firefox-relay-mcp

firefox-relay-mcp

Enables managing Firefox Relay masks (random and domain) via MCP tools, including listing, creating, updating, and disabling masks.

Category
Visit Server

README

Firefox Relay MCP Gateway

CI License: MIT

Stateless Streamable HTTP MCP gateway for Firefox Relay, built for Cloudflare Workers.

Features

  • Stateless remote MCP server for Firefox Relay
  • OAuth Authorization Code + PKCE (S256) for MCP clients
  • Encrypted Firefox Relay API key envelope inside signed JWT artifacts
  • Streamable HTTP MCP endpoint at /mcp
  • Random mask list/create/update/disable operations
  • Optional custom-domain mask listing when the Relay account supports it

Requirements

  • Node.js 20+
  • npm
  • Cloudflare account with Wrangler authentication
  • A Firefox Relay account with an API key

Connector values

MCP Server URL: https://your-worker.example.com/mcp
Authorization server base URL: https://your-worker.example.com
Resource: https://your-worker.example.com/mcp

What it does

  • Exposes MCP Streamable HTTP at /mcp
  • Acts as its own OAuth Authorization Server for remote MCP clients
  • Collects a user-provided Firefox Relay API key during OAuth consent
  • Encrypts that API key into signed JWT artifacts and does not store it in a database
  • Lets MCP clients list, create, update, and disable Firefox Relay masks

Firefox Relay API key

Users can find the Firefox Relay API key in Firefox Relay under profile icon → Settings.

Supported MCP tools

  • relay_list_random_masks
  • relay_create_random_mask
  • relay_update_random_mask
  • relay_disable_random_mask
  • relay_list_domain_masks

Install

npm install

Quick start

  1. Install dependencies.
  2. Set Worker secrets.
  3. Configure non-secret vars in wrangler.toml or via deploy-time environment overrides.
  4. Run npm run dev for local testing.
  5. Run npm test and npm run typecheck.
  6. Deploy with npm run deploy.

Configure non-secret Worker vars

Update wrangler.toml or your deployment environment with:

  • OAUTH_ISSUER
  • MCP_RESOURCE
  • MCP_AUDIENCE
  • OAUTH_REDIRECT_HTTPS_HOSTS
  • RELAY_DEFAULT_BASE_URL
  • ACCESS_TOKEN_DEFAULT_TTL_DAYS
  • ACCESS_TOKEN_MAX_TTL_DAYS
  • AUTH_CODE_TTL_SECONDS

For public release, wrangler.toml intentionally uses placeholder URLs. Set these to your real deployment values before production deploys:

  • OAUTH_ISSUER=https://your-worker.example.com
  • MCP_RESOURCE=https://your-worker.example.com/mcp
  • MCP_AUDIENCE=https://your-worker.example.com/mcp

Set Worker secrets

Generate and pipe each secret directly into Wrangler:

openssl rand -base64 48 | tr -d '\n' | wrangler secret put OAUTH_JWT_SIGNING_KEY_B64
openssl rand -base64 32 | tr -d '\n' | wrangler secret put UPSTREAM_CONFIG_ENC_KEY_B64
openssl rand -base64 48 | tr -d '\n' | wrangler secret put CSRF_SIGNING_KEY_B64

Deploy sequence

If you do not know the final public Worker URL yet, use this order:

  1. Bootstrap deploy once to get the real workers.dev URL.
  2. Set the three Worker secrets.
  3. Redeploy with real OAUTH_ISSUER, MCP_RESOURCE, and MCP_AUDIENCE values.

Run locally

npm run dev

Validate

npm test
npm run typecheck

Deploy

npm run deploy

Public connector values

After deployment, configure remote MCP clients with:

MCP Server URL: https://your-worker.example.com/mcp
Authorization server base URL: https://your-worker.example.com
Resource: https://your-worker.example.com/mcp

OAuth and stateless design summary

  • /register issues deterministic public client_id values for allowlisted redirect URIs
  • /authorize validates PKCE S256, renders consent, validates the Firefox Relay API key, and issues a short-lived signed auth-code JWT
  • /token exchanges the auth code for bearer access and refresh JWTs
  • JWTs carry an AES-GCM encrypted Relay config envelope; plaintext credentials are never persisted server-side
  • /mcp verifies the access token, decrypts the Relay config, creates a fresh Worker-safe MCP server and transport, and serves the request

Stateless caveats

  • Auth codes are not one-time-use across all isolates because no server-side state is stored
  • Refresh tokens cannot be globally revoked without a stateful primitive
  • Strict global rate limiting requires Durable Objects, KV, or Cloudflare-managed rate limiting

Manual smoke test notes

  1. Register a client with an allowlisted redirect URI.
  2. Complete /authorize with a Firefox Relay API key.
  3. Exchange the returned code at /token.
  4. Call /mcp with the returned bearer token.
  5. Confirm tools list and successful mask operations.

Privacy and security notes

  • The Worker encrypts the Firefox Relay API key into MCP JWT artifacts and does not store it in a database.
  • The Worker is designed to avoid logging API keys, bearer tokens, decrypted envelopes, cookies, or CSRF tokens.
  • Upstream Relay errors are sanitized before they are returned to MCP clients.

Known limitations

  • Auth codes are not globally one-time-use without stateful storage.
  • Refresh tokens cannot be globally revoked without stateful storage.
  • Strict global rate limiting requires Durable Objects, KV, or a Cloudflare-managed alternative.
  • Domain-mask behavior depends on account capabilities and may require Relay premium/custom-domain support.

Project docs

  • docs/PRODUCT_REQUIREMENTS.md
  • docs/IMPLEMENTATION_PLAN.md
  • docs/PROJECT_STATE.md
  • docs/DECISIONS.md
  • docs/RUNBOOK.md

Contributing

See CONTRIBUTING.md.

Security

See SECURITY.md.

License

MIT

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured