The v2.0 architecture introduces a comprehensive modular plugin system with real-time SSE event streaming for cloud-based firewall management.
✨ Modular Plugin Architecture
- 10+ plugin categories mirroring OPNsense's ecosystem
- Hot-reloadable plugins
- Dependency management
- Lifecycle management
🔄 Real-Time Event Streaming
- Server-Sent Events (SSE) for live updates
- Event bus for inter-plugin communication
- Filtered event subscriptions
- Event history and replay
🎯 Enhanced Developer Experience
- Simple plugin development API
- Comprehensive TypeScript types
- Auto-discovery and registration
- Hot reload during development
🚀 Production Ready
- Health checks and monitoring
- Plugin isolation
- Graceful degradation
- Comprehensive logging
┌─────────────────────────────────────────────────────────────┐
│ MCP Client (Claude) │
└─────────────────────────────────────────────────────────────┘
▼
┌─────────────────────────────────────────────────────────────┐
│ SSE Server (Real-time Events) │
│ - HTTP API endpoints │
│ - Event streaming │
│ - Plugin management │
└─────────────────────────────────────────────────────────────┘
▼
┌─────────────────────────────────────────────────────────────┐
│ Plugin System Core │
│ - Plugin Registry │
│ - Event Bus │
│ - Lifecycle Management │
└─────────────────────────────────────────────────────────────┘
▼
┌─────────────────────────────────────────────────────────────┐
│ Plugin Modules │
│ Core | VPN | Security | Monitoring | Services | ... │
└─────────────────────────────────────────────────────────────┘
- core-firewall - Firewall rules and aliases
- core-network - Interfaces, VLANs, bridges
- core-nat - Port forwarding, outbound NAT
- vpn-openvpn - OpenVPN servers and clients
- vpn-ipsec - IPsec site-to-site and remote access
- vpn-wireguard - Modern WireGuard VPN
- security-ids - Suricata IDS/IPS
- security-av - ClamAV antivirus
- security-cert - Let's Encrypt certificates
- monitoring-system - System resource monitoring
- monitoring-netdata - Real-time performance
- monitoring-zabbix - Enterprise monitoring
- services-dns - Unbound DNS
- services-dhcp - DHCPv4/v6
- services-haproxy - Load balancing
- routing-frr - FRRouting (BGP, OSPF)
- routing-static - Static routes
- Traffic management
- Proxy services
- Backup & HA
- Utilities
# Clone repository
git clone https://github.com/vespo92/OPNSenseMCP.git
cd OPNSenseMCP
# Install dependencies
npm install
# Copy configuration
cp config/opnsense-mcp.example.json config/opnsense-mcp.json
# Edit configuration
nano config/opnsense-mcp.jsonUpdate config/opnsense-mcp.json:
{
"server": {
"host": "0.0.0.0",
"port": 3000,
"transport": "sse"
},
"opnsense": {
"host": "192.168.1.1",
"apiKey": "your-api-key",
"apiSecret": "your-api-secret",
"verifySsl": false
},
"plugins": {
"autoLoad": true,
"enabled": [
"core-firewall",
"core-network",
"vpn-openvpn",
"monitoring-system"
]
}
}# Development mode (with auto-reload)
npm run dev:v2
# Production mode
npm run build
npm run start:v2Once started, you can access:
- Event Stream: http://localhost:3000/sse/events
- API Documentation: http://localhost:3000/api/plugins
- System Status: http://localhost:3000/api/system/status
- Health Check: http://localhost:3000/health
const eventSource = new EventSource('http://localhost:3000/sse/events');
eventSource.addEventListener('firewall.rule.created', (event) => {
const data = JSON.parse(event.data);
console.log('New firewall rule:', data);
});
eventSource.addEventListener('vpn.tunnel.connected', (event) => {
const data = JSON.parse(event.data);
console.log('VPN tunnel connected:', data);
});# Only firewall events
curl http://localhost:3000/sse/events/firewall
# Only VPN events
curl http://localhost:3000/sse/events/vpn
# Only security alerts
curl http://localhost:3000/sse/events/security
