Fig MCP
Secure multi-tenant AI gateway for booking data via MCP.
Production-grade multi-tenant MCP (Model Context Protocol) server acting as a secure AI gateway for the Fig Booking SaaS platform. Enables Claude Desktop, Claude Code, Cursor, and any MCP-compatible AI client to read and write booking data through a standardized JSON-RPC 2.0 interface — built from scratch with no SDK.
Tech Stack
Key Highlights
Implemented the full MCP JSON-RPC 2.0 protocol from scratch — initialize, ping, tools/list, tools/call — with protocol version negotiation and per-connection permission enforcement.
Built multi-layer security: Argon2id-hashed API keys, AES-256-GCM encrypted credential storage per tenant, and HMAC-SHA256 webhook auth with 5-minute replay protection.
Designed event-driven webhook fan-out with idempotent inbound ingestion, async exponential retry ([1s, 5s, 15s]), HMAC-signed outbound payloads, and per-subscription delivery stats.
Built parallel quote creation pipeline using asyncio.gather to concurrently fetch service catalog and price estimates before server-side cross-referential validation.
Full audit trail: every tool call asynchronously written to MongoDB with TTL-based 30-day auto-expiry.
Screenshots
Main dashboard
Screenshot coming soon
Detail view
Screenshot coming soon
Mobile responsive
Screenshot coming soon
Screenshots will be added soon.