocket Create a target for https://dog.ceo/api/"
"@requestrocket Update target xyz-789 to change the URL"

---

🔄 Proxies Management

list_proxies

List all proxies configured for a client.

• Parameters: client_id (optional)

get_proxy_details

Get details for a specific proxy.

• Parameters: proxy_id (required), client_id (optional)

create_proxy

Create a new proxy to route requests to a target API.

• Parameters: proxy_name, target_id, proxy_credential_id, target_credential_id, proxy_region, proxy_active, client_id (optional)

update_proxy 🆕

Update an existing proxy's configuration.

• Parameters: proxy_id (required), update_data (dict), client_id (optional)
• Updatable fields: proxyName, proxyActive, proxyProxyCredentialId, proxyTargetId, proxyTargetCredentialId, proxyAdditionalHeaders, proxyMaxRetries

delete_proxy 🆕

Delete a proxy (⚠️ WARNING - permanent deletion).

• Parameters: proxy_id (required), client_id (optional)

execute_proxy_request 🆕

Execute an HTTP request through a RequestRocket proxy.

• Parameters: proxy_id, proxy_region, authorization, path, method, headers, query_params, body, timeout, include_request_details (bool)
• Security: Request headers hidden by default

Example usage:

"@requestrocket List all my proxies"
"@requestrocket Create a proxy that routes to the Dogs API target"
"@requestrocket Execute a GET request to /breeds/list/all through proxy abc-123"

---

📊 Request History & Telemetry

list_requests

List recent requests made through RequestRocket.

• Parameters: client_id (optional), limit (int, default: 50)

get_request_details

Get full details for a specific request.

• Parameters: request_id (required), client_id (optional)

list_proxy_requests

List requests for a specific proxy with filtering options.

• Parameters: proxy_id (required), client_id (optional), processed_after (ISO date), processed_before (ISO date), limit (int)

get_proxy_request_details

Get detailed information about a specific proxy request.

• Parameters: proxy_id (required), request_id (required), client_id (optional)

get_proxy_telemetry

Get telemetry metrics for proxy performance.

• Parameters: proxy_id (required), interval (hour/day/week/month), end_date (optional), client_id (optional)

Example usage:

"@requestrocket Show my last 20 requests"
"@requestrocket Get hourly telemetry for proxy xyz-123"
"@requestrocket List requests to proxy abc-456 in the last 24 hours"

---

🎛️ Advanced Features

Proxy Rules

• list_proxy_rules, get_proxy_rule_details, create_proxy_rule, update_proxy_rule, delete_proxy_rule

Credential Rules

• list_credential_rules, get_credential_rule_details, create_credential_rule, update_credential_rule, delete_credential_rule

Memberships

• list_memberships, get_membership_details, update_membership, delete_membership

Customers & Billing

• get_customer_details, create_customer, update_customer, delete_customer
• get_stripe_portal_details, create_stripe_portal, update_stripe_portal, delete_stripe_portal

Configuration

• list_configurations, create_configuration, update_configuration, delete_configuration

System

• get_current_user - Get authenticated user details
• list_endpoints - List available API endpoints

Total Tools: 50+ tools providing complete RequestRocket API coverage

---

📖 Learning Resources for AI Assistants

MCP Resources (Built-in Documentation)

This MCP server provides built-in documentation through MCP Resources that AI assistants can query to learn how to use the tools effectively.

📚 API Schemas

Query these resources to understand data structures and requirements:

• requestrocket://schemas/overview - Lists all available schemas
• requestrocket://schemas/credentials/key - API key credential schema with examples
• requestrocket://schemas/credentials/bearer - Bearer token schema
• requestrocket://schemas/credentials/basic - Basic auth schema
• requestrocket://schemas/credentials/oauth2-* - Various OAuth 2.0 flows
• requestrocket://schemas/credentials/custom-token - Custom token schema
• requestrocket://schemas/targets/create - Target creation schema
• requestrocket://schemas/proxies/create - Proxy creation schema
• requestrocket://schemas/rules/create - Access control rules schema

📖 Workflow Guides

Step-by-step guides for common operations:

• requestrocket://guides/overview - Lists all available guides
• requestrocket://guides/create-proxy - Complete proxy setup workflow
  • Prerequisites, step-by-step instructions, examples, common errors
• requestrocket://guides/test-proxy - How to verify a proxy works correctly
• requestrocket://guides/create-client - Setting up client organizations
• requestrocket://guides/manage-credentials - Best practices for credential security

Example Usage:

AI: "How do I create a proxy?"
> Query: requestrocket://guides/create-proxy
> Returns: Complete 5-step workflow with examples

System

• get_current_user - Get authenticated user details
• list_endpoints - List available API endpoints

Total Tools: 50+ tools providing complete RequestRocket API coverage

Development

Testing the Server

Before configuring Cursor, test that the server is properly set up:

python test_server.py

This will verify:

• All modules can be imported
• Configuration is properly loaded
• MCP server can be instantiated
• API credentials are configured
• All tools are registered

Running Tests

The project includes a comprehensive test suite with 80+ tests covering all core operations:

# Install test dependencies
pip install -r requirements-dev.txt

# Run all tests
pytest

# Run with coverage report
pytest --cov=tools --cov=utils --cov-report=term-missing

# Run specific test file
pytest tests/test_clients.py

# Run specific test class
pytest tests/test_clients.py::TestCreateClient

# Run with verbose output
pytest -v

See tests/README.md for detailed testing documentation and TEST_COVERAGE_SUMMARY.md for coverage status.

Test Coverage

• 80+ tests covering LIST, GET, CREATE, and UPDATE operations
• Complete coverage for Clients, Credentials, Targets, Proxies
• Tests for success scenarios, error handling, and edge cases
• Security tests verify credential secret sanitization
• All HTTP requests mocked (no real API calls during tests)
• Coverage reporting with pytest-cov

Test Files:

• tests/test_clients.py - Client management tests (22 tests) ✅ COMPLETE
• tests/test_credentials.py - Credentials tests (with security tests)
• tests/test_targets.py - Target API tests
• tests/test_proxies.py - Proxy management tests
• tests/test_requests.py - Request history tests

Running the Server Directly

For testing, you can run the server directly:

python requestrocket_server.py

The server will start and wait for JSON-RPC messages on stdin.

Logging

The server logs to stderr (never stdout, as that would corrupt the JSON-RPC protocol). You can view logs in the terminal where Cursor is running, or check Cursor's output panel:

• Open the Output panel in Cursor (View → Output)
• Select "MCP" or "Extension Host" from the dropdown

Troubleshooting

Server not showing up in Cursor

1. Check that the path in Cursor settings is absolute and correct
2. Verify Python is in your PATH (python --version)
3. Ensure all dependencies are installed (pip install -r requirements.txt)
4. Check the Output panel for error messages (View → Output → MCP)
5. Make sure you fully restarted Cursor
6. Try running the server directly to test: python requestrocket_server.py
7. Verify the server script has no syntax errors: python -m py_compile requestrocket_server.py

API Key Issues

If you see "REQUESTROCKET_API_KEY is not configured":

1. Verify .env file exists in the project directory
2. Check that REQUESTROCKET_API_KEY is set in .env
3. Ensure the .env file has no syntax errors or extra spaces
4. Verify the API key is valid in RequestRocket
5. Check file permissions on .env (should be readable)

Request Failures

Check the logs for detailed error messages. Common issues:

• Invalid API key: Verify key in RequestRocket dashboard
• Network connectivity: Check internet connection and firewall
• RequestRocket API rate limits: Wait and retry
• Invalid request format: Check tool parameters match API requirements
• Missing permissions: Ensure API key has required permissions
• Expired credentials: Rotate credentials if they've expired

Tool Not Found Errors

If a tool isn't available after adding it:

1. Restart the MCP server (restart Cursor)
2. Check that the tool is decorated with @mcp.tool()
3. Verify the tool module is imported in requestrocket_server.py
4. Check for Python syntax errors: python -m py_compile tools/your_tool.py

Secret Sanitization Issues

If you need to view actual credential secrets for debugging:

• Use include_secrets=True parameter in credential operations
• Remember this exposes sensitive data to the AI
• Clear the conversation after viewing secrets

