MCP Bridge: A Lightweight, LLM-Agnostic RESTful Proxy for Model Context Protocol Servers (2504.08999v1)

Abstract: LLMs are increasingly augmented with external tools through standardized interfaces like the Model Context Protocol (MCP). However, current MCP implementations face critical limitations: they typically require local process execution through STDIO transports, making them impractical for resource-constrained environments like mobile devices, web browsers, and edge computing. We present MCP Bridge, a lightweight RESTful proxy that connects to multiple MCP servers and exposes their capabilities through a unified API. Unlike existing solutions, MCP Bridge is fully LLM-agnostic, supporting any backend regardless of vendor. The system implements a risk-based execution model with three security levels standard execution, confirmation workflow, and Docker isolation while maintaining backward compatibility with standard MCP clients. Complementing this server-side infrastructure is a Python based MCP Gemini Agent that facilitates natural language interaction with MCP tools. The evaluation demonstrates that MCP Bridge successfully addresses the constraints of direct MCP connections while providing enhanced security controls and cross-platform compatibility, enabling sophisticated LLM-powered applications in previously inaccessible environments

• The paper introduces MCP Bridge, a RESTful proxy that unifies multiple MCP servers to overcome local process constraints in resource-limited environments.
• It leverages a Node.js and Express technology stack with a risk-based execution model, ensuring flexible integration and enhanced security for various LLM backends.
• The implementation supports both STDIO and SSE transports and includes a Python-based MCP-Gemini Agent to demonstrate practical LLM integration and tool management.

This paper introduces MCP Bridge, a lightweight, LLM-agnostic proxy designed to overcome limitations in current implementations of the Model Context Protocol (MCP). MCP aims to standardize how LLMs connect to external tools and data sources. However, existing MCP servers often rely on STDIO transports, requiring local process execution. This makes them unsuitable for resource-constrained environments like mobile devices, web browsers, or edge computing platforms. Direct connections also lead to redundancy and increased resource usage.

MCP Bridge addresses these issues by acting as an intermediary RESTful proxy. It connects to multiple backend MCP servers (supporting both STDIO and Server-Sent Events (SSE) transports) and exposes their combined capabilities through a single, unified REST API. This architecture decouples client applications from the MCP server processes, allowing clients in restricted environments to access MCP tools without needing to run local processes.

Key features and implementation details of MCP Bridge include:

• LLM Agnosticism: It is designed to work with any LLM backend, promoting flexibility and avoiding vendor lock-in.
• Technology Stack: Built using Node.js, Express.js for the REST API, the child_process module for managing MCP server processes, and the Docker SDK for containerized execution. This stack ensures a minimal footprint and efficient non-blocking I/O.
• RESTful API: Provides standardized endpoints for managing servers (/servers), checking health (/health), handling confirmations (/confirmations/{id}), and interacting with specific server tools, resources, and prompts (/servers/{id}/tools, /servers/{id}/resources, etc.).
• Server Management: Dynamically manages the lifecycle (start, monitor, stop) of connected MCP servers. It discovers server capabilities upon connection and uses techniques like heartbeat monitoring and automatic reconnection for robustness.

• Risk-Based Execution Model: Implements three security levels for tool execution:

  1. Low Risk (Level 1): Standard, direct execution for safe, read-only operations.
  2. Medium Risk (Level 2): Requires a confirmation workflow. The proxy returns a confirmation ID, and the client must send a separate request to confirm execution, suitable for potentially modifying operations.
  3. High Risk (Level 3): Executes the tool within an isolated Docker container for maximum security, configured with specific resource limits and network controls.

The paper also presents the MCP-Gemini Agent, a Python client application demonstrating how to integrate MCP Bridge with an LLM (specifically Google's Gemini). This agent allows users to interact with MCP tools via natural language. It fetches available tools from MCP Bridge, uses the LLM to determine which tool(s) to call based on the user's query, executes the calls via the MCP Bridge API, handles the confirmation workflow for medium-risk tools, and presents the results back to the user, potentially involving the LLM again for summarizing or follow-up actions.

The primary contribution of MCP Bridge is enabling the use of MCP-compatible tools in environments previously inaccessible due to execution constraints. It enhances security through its risk-based model and promotes interoperability by providing a standardized, LLM-independent interface. The open-source implementation is available on GitHub.

Future work suggestions include performance optimizations (e.g., connection pooling, request batching, caching), enhanced security features (e.g., fine-grained access control, identity provider integration), research into intelligent request scheduling, developing translation layers for non-MCP tools, and exploring federated deployment architectures.