Skip to content

Instantly share code, notes, and snippets.

@moosh3

moosh3/prd.md

Created March 28, 2025 16:35
Show Gist options
  • Save moosh3/0d88d7bc91697234d4b520b902039023 to your computer and use it in GitHub Desktop.
Save moosh3/0d88d7bc91697234d4b520b902039023 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
prd.md

PRD: DRW MCP

1. Product overview

1.1 Document title and version

  • PRD: DRW MCP
  • Version: v0.0.1

1.2 Product summary

  • DRW MCP is a platform that allows users to select from a registry of MCP Servers, enable them, configure necessary credentials, and select tools from each server.

  • The platform generates a unique URL that users can provide to an MCP Client to discover and use all configured tools, eliminating the need to run multiple MCP servers locally.

2. Goals

2.1 Business goals

  • Allow DRW to expose a platform of MCP Servers in a controlled fashion to ensure security and compliance
  • Stop developers from using dangerous MCP Servers or malicious servers
  • Create a centralized, controlled registry of approved MCP servers

2.2 User goals

  • Enable developers to configure multiple MCP Servers
  • Expose local MCP clients to an "aggregated" MCP server via a unique URL (ex: https://ai.drw/$uuid)
  • Access all of the tools set up on the platform without technical knowledge of MCP
  • Simplify the process of using MCP tools with AI-enabled IDEs

2.3 Non-goals

  • We don't want to do anything outside of the scope of creating an aggregated MCP server
  • We want to ensure each user has access only to the servers they enabled
  • We are not creating new MCP servers from scratch, only aggregating existing ones
  • We are not modifying the MCP specification

3. User personas

3.1 Key user types

  • Developer who has a local MCP client and wants to use tools from MCP servers
  • Administrator that can add, remove, and modify the settings for MCP Servers in the registry
  • View-only user (team manager) who wants to see what tools are in use, how many users are using them, and how often

3.2 Basic persona details

  • Developers: Technical users who want to enhance their AI-enabled IDEs with MCP tools but do not necessarily understand the MCP specification details. They need a simple configuration process.
  • Administrators: Power users who understand MCP specifications and can evaluate which MCP servers should be included in the registry for company-wide use.
  • View-only Users: Team managers who need visibility into tool usage and adoption but don't need to configure servers themselves.

3.3 Role-based access

  - **Developers**: Can browse the MCP server registry, configure server credentials, enable/disable servers, generate unique MCP URLs, and manage personal settings.
  - **Administrators**: Can add, remove, or modify MCP servers in the registry, view analytics across all users, and perform all developer actions.
  - **View-only Users**: Can access analytics dashboards showing tool usage patterns, server popularity, and other metrics without the ability to modify configurations.

4. Functional requirements

  • MCP Server Registry View (Priority: High)
    • Display a list of available MCP Servers and their exposed Tools
    • Provide filtering and search capabilities
    • Show detailed information about each server and its tools
  • Server Connection Configuration (Priority: High)
    • Allow users to add connection details for each server
    • Securely store sensitive information like API tokens and database credentials
    • Support various authentication methods required by different MCP servers
  • Admin Server Management (Priority: High)
    • Enable admins to remove, add, or edit MCP Servers in the registry
    • Provide tools for server testing and verification
    • Allow admins to disable problematic servers across all users
  • Analytics Dashboard (Priority: Medium)
    • Track and display server and tool usage statistics
    • Provide insights on popular tools and servers
    • Show user-specific usage patterns
  • User Interface (Priority: High)
    • Create a robust UI for users to create their "aggregated" server
    • Provide visual distinctions between enabled and available servers
    • Support intuitive configuration workflows
  • Authentication and Authorization (Priority: High)
    • Implement OAuth authentication
    • Support role-based access control (RBAC)
    • Ensure proper user isolation
  • MCP Resource and Prompt Support (Priority: Medium)
    • Support MCP Resources in addition to Tools
    • Support MCP Prompts
    • Allow users to configure both components

5. User experience

5.1. Entry points & first-time user flow

  • Users authenticate through OAuth
  • First-time users are brought to a "let's get started" page with a high-level platform description
  • Users are then taken to the dashboard showing the full registry of available MCP Servers
  • Clear visual cues guide users through the initial setup process
  • Contextual help is available for new users

