Skip to main content
SuperBox is a cloud-native platform combining Next.js, Go, AWS Lambda, and S3 for scalable MCP server management.

Component Architecture

Frontend (Next.js 16)

The frontend is built with Next.js 16 and React 19, providing a modern, performant user interface with server-side rendering and optimal loading times.
  • Next.js 16: App Router with Server Components
  • React 19: Latest features including Actions and improved Suspense
  • TypeScript: Type-safe development
  • Tailwind CSS 4: Utility-first styling with JIT compilation
  • Framer Motion: Smooth animations and transitions
  • ServerCard: Displays server information in grid/list views
  • ServerDetail: Full server information with tabs
  • AuthModal: Firebase authentication integration
  • PublishModal: Server publishing workflow
  • PaywallModal: Razorpay payment integration
  • SecurityReport: Visualizes security scan results

Backend (Go + Gin)

The backend API is built with Go and the Gin web framework, providing high-performance REST endpoints with minimal latency. 
// Simplified architecture
package main

import (
    "github.com/gin-gonic/gin"
    "github.com/gin-contrib/cors"
)

func main() {
    router := gin.Default()
    router.Use(cors.Default())
    
    // API v1 routes
    v1 := router.Group("/api/v1")
    {
        v1.GET("/servers", listServers)
        v1.GET("/servers/:name", getServer)
        v1.POST("/servers", authMiddleware, createServer)
        v1.PUT("/servers/:name", authMiddleware, updateServer)
        v1.DELETE("/servers/:name", authMiddleware, deleteServer)
    }
    
    router.Run(":8080")
}
  1. CORS: Cross-origin resource sharing 2. Logger: Request/response logging 3. Recovery: Panic recovery 4. Auth: Firebase token validation
  2. Rate Limiter: API rate limiting 6. Compression: Response compression

Storage Layer (S3)

Amazon S3 serves as the registry backend, storing server metadata, code bundles, and security reports.

Registry Structure

superbox-mcp-registry/
├── metadata/
│   ├── {server-name}/
│   │   ├── metadata.json
│   │   ├── security-report.json
│   │   └── tools.json
│   └── ...
├── source/
│   ├── {server-name}/
│   │   ├── {version}/
│   │   │   └── source.tar.gz
│   │   └── ...
│   └── ...
└── bundles/
    ├── {server-name}-{version}.zip
    └── ...

Metadata Schema

{
  "name": "server-name",
  "version": "1.0.0",
  "description": "...",
  "author": "...",
  "language": "python",
  "entrypoint": "main.py",
  "repository": {
    "url": "...",
    "branch": "main"
  },
  "pricing": {
    "type": "free"
  },
  "security_report": {
    "status": "passed"
  }
}

Execution Layer (AWS Lambda)

MCP servers run in isolated AWS Lambda functions, providing secure sandboxed execution with automatic scaling.
Container Image Approach:
  1. Server code is packaged into a container image
  2. Image is stored in Amazon ECR (Elastic Container Registry)
  3. Lambda function uses the container image
  4. Each execution runs in an isolated environment
Key Features:
  • 15-minute execution timeout
  • Up to 10GB memory allocation
  • Automatic scaling and load balancing
  • VPC isolation for enhanced security
  • CloudWatch logging and monitoring
Execution Flow:

Security Layer

SuperBox implements a comprehensive security pipeline with multiple scanning tools.
1

SonarCloud Analysis

  • Code quality metrics - Bug detection - Vulnerability scanning - Code smell identification - Maintainability rating
2

GitGuardian Secrets Detection

  • API key detection - Password scanning - Token identification - Certificate detection
3

Bandit Security Audit (Python)

  • Python-specific vulnerability detection - CWE (Common Weakness Enumeration) mapping - Severity and confidence ratings - Detailed issue reports

Data Flow

Server Creation Flow

Server Execution Flow

Authentication Flow

SuperBox uses Firebase Authentication with JWT token validation.

Payment Integration

Razorpay handles all payment processing for paid MCP servers.
  1. User selects a paid server 2. Frontend creates Razorpay order 3. User completes payment 4. Webhook validates payment 5. Server access is granted
  2. Transaction recorded in database
  • PCI-DSS compliant payment processing - Webhook signature verification - Idempotency keys for duplicate prevention - Encrypted payment data - Secure refund handling

Scalability & Performance

Frontend Optimization

  • Next.js ISR (Incremental Static Regeneration) - Image optimization with next/image - Code splitting and lazy loading - CDN distribution via Vercel - Aggressive caching strategies

Backend Optimization

  • Go’s concurrent processing - Connection pooling - Response caching - Gzip compression - Efficient JSON serialization

Storage Optimization

  • S3 intelligent tiering - CloudFront CDN - Transfer acceleration - Multipart uploads - Lifecycle policies

Execution Optimization

  • Lambda provisioned concurrency - Container image caching - Warm start optimization - Auto-scaling policies - Cost optimization

Monitoring & Observability

  • CloudWatch Logs: Lambda execution logs - API Logs: Request/response logging - Error Tracking: Centralized error monitoring
  • Audit Logs: Security and compliance tracking