MCP Marketplace
BrowseHow It WorksFor CreatorsDocs
Sign inSign up
MCP Marketplace

The curated, security-first marketplace for AI tools.

Product

Browse ToolsSubmit a ToolDocumentationHow It WorksBlogFAQ

Legal

Terms of ServicePrivacy PolicyCommunity Guidelines

Connect

support@mcp-marketplace.ioTwitter / XDiscord

MCP Marketplace © 2026. All rights reserved.

Back to Browse

Front MCP Server

by Wearehoust
Developer ToolsLow Risk10.0MCP RegistryLocal
Free

Server data from the Official MCP Registry

MCP server for Front: conversations, contacts, messages, tags, and inbox workflows.

About

MCP server for Front: conversations, contacts, messages, tags, and inbox workflows.

Security Report

10.0
Low Risk10.0Low Risk

Valid MCP server (1 strong, 1 medium validity signals). 1 code issue detected. No known CVEs in dependencies. Package registry verified. Imported from the Official MCP Registry. 1 finding(s) downgraded by scanner intelligence.

4 files analyzed · 2 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

Shell Command Execution

Runs commands on your machine. Be cautious — only use if you trust this plugin.

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-wearehoust-front-mcp": {
      "args": [
        "-y",
        "@houst-com/front-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

Front MCP

CI npm License: MIT Node TypeScript MCP Front API

Use Front from any MCP-compatible client. Search conversations, manage contacts, send messages, tag, assign, and automate inbox workflows — 26 tools, 172 actions.

Quick Start

  1. Get a Front API token from Settings > Developers > API tokens.

  2. Add to your Claude Code settings (~/.claude/settings.json):

{
  "mcpServers": {
    "front": {
      "command": "npx",
      "args": ["-y", "@houst-com/front-mcp"],
      "env": {
        "FRONT_API_TOKEN": "your-front-api-token"
      }
    }
  }
}
  1. Start Claude Code. The Front tools are now available.

Example Workflows

Search for a conversation:

"Search Front conversations about billing issues"

Inspect a thread:

"Get the messages in conversation cnv_abc123"

Manage contacts:

"List contacts and find the one with email alice@example.com"

Tag and assign:

"Tag conversation cnv_abc123 with 'urgent' and assign it to teammate tea_xyz"

Draft a reply:

"Create a draft reply to conversation cnv_abc123 saying we'll follow up tomorrow"

OAuth Setup (Recommended)

OAuth provides automatic token refresh and better security than API tokens.

  1. Create a Front app at Settings > Developers > OAuth apps.
  2. Set the redirect URI to https://localhost:9876/callback.
  3. Enable the resource permissions your MCP server needs (Read, Write, Delete, Send).
  4. Save the app — copy the Client ID from the OAuth feature (not the App secret from Settings).
  5. Create ~/.front-mcp/config.json:
{
  "auth": {
    "method": "oauth",
    "oauth": {
      "client_id": "your-client-id",
      "client_secret_env": "FRONT_MCP_OAUTH_SECRET",
      "redirect_port": 9876,
      "scopes": []
    }
  }
}
  1. Configure Claude Code:
{
  "mcpServers": {
    "front": {
      "command": "npx",
      "args": ["-y", "@houst-com/front-mcp"],
      "env": {
        "FRONT_MCP_AUTH_METHOD": "oauth",
        "FRONT_MCP_OAUTH_SECRET": "your-oauth-client-secret"
      }
    }
  }
}
  1. Run npx @houst-com/front-mcp auth to authenticate (opens browser).
  2. Tokens are encrypted and stored locally (AES-256-GCM, 0600 permissions).

Auth CLI

front-mcp auth            # Start OAuth flow
front-mcp auth --status   # Check auth state (no token values shown)
front-mcp auth --clear    # Remove stored tokens
front-mcp --version       # Show version
front-mcp --help          # Show usage

Front Permissions

The MCP server needs Front API permissions matching the actions you want to use:

PermissionRequired for
ReadAll list/get/search actions
Writecreate, update, assign, add, merge, reply
Deletedelete, remove actions
Sendmessages.create, messages.reply

For OAuth, configure these in your Front app under Features > OAuth > Resource permissions. For API tokens, permissions are set when creating the token.