5.2. Core experience

  • Browse Server Registry: Each MCP Server is displayed as a clean component with name and icon.
    • Enabled servers are visually distinct (green, with 'enabled' label) making it easy to identify which servers are already configured
  • Configure Servers: Users click 'configure' to access a dedicated page for each server.
    • The configuration page shows a concise description of the server, lists all tools it exposes, and provides necessary input fields
  • Generate MCP URL: The navigation bar includes a 'MCP URL' entry leading to a URL generation page.
    • Users click a generate button to create a unique URL for their aggregated server
    • Copy-to-clipboard and regenerate options are prominently displayed
  • View Configuration Examples: Examples of MCP config JSON files are shown for popular clients like Cursor, Windsurf, or Goose
    • Step-by-step instructions help users connect their clients

5.3. Advanced features & edge cases

  • URL regeneration if security is compromised
  • Handling server unavailability or credential issues
  • Managing server version updates and compatibility changes
  • Providing diagnostic tools when MCP clients fail to connect
  • Supporting bulk operations for power users with many servers

5.4. UI/UX highlights

  • Visual differentiation between enabled and available servers
  • Clear configuration process with server descriptions and tool listings
  • Simple URL generation process with security considerations (regeneration option)
  • Clean, modern interface with consistent styling
  • Responsive design supporting various device sizes
  • Accessibility features ensuring all users can interact with the platform

6. Narrative

Alex is a developer at DRW who wants to enhance his Cursor IDE with MCP tools to automate repetitive tasks and access company resources. He logs into the DRW MCP platform and navigates through a visually appealing registry of available servers. After enabling the GitHub, PostgreSQL, and JIRA servers, he enters his credentials for each. Alex then generates a unique MCP URL, copies the configuration example into his Cursor settings, and immediately gains access to all the tools he configured, significantly boosting his productivity without needing to understand complex MCP specifications.

7. Success metrics

7.1. User-centric metrics

  • User satisfaction with the platform
  • Time to configure servers (should be under 2 minutes per server)
  • Response time of the UI (should feel snappy and responsive)
  • Response time of the MCP Servers responding to MCP client requests
  • Number of servers each user has enabled
  • Frequency of tool usage through the platform

7.2. Business metrics

  • Compliance improvements from reducing unauthorized MCP server usage
  • Number of external services accessible to LLMs through the platform
  • Adoption rate among developers
  • Reduction in security incidents related to unauthorized MCP servers
  • Time saved by developers through MCP tool automation

7.3. Technical metrics

  • Platform uptime (targeting 99.9%)
  • API response time
  • Error rates (should be below 0.1%)
  • Server initialization time
  • Resource utilization in the Kubernetes environment
  • Time to propagate configuration changes

8. Technical considerations

8.1. Integration points

  • OAuth for authentication
  • MCP SDK (both Python and TypeScript) for server creation and integration
  • Kubernetes for deployment
  • Various third-party MCP servers
  • Popular MCP clients (Cursor, Windsurf, Goose)
  • Internal company systems requiring authentication

8.2. Data storage & privacy

  • Secure storage of user authentication details
  • Encrypted storage of sensitive connection credentials (API tokens, database strings)
  • Proper permissions management to ensure users only access their own configured servers
  • Compliance with data privacy regulations
  • Regular audit trail of access and changes
  • Secure deletion of credentials when servers are disabled

8.3. Scalability & performance

  • Ability to handle multiple concurrent MCP servers
  • Efficient resource utilization in Kubernetes environment
  • Fast response times for API requests
  • Caching strategies for improved performance
  • Horizontal scaling capabilities for increased user load
  • Load balancing across multiple instances

8.4. Potential challenges

  • Scaling the number of unique MCP servers created per user
  • Securely managing sensitive credentials
  • Ensuring proper isolation between different users' servers
  • Performance impact when combining multiple MCP servers into one endpoint
  • Maintaining compatibility with different MCP client implementations
  • Handling potential rate limiting from external services

9. Milestones & sequencing

9.1. Project estimate

  • Small to Medium: 2-4 weeks

9.2. Team size & composition

  • Small Team: 1-2 total people
    • Developer and Claude AI

9.3. Suggested phases

  • Phase 1: Create the backend API structure (3-5 days)
    • Key deliverables: API routes, controller structure, basic server setup
  • Phase 2: Create the authentication flow in the API (2-3 days)
    • Key deliverables: OAuth integration, user authentication, RBAC implementation
  • Phase 3: Create database models (2-3 days)
    • Key deliverables: Database models for Users, MCP Servers, MCP Tools, MCP Server Connection Info
  • Phase 4: Create backend for aggregated MCP servers (4-5 days)
    • Key deliverables: Logic for generating MCP Servers with multiple enabled servers, server isolation
  • Phase 5: Create API for unique URLs (1-2 days)
    • Key deliverables: URL generation, validation, and regeneration functionality
  • Phase 6: Create Frontend (5-7 days)
    • Key deliverables: UI for registry, server configuration, users, MCP URL generation

