homelab/.github/prompts/plan-homelabMcpGatewayMvp.prompt.md

Plan: Homelab MCP Gateway MVP with Traefik Shard

TL;DR

Build a modular MCP (Model Context Protocol) Gateway on Waldorf that routes tool requests to specialized shards. MVP includes the Traefik shard (for dynamic route management) plus a template for creating additional shards. Each shard can fetch its service's documentation from the internet on-demand.

Approach: Python-based using mcp.server.fastmcp, deploy via single docker-compose on Waldorf, no authentication (trust internal network), web fetching for live documentation.

---

Steps

Phase 1: Infrastructure Setup

1. Create unified directory structure on Waldorf

   • /nodes/waldorf/mcp-system/ with single compose.yaml
   • /nodes/waldorf/mcp-system/gateway/ for Gateway code
   • /nodes/waldorf/mcp-system/traefik-shard/ for Traefik Shard code

2. Create shared template directory (parallel with step 1)

   • /mcp_root/template/ for shard template files
   • Documentation: /mcp_root/template/README.md

Phase 2: Gateway Implementation

3. Build Gateway core functionality (depends on step 1)

   • Shard registry (discover and register shards)
   • Tool routing (forward requests to appropriate shard)
   • Health check aggregation
   • Startup logic to discover available shards

4. Create Gateway Dockerfile and requirements.txt (parallel with step 3)

   • Python 3.11 base image
   • Install mcp, httpx, pyyaml

Phase 3: Traefik Shard Implementation

5. Implement Traefik Shard with 7 tools (depends on step 1)

   • list_routes - Query Traefik API for all routes
   • create_route - Write new YAML file to /dynamic/mcp-managed/
   • delete_route - Remove route YAML file
   • validate_config - YAML syntax check + Traefik API validation
   • get_backend_status - Health check backend services
   • check_ssl_status - Query Traefik API for cert info
   • reload_config - Trigger Traefik config reload (if needed)

6. Add documentation fetcher to Traefik Shard (parallel with step 5)

   • Tool: get_traefik_docs(topic) - Fetch from docs.traefik.io
   • Use httpx to fetch and cache temporarily
   • Parse HTML/Markdown for relevant sections

7. Implement shard registration with Gateway (depends on step 5)

   • Health endpoint for Gateway discovery
   • Tool manifest endpoint (list available tools)

8. Create Traefik Shard Dockerfile and requirements.txt (depends on step 5)

   • Python 3.11 base image
   • Install mcp, httpx, pyyaml, beautifulsoup4

9. Create unified docker-compose.yaml (depends on steps 4, 8)

   • Gateway service with appdata mount
   • Traefik Shard service with NFS mount to /mnt/appdata/traefik/dynamic:rw
   • Shared Docker network for inter-shard communication
   • Environment: TRAEFIK_API_URL=http://10.0.0.151:8080/api (reach Heimdall)

Phase 4: Prepare Traefik Integration

10. Create /mnt/appdata/traefik/dynamic/mcp-managed/ directory (depends on step 9)

    • Isolated folder for MCP-managed routes (safer, easier cleanup)
    • Traefik file watcher will auto-detect changes here

11. Verify Traefik allows write access (parallel with step 10)

    • Confirm NFS mount on Waldorf allows writes to /mnt/appdata/traefik/dynamic/
    • If needed, update Traefik mount from :ro to :rw in nodes/heimdall/core/compose.yaml

Phase 5: Shard Template Creation

12. Create comprehensive shard template (depends on steps 5-7)

    • template/shard_template.py - Skeleton MCP server
    • template/Dockerfile.template - Standard container build
    • template/compose.yaml.template - Docker compose service boilerplate
    • template/requirements.txt - Common dependencies

13. Write template documentation (parallel with step 12)

    • /mcp_root/template/README.md - How to create a new shard
    • /mcp_root/template/INTEGRATION.md - How shards register with Gateway
    • /mcp_root/ARCHITECTURE.md - Overall system design

Phase 6: Deployment & Validation

14. Deploy unified MCP system on Waldorf (depends on steps 9, 10)

    • docker compose up in /nodes/waldorf/mcp-system/
    • Verify Gateway logs show successful startup and shard discovery
    • Verify Traefik Shard registers successfully

15. Test tool execution (depends on step 14)

    • Gateway → list_routes → Traefik Shard → Traefik API (Heimdall)
    • Create test route for validation
    • Verify documentation fetcher works

16. Integration with Open WebUI (depends on step 15)

    • Update /nodes/waldorf/openwebui/compose.yaml to connect to MCP Gateway
    • Configure MCP Gateway connection in Open WebUI (localhost since same host)
    • Test end-to-end LLM → Gateway → Shard flow

---

Relevant Files

• ansible/archive/scripts/ansible_mcp_server.py - Reference implementation showing MCP server patterns, job tracking, configuration
• nodes/heimdall/core/compose.yaml - Contains Traefik service definition (lines 10-50), needs mount permission update
• nodes/waldorf/openwebui/compose.yaml - Open WebUI config with commented MCP Gateway integration (lines 15-17)
• ansible/archive/outputs/heimdall-baseline-20260312T214117/traefik_configs/traefik.yml - Static Traefik config showing API endpoint, providers, file watch
• ansible/archive/outputs/heimdall-baseline-20260312T214117/traefik_configs/static-backends.yml - Example dynamic route structure to replicate
• ansible/archive/outputs/heimdall-baseline-20260312T214117/traefik_configs/middleware.yml - Existing middleware definitions to reference

---

Verification

1. Gateway Health Check: curl http://10.0.0.251:9100/health returns shard registry
2. Shard Registration: Gateway logs show Traefik shard discovered and registered
3. Tool Execution: Call list_routes through Gateway, receive Traefik API response
4. Route Creation: Create test route test.castaldifamily.com → Appears in Traefik dashboard
5. Documentation Fetcher: Call get_traefik_docs("middlewares") → Returns relevant Traefik docs
6. File Validation: Check /mnt/appdata/traefik/dynamic/mcp-managed/ contains created routes
7. Traefik Reload: Verify Traefik auto-detects new YAML files (file watch enabled)
8. Open WebUI Integration: Send message in Open WebUI that triggers MCP tool → See logs in Gateway
9. Template Usability: Follow template README to create a stub "Dozzle Shard" → Registers successfully

---

Decisions

• Language: Python (mcp.server.fastmcp) - matches existing Ansible MCP server pattern
• Deployment Location: All components on Waldorf (10.0.0.251) - stable 24/7 node with 16GB RAM, runs Open WebUI
• Single Compose File: Gateway + all shards in one docker-compose.yaml - simpler MVP, easier debugging
• Traefik Access: Shard reaches Traefik API on Heimdall via http://10.0.0.151:8080/api, writes to shared NFS mount /mnt/appdata/traefik/dynamic/
• Authentication: None for MVP - trust internal network isolation (add in future if needed)
• Documentation Fetching: On-demand web fetching using httpx - fetch from official service docs when tool is called
• Route Management: Create isolated /mcp-managed/ subdirectory in Traefik dynamic config - safer than mixing with existing routes
• All 7 Traefik tools included: list_routes, create_route, delete_route, validate_config, get_backend_status, check_ssl_status, reload_config

---

Scope Boundaries

Included:

• MCP Gateway with shard discovery and routing
• Complete Traefik shard with 7 tools + documentation fetcher
• Comprehensive template for creating new shards
• Integration with Open WebUI
• Single docker-compose deployment on Waldorf

Excluded:

• Additional shards (Dozzle, Authentik) - future work, use template to create
• Authentication/authorization - trust network for MVP
• Monitoring/metrics collection - add later if needed
• Web UI for Gateway management - CLI/API only for MVP
• Advanced caching for documentation - simple in-memory cache only
• Cross-node service mesh networking - direct HTTP between containers
• Ansible playbook for automated deployment - manual docker compose for MVP

---

Further Considerations

None - all clarifications obtained. Ready for implementation.