Documentation

Comprehensive documentation is available in the Documentation/ folder:

• ARCHITECTURE.md - System architecture and design
• PROJECT_SUMMARY.md - Project overview and goals
• SECURITY_REVIEW.md - Security audit and best practices
• API_COVERAGE.md - Complete API coverage audit
• COMPLETE_IMPLEMENTATION.md - Implementation summary
• TEST_COVERAGE_SUMMARY.md - Test coverage status
• tests/README.md - Testing guide and examples

Statistics

• 50+ MCP Tools providing complete API coverage
• 80+ Unit Tests with comprehensive error handling
• 100% CRUD Coverage for all core resources (Clients, Credentials, Targets, Proxies)
• Security-first with automatic secret sanitization
• Production-ready with comprehensive error handling and logging

Project Structure

jsonrest-mcp/
├── README.md                       # This file
├── requirements.txt                # Python dependencies
├── requirements-dev.txt            # Development dependencies (testing)
├── pyproject.toml                  # Project metadata and tool configuration
├── requestrocket_server.py         # Main MCP server entry point
├── mcp_instance.py                 # Shared MCP server instance
├── test_server.py                  # Server validation script
├── .env.example                    # Example environment configuration
├── .env                            # Your actual credentials (gitignored)
├── .gitignore                      # Git ignore rules
│
├── tools/                          # MCP tools (50+ tools)
│   ├── __init__.py                 # Tools package exports
│   ├── clients.py                  # Client management (5 tools)
│   ├── credentials.py              # Credentials management (5 tools)
│   ├── targets.py                  # Targets management (5 tools)
│   ├── proxies.py                  # Proxies management (5 tools)
│   ├── proxy_requests.py           # Proxy execution (1 tool)
│   ├── requests.py                 # Request history (4 tools)
│   ├── telemetry.py                # Telemetry metrics (1 tool)
│   ├── rules.py                    # Rules management (10 tools)
│   ├── memberships.py              # Membership management (4 tools)
│   ├── customers.py                # Customer management (4 tools)
│   ├── stripe_portal.py            # Stripe integration (4 tools)
│   ├── configurations.py           # Configuration management (4 tools)
│   ├── endpoints.py                # Endpoint discovery (1 tool)
│   └── users.py                    # User management (1 tool)
│
├── utils/                          # Shared utilities
│   ├── __init__.py                 # Utils package exports
│   ├── config.py                   # Environment configuration
│   ├── api_client.py               # RequestRocket API client (with security)
│   ├── models.py                   # Data models and examples
│   └── schemas.py                  # JSON schemas
│
├── tests/                          # Test suite (80+ tests)
│   ├── __init__.py
│   ├── conftest.py                 # Shared fixtures and configuration
│   ├── README.md                   # Testing guide
│   ├── test_clients.py             # Client tests
│   ├── test_credentials.py         # Credential tests
│   ├── test_targets.py             # Target tests
│   ├── test_proxies.py             # Proxy tests
│   └── test_requests.py            # Request history tests
│
└── Reference/                      # API documentation
    └── API Suite.postman_collection.json  # Postman collection

🛡️ Best Practices

1. Never commit .env files - Contains sensitive API credentials
2. Use separate credentials for development - Don't use production keys in AI-assisted development
3. Rotate credentials regularly - Especially after AI sessions involving sensitive operations
4. Review AI conversation logs - Check for any accidental sensitive data exposure
5. Use sanitized responses by default - Only enable include_secrets=True when debugging
6. Clear conversations after viewing secrets - If you needed to view secrets, clear the conversation
7. Limit API key permissions - Use read-only keys when possible

License

TBC

Contributing

We welcome contributions! Please:

1. Review the existing code structure and patterns
2. Follow the established security practices
3. Add tests for new features
4. Update documentation
5. See contributing.md for detailed guidelines

Acknowledgments

Built with:

• Model Context Protocol (MCP) - AI-first API framework
• HTTPX - Modern async HTTP client
• pytest - Comprehensive testing framework
• python-dotenv - Environment management
• Pydantic - Data validation

Special thanks to the RequestRocket team for providing a comprehensive API platform.