secure-rag-multi-agent

Secure Retrieval-Augmented Generation (RAG) with role-based access control using Mastra AI orchestration, with JWT Secure, also Deep Research built with Cedar & Next.js. Gemini, OpenAI, Openrouter, & Gemini CLI usable. Also exposes tools, agents as MCP Server Also A2A Agent Cards

Installation

Run this command in your terminal to add the MCP server to Claude Code.

Run in terminal:

View docs

Command

claude mcp add --transport stdio ssdeanx-secure-rag-multi-agent npx -y ssdeanx-secure-rag-multi-agent \
  --env PGHOST="localhost" \
  --env PGPORT="5432" \
  --env PGUSER="postgres" \
  --env JWT_SECRET="your-jwt-secret" \
  --env PGDATABASE="rag_db" \
  --env PGPASSWORD="password" \
  --env OPENAI_API_KEY="your-openai-api-key" \
  --env GOOGLE_GEMINI_API_KEY="your-google-gemini-api-key"

How to use

This MCP server provides a secure, multi-agent orchestration environment with Retrieval-Augmented Generation (RAG), enterprise-grade access control, and memory management through the Mastra framework. It exposes a suite of agents and workflows designed for research, content analysis, web scraping, and secure data access via MCP integration. You can launch the server using the MCP wrapper so that agent capabilities (retrieval, ranking, verification, domain-specific research, and content generation) are available to orchestrate complex multi-step tasks. Once running, you can submit queries to the system, which will route them through identity and policy checks, retrieve relevant context, rerank results, and generate final outputs with citations. The platform also includes voice-enabled interactions via Google Gemini and supports a variety of tools for data access, analysis, and reporting.

How to install

Prerequisites:

Node.js 20+ installed on the host
npm or corepack available
PostgreSQL 18+ (or a compatible database) running and accessible
Optional: Docker if you prefer containerized deployment

Installation steps:

Install Node dependencies (if you are cloning the repo locally):

npm install
Install and configure the database:

Start PostgreSQL and create the required user/database as indicated in your environment variables.
Ensure PgVector extension (or equivalent) is available if used by the RAG pipeline.

Set environment variables (example):

export OPENAI_API_KEY=your-openai-key export GOOGLE_GEMINI_API_KEY=your-gemini-key export PGHOST=localhost export PGUSER=postgres export PGPASSWORD=password export PGDATABASE=rag_db export PGPORT=5432 export JWT_SECRET=your-jwt-secret
Run the server via MCP wrapper (as configured):

npx -y ssdeanx-secure-rag-multi-agent
Optional – Run with Docker:

docker run -it --env-file .env -p 3000:3000 ssdeanx/secure-rag-multi-agent:latest
Verify installation by hitting the API routes or the web UI as documented in the repo (e.g., /api/chat, /api/indexing).

Additional notes

Tips and notes:

Ensure your API keys for OpenAI and Google Gemini are kept secret and loaded via environment variables or a secrets manager.
If you encounter memory or performance issues, tune the Mastra memory templates and ensure vector DB indices (PgVector) are optimized for your workload.
Use the RBAC and document classification features to enforce access controls across agents and datasets.
When updating, re-build or re-deploy using the same environment variables to avoid configuration drift.
If you run into connection issues with PostgreSQL, verify host, port, and credentials, and ensure the database user has the necessary privileges.