MCP server that turns Kimi K2.5 Turbo into an agentic coding assistant. The model gets a tool loop — it can read/write files, run shell commands, and search code with ripgrep, ast-grep, jq, and glob — and iterates autonomously until the task is done.
Three tools exposed over MCP:
| Tool | Capabilities | Use case |
|---|---|---|
firepass_worker |
read, write, edit, bash, ripgrep, ast-grep, jq, glob, tree | Coding, refactoring, bug fixes |
firepass_researcher |
read, ripgrep, ast-grep, jq, glob, tree (read-only) | Code analysis, architecture review |
firepass_reviewer |
read, ripgrep, ast-grep, jq, glob, tree (read-only) | Code review with structured output |
- Python 3.10+
- A Fireworks AI API key
rg(ripgrep),sg(ast-grep),jq,treeon PATH for full tool coveragebash,ls(standard on POSIX systems)
uvx firepass-mcpSet your API key:
export FIREWORKS_API_KEY="fw-..."Add the server with:
codex mcp add firepass --env FIREWORKS_API_KEY=fw-... -- uv run firepass-mcpThis writes a config like:
[mcp_servers.firepass]
command = "uv"
args = ["run", "firepass-mcp"]
[mcp_servers.firepass.env]
FIREWORKS_API_KEY = "fw-..."Add the server with:
claude mcp add -e FIREWORKS_API_KEY=fw-... firepass -- uv run firepass-mcpThis writes a config like:
{
"mcpServers": {
"firepass": {
"type": "stdio",
"command": "uv",
"args": ["run", "firepass-mcp"],
"env": {
"FIREWORKS_API_KEY": "fw-..."
}
}
}
}If your client reads MCP JSON directly, use:
{
"mcpServers": {
"firepass": {
"command": "uvx",
"args": ["firepass-mcp"],
"env": {
"FIREWORKS_API_KEY": "fw-..."
}
}
}
}| Variable | Default | Description |
|---|---|---|
FIREWORKS_API_KEY |
(required) | Fireworks AI API key |
FIREPASS_MODEL |
accounts/fireworks/routers/kimi-k2p5-turbo |
Model ID |
FIREPASS_BASH_TIMEOUT |
60 |
Shell command timeout (seconds) |
FIREPASS_MAX_OUTPUT |
50000 |
Max chars per tool result |
FIREPASS_MAX_READ |
100000 |
Max chars per file read |
- You call
firepass_worker,firepass_researcher, orfirepass_reviewerwith a prompt and a requiredcwd - The server sends the prompt to Kimi K2.5 Turbo with function-calling enabled
- The model explores the codebase, makes edits, runs tests, and iterates
- When done, it calls
done()with an executive summary - The summary (plus an activity log) is returned as the tool result
All roles get 60 iterations by default, configurable per call.
All file operations (read_file, write_file, edit_file, glob_find, ripgrep, ast_grep, jq, tree, list_dir) are sandboxed to the required cwd you provide. Paths are resolved and validated against the working directory before any I/O.
The researcher and reviewer are read-only — bash, write_file, and edit_file are blocked both at the API schema level (model never sees them) and at runtime (server rejects them even if hallucinated). Dangerous ripgrep flags (--pre, --replace, -z) are also blocked.
The worker has full access including bash. It is not sandboxed at the command level — treat it like giving shell access to a remote developer scoped to your project directory.
Limits:
- File writes capped at 1 MB per operation
- File reads capped at 100K characters
- Tool output capped at 50K characters
- Context budget of 200K characters (old tool results truncated when exceeded)
- Configurable iteration limits (default 60 for all roles)
MIT