10. User stories

10.1. User authentication

  • ID: US-001
  • Description: As a user, I want to authenticate with OAuth so that I can securely access the platform.
  • Acceptance criteria:
    • Users can log in using their company OAuth credentials
    • Authentication tokens are securely managed
    • Session timeouts are properly handled
    • Failed login attempts are tracked and limited

10.2. Viewing available MCP servers

  • ID: US-002
  • Description: As a developer, I want to browse a registry of available MCP servers so that I can discover tools that might be useful for my work.
  • Acceptance criteria:
    • Registry displays all available MCP servers with names and icons
    • Servers can be filtered or searched
    • Each server shows a brief description
    • Enabled servers are visually distinct from available ones
    • Details about each server's tools can be viewed

10.3. Configuring MCP servers

  • ID: US-003
  • Description: As a developer, I want to configure connection details for MCP servers so that they can access the required external services.
  • Acceptance criteria:
    • Configuration page displays required fields for each server
    • Sensitive information is securely stored
    • Validation ensures all required fields are completed
    • Configuration can be tested before saving
    • Error messages are clear and actionable

10.4. Enabling/disabling MCP servers

  • ID: US-004
  • Description: As a developer, I want to enable or disable specific MCP servers so that I can control which ones are included in my aggregated server.
  • Acceptance criteria:
    • Servers can be enabled or disabled with a single action
    • Status changes are immediately reflected in the UI
    • Disabled servers are removed from the aggregated endpoint
    • Enabling a server prompts for configuration if not already set up

10.5. Generating unique MCP URL

  • ID: US-005
  • Description: As a developer, I want to generate a unique URL for my aggregated MCP server so that I can configure my MCP client to use it.
  • Acceptance criteria:
    • URL generation page is accessible from navigation
    • Generate button creates a unique URL
    • URL is displayed in a copyable format
    • Copy to clipboard button is provided
    • Example configuration for popular clients is shown

10.6. Adding MCP servers to registry

  • ID: US-006
  • Description: As an administrator, I want to add new MCP servers to the registry so that developers can use them.
  • Acceptance criteria:
    • Admin interface allows adding new server definitions
    • Required server metadata can be specified
    • Server can be tested before being published
    • Server becomes immediately available in the registry
    • Notification system alerts users of new servers

10.7. Modifying registry servers

  • ID: US-007
  • Description: As an administrator, I want to remove or modify existing MCP servers in the registry to maintain security and relevance.
  • Acceptance criteria:
    • Admins can edit server details and configurations
    • Servers can be removed from the registry
    • Changes to servers are tracked in audit logs
    • User impact assessment is shown before removal
    • Affected users are notified of changes

10.8. Viewing analytics

  • ID: US-008
  • Description: As a manager, I want to view analytics on MCP server and tool usage so that I can understand which tools are most valuable to the team.
  • Acceptance criteria:
    • Analytics dashboard shows server and tool usage
    • Data can be filtered by time period and user groups
    • Visualizations highlight popular tools and servers
    • Export functionality for reports is available
    • Data is refreshed regularly

10.9. Regenerating MCP URL

  • ID: US-009
  • Description: As a developer, I want to regenerate my MCP URL if it's compromised so that I can maintain secure access to my aggregated server.
  • Acceptance criteria:
    • Regenerate button is available on the URL page
    • Old URL is invalidated immediately upon regeneration
    • New URL is generated and displayed
    • Confirmation is required before regeneration
    • History of URL regenerations is tracked

10.10. Copying configuration examples

  • ID: US-010
  • Description: As a developer, I want to see examples of MCP client configurations so that I can easily set up my tools like Cursor, Windsurf, or Goose.
  • Acceptance criteria:
    • Configuration examples for major MCP clients are shown
    • Examples include the user's specific URL
    • Copy button is available for each example
    • Examples are kept up to date with client requirements
    • Instructions for applying configurations are clear
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment