Skip to content

Add Pomerium MCP server#16

Closed
wasaga wants to merge 1 commit into
mainfrom
wasaga/pomerium-mcp-server
Closed

Add Pomerium MCP server#16
wasaga wants to merge 1 commit into
mainfrom
wasaga/pomerium-mcp-server

Conversation

@wasaga

@wasaga wasaga commented Mar 7, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Adds a new pomerium MCP server that exposes Pomerium ConfigService RPCs as tools, auto-discovered via protobuf reflection
  • Supports all three deployment modes: Core, Enterprise, and Zero
  • Adds stdio <name> subcommand and optional server name filtering for serve [name ...]
  • Bumps MCP SDK to v1.4.0

See pomerium/README.md for configuration and usage details.

Adds a new MCP server that exposes Pomerium ConfigService RPCs as tools,
auto-discovered via protobuf reflection. Supports all three deployment
modes (Core, Enterprise, Zero) with appropriate auth handling.

Key design decisions:
- Protobuf reflection generates tools, JSON schemas, annotations, and
  descriptions from the ConfigService descriptor at startup
- Connect protocol JSON unary calls avoid needing typed clients
- Auth transport replicates sdk-go logic (shared secret → bootstrap JWT,
  service account token, or Zero token exchange)
- Tools are annotated based on method name prefixes (Get/List → read-only,
  Delete → destructive, etc.)

Also includes:
- stdio transport support via `stdio <name>` subcommand
- Optional server name filtering for `serve [name ...]`
- MCP SDK bumped to v1.4.0
- Structured output on tool call results
- Comprehensive unit and e2e tests
@wasaga

wasaga commented Apr 22, 2026

Copy link
Copy Markdown
Contributor Author

superseded by relevant implementations in the products themselves

@wasaga wasaga closed this Apr 22, 2026
@wasaga wasaga deleted the wasaga/pomerium-mcp-server branch April 22, 2026 21:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant