mblanke/ThreatHunt
1
0
Fork 0
mirror of https://github.com/mblanke/ThreatHunt.git synced 2026-03-01 14:00:20 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
7c454036c7ef6a3d6517f98cbee643fd0238e0b2
ThreatHunt/SKILLS/83-fastmcp-3-patterns.md
mblanke 9b98ab9614 feat: interactive network map, IOC highlighting, AUP hunt selector, type filters 
- NetworkMap: hunt-scoped force-directed graph with click-to-inspect popover
- NetworkMap: zoom/pan (wheel, drag, buttons), viewport transform
- NetworkMap: clickable IP/Host/Domain/URL legend chips to filter node types
- NetworkMap: brighter colors, 20% smaller nodes
- DatasetViewer: IOC columns highlighted with colored headers + cell tinting
- AUPScanner: hunt dropdown replacing dataset checkboxes, auto-select all
- Rename 'Social Media (Personal)' theme to 'Social Media' with DB migration
- Fix /api/hunts timeout: Dataset.rows lazy='noload' (was selectin cascade)
- Add OS column mapping to normalizer
- Full backend services, DB models, alembic migrations, new routes
- New components: Dashboard, HuntManager, FileUpload, NetworkMap, etc.
- Docker Compose deployment with nginx reverse proxy
2026-02-19 15:41:15 -05:00

1.8 KiB
Raw Blame History

FastMCP 3 Patterns (Providers + Transforms)

Use this skill when you are building MCP servers in Python and want:

  • composable tool sets
  • per-user/per-session behavior
  • auth, versioning, observability, and long-running tasks

Mental model (FastMCP 3)

FastMCP 3 treats everything as three composable primitives:

  • Components: what you expose (tools, resources, prompts)
  • Providers: where components come from (decorators, files, OpenAPI, remote MCP, etc.)
  • Transforms: how you reshape what clients see (namespace, filters, auth, versioning, visibility)

Recommended architecture for Marc's platform

Build a single "Cyber MCP Gateway" that composes providers:

  • LocalProvider: core cyber tools (run hunt, parse triage, generate report)
  • OpenAPIProvider: wrap stable internal APIs (ticketing, asset DB) without 1:1 endpoint exposure
  • ProxyProvider/FastMCPProvider: mount sub-servers (e.g., Velociraptor tools, Intel feeds)

Then apply transforms:

  • Namespace per domain: hunt.*, intel.*, pad.*
  • Visibility per session: hide dangerous tools unless user/role allows
  • VersionFilter: keep old clients working while you evolve tools

Production must-haves

  • Tool timeouts: never let a tool hang forever
  • Pagination: all list tools must be bounded
  • Background tasks: use for long hunts / ingest jobs
  • Tracing: emit OpenTelemetry traces so you can debug agent/tool behavior

Auth rules

  • Prefer component-level auth for "dangerous" tools.
  • Default stance: read-only tools visible; write/execute tools gated.

Versioning rules

  • Version your components when you change schemas or semantics.
  • Keep 1 previous version callable during migrations.

Upgrade guidance

FastMCP 3 is in beta; pin to v2 for stability in production until you've tested.

Reference in New Issue View Git Blame Copy Permalink