Tools Reference

ToolActions
accountslist, get, create, update, delete, list_contacts, add_contact, remove_contact
analyticscreate_export, get_export, create_report, get_report
channelslist, get, update, validate, create, list_for_teammate, list_for_team
commentslist, get, create, update, list_mentions, reply
contact_groupslist, create, delete, list_contacts, add_contacts, remove_contacts
contact_listslist, create, delete, list_contacts, add_contacts, remove_contacts
contact_noteslist, create
contactslist, get, create, update, delete, merge, list_conversations, add_handle, remove_handle
conversationslist, get, search, create, update, delete, assign, list_events, list_followers, add_followers, remove_followers, list_inboxes, add_link, remove_links, list_messages, update_reminders, add_tag, remove_tag
custom_fieldslist_for_accounts, list_for_contacts, list_for_conversations, list_for_inboxes, list_for_links, list_for_teammates
draftslist, create, create_reply, update, delete
eventslist, get
inboxeslist, get, create, list_channels, list_conversations, list_access, grant_access, revoke_access
knowledge_baseslist, get, create, update, list_categories, list_articles, get_article, create_article, update_article, delete_article, get_category, create_category, update_category, delete_category
linkslist, get, create, update, list_conversations
message_template_folderslist, get, create, update, delete, list_children, create_child
message_templateslist, get, create, update, delete
messagesget, create, reply, import, receive_custom, get_seen_status, mark_seen
ruleslist, get, list_for_teammate, list_for_team
shiftslist, get, create, update, list_teammates, add_teammates, remove_teammates
signatureslist, get, update, delete, create_for_teammate, create_for_team
tagslist, get, create, update, delete, list_children, create_child, list_conversations
teammate_groupslist, get, create, update, delete, list_inboxes, add_inboxes, remove_inboxes, list_teammates, add_teammates, remove_teammates, list_teams, add_teams, remove_teams
teammateslist, get, update, list_conversations, list_inboxes
teamslist, get, add_teammates, remove_teammates
token_identityget

See docs/TOOL_REFERENCE.md for the complete reference with policy tiers per action.

Policy Engine

Every action is classified into a tier with a default decision:

TierDefaultExamples
readallowlist, get, search
writeconfirmcreate, update, assign
destructivedenydelete, remove

Write actions require a two-step confirmation: the first call returns a prompt, the second call with confirm: true executes. Destructive actions are denied by default.

Custom Policy

Create ~/.front-mcp/policy.json:

{
  "defaults": {
    "read": "allow",
    "write": "allow",
    "destructive": "confirm"
  },
  "overrides": [
    { "tool": "conversations", "action": "delete", "decision": "deny" },
    { "tool": "tags", "action": "*", "decision": "allow" }
  ]
}

Override precedence: specific action > tool wildcard > tier default.

Security Model

  • HTTPS enforced — no HTTP fallback, ever
  • Token encryption — AES-256-GCM with PBKDF2 key derivation
  • File permissions — token file is 0600 (owner read/write only)
  • Output sanitization — configurable field redaction before LLM sees data
  • Log redaction — sensitive fields redacted from all log output
  • Policy engine — destructive actions denied by default, write actions require confirmation
  • No secrets in stdout — stdout is reserved for MCP protocol only
  • Minimal dependencies — native fetch, Node.js crypto, pinned exact versions

Environment Variables

VariableRequiredDescription
FRONT_API_TOKENYes (unless OAuth)Front API token
FRONT_MCP_AUTH_METHODNooauth or api_token (default: api_token)
FRONT_MCP_OAUTH_SECRETYes (if OAuth)OAuth client secret
FRONT_MCP_LOG_LEVELNoerror, warn, info, debug (default: info)
FRONT_MCP_POLICY_FILENoPath to custom policy JSON file

Limitations

  • stdio transport only — no HTTP/SSE transport in v1 (planned for future)
  • Single Front account — one account per server instance
  • No webhook support — outbound API calls only, no inbound event processing
  • No caching — every request hits the Front API (relies on Front's freshness)
  • Attachments — file upload/download not supported in v1
  • Application channels — channel-specific message sync endpoints not supported

Development

git clone https://github.com/wearehoust/front-mcp.git
cd front-mcp
npm install
npm test          # 519 tests
npm run lint      # ESLint strict
npm run type-check # TypeScript strict
npm run build     # Compile to dist/

Testing

npm test              # Unit + integration tests
npm run test:watch    # Watch mode
npm run test:coverage # Coverage report
npm run smoke         # Smoke test (builds, starts, verifies 26 tools)

The project includes 519 unit/integration tests and a 172-action live API test script (scripts/live-test-full.js).

Release Process

  1. Update version in package.json and server.json
  2. Update CHANGELOG.md
  3. Commit: git commit -m "chore: release vX.Y.Z"
  4. Tag: git tag vX.Y.Z
  5. Push: git push origin main --tags
  6. GitHub Actions publishes to npm (requires NPM_TOKEN secret)
  7. Publish to MCP Registry: mcp-publisher publish

Security

See SECURITY.md for vulnerability reporting.

Contributing

See CONTRIBUTING.md for setup, code standards, and PR process.

License

MIT

Reviews

No reviews yet

Be the first to review this server!

0

installs

New

no ratings yet

Is this your server?

Claim ownership to manage your listing, respond to reviews, and track installs from your dashboard.

Claim with GitHub

Sign up with the GitHub account that owns this repo

Links

Source Codenpm Package

Details

Published April 3, 2026
Version 1.0.1
0 installs
Local Plugin

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

80.0K
Stars
6
Installs
6.5
Security
No ratings yet
Local

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

137
Stars
533
Installs
8.0
Security
4.8
Local

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

-
Stars
80
Installs
10.0
Security
4.6
Local

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

156.1K
Stars
45
Installs
6.0
Security
5.0
Local

MCP Marketplace

Free

by mcp-marketplace · Developer Tools

Search and install MCP servers from inside your AI client.

-
Stars
30
Installs
10.0
Security
5.0
Remote

FinAgent

Free

by mcp-marketplace · Finance

Free stock data and market news for any MCP-compatible AI assistant.

-
Stars
25
Installs
10.0
Security
No ratings yet
Local