# Custom filter
curl "http://localhost:3000/sse/events?severity=error&severity=critical"- System: startup, shutdown, config changes
- Firewall: rule CRUD, triggers
- Network: interface up/down, VLAN changes
- VPN: connections, disconnections
- Security: IDS alerts, auth failures
- Monitoring: resource alerts, metrics
- Services: service status changes
mkdir -p src/plugins/custom/my-plugin
cd src/plugins/custom/my-plugin{
"metadata": {
"id": "custom-myplugin",
"name": "My Custom Plugin",
"version": "1.0.0",
"description": "Does amazing things",
"category": "custom",
"author": "Your Name",
"enabled": true
},
"config": {
"option1": "value1"
},
"dependencies": []
}import { BasePlugin } from '../../../core/plugin-system/base-plugin.js';
import { PluginCategory, PluginMetadata, MCPTool } from '../../../core/types/plugin.js';
export default class MyPlugin extends BasePlugin {
readonly metadata: PluginMetadata = {
id: 'custom-myplugin',
name: 'My Custom Plugin',
version: '1.0.0',
description: 'Does amazing things',
category: PluginCategory.CUSTOM,
author: 'Your Name',
enabled: true,
};
protected async onInitialize(): Promise<void> {
this.logger.info('Plugin initialized');
}
protected async onStart(): Promise<void> {
this.logger.info('Plugin started');
}
getTools(): MCPTool[] {
return [
{
name: 'my_tool',
description: 'My awesome tool',
inputSchema: { type: 'object', properties: {} },
handler: async () => ({ success: true }),
},
];
}
getResources() { return []; }
getPrompts() { return []; }
getDependencies() { return []; }
}npm run build
npm run dev:v2Your plugin will be automatically discovered and loaded!
# List all plugins
GET /api/plugins
# Get plugin details
GET /api/plugins/{id}
# Check plugin health
GET /api/plugins/{id}/health# Get event history
GET /api/events/history?limit=100
# Get event statistics
GET /api/events/stats# Get system status
GET /api/system/status
# Get system statistics
GET /api/system/stats# List connected SSE clients
GET /api/sse/clients
# Get SSE statistics
GET /api/sse/stats# Overall health
curl http://localhost:3000/health
# Plugin-specific health
curl http://localhost:3000/api/plugins/core-firewall/health# Last 100 events
curl http://localhost:3000/api/events/history?limit=100
# Filter by type
curl "http://localhost:3000/api/events/history?types=firewall.rule.created"
# Filter by plugin
curl "http://localhost:3000/api/events/history?plugins=core-firewall"# Plugin statistics
curl http://localhost:3000/api/system/stats
# Event statistics
curl http://localhost:3000/api/events/stats
# SSE statistics
curl http://localhost:3000/api/sse/statsThe v2 architecture is designed to coexist with v1.x. You can:
- Run both versions - v1 on STDIO, v2 on SSE
- Gradual migration - Move plugins one by one
- Full upgrade - Switch entirely to v2
- Review new architecture docs
- Test v2 with existing config
- Migrate custom tools to plugins
- Update integrations to use SSE
- Switch production to v2
- Architecture v2 - Detailed architecture
- Plugin Development Guide - Create plugins
- API Reference - HTTP API docs
- Event Reference - Event types
See the examples/ directory for:
- Plugin templates
- SSE client examples
- Dashboard integrations
- Monitoring setups
v2 architecture improvements:
- 30% faster tool execution (plugin caching)
- Real-time events (no polling needed)
- Modular loading (load only what you need)
- Horizontal scaling (multiple instances via Redis)
- Core plugin system
- Event bus and SSE streaming
- Example plugins (firewall, VPN, monitoring)
- Plugin marketplace
- Web dashboard
- Plugin hot-reload
- Multi-firewall orchestration
- GraphQL API
- WebSocket support
We welcome contributions! See:
- GitHub Issues: Bug reports and features
- Discussions: Questions and ideas
- Discord: Real-time chat (coming soon)
MIT License - see LICENSE
Built with ❤️ for the OPNsense community