Accessing internal Firebase Tools APIs on a self-hosted MCP

[ismailtosunn]

Hello Firebase team,

We want to use MCP within our company, but due to security concerns, we do not want all tools to be exposed. As a workaround, we cloned your project from GitHub and tried to make only the Crashlytics tool visible.

However, by doing this, we were unable to access the internal APIs used within MCP. Is there any support or recommended approach to bypass these technical limitations?

For reference, we implemented a similar setup with Figma MCP and were able to run it smoothly without issues.

Could you advise on a supported way to run MCP on our own server while limiting tool visibility and still having access to the necessary APIs?

Thank you for your guidance.

[joehan]

Adding @maxl0rd who's been working on those tools - he might be able to help get you set up with access to those APIs (though you'll likely need to send a request through Firebase support)

Alternatively, the MCP server out of the box support a --tools flag that takes an array of tool names and exposes just those tools. Would that be sufficient for your use case instead of forking?

[maxl0rd]

Yes, I recommend trying to run it with a flag restricting the set of tools. Note that Crashlytics tools also require the core firebase tools to also be present. But you should be able to run it without the other Firebase products.

If you don't see a path forward there, contact Firebase support and ask to be allowlisted for firebasecrashlytics.googleapis.com alpha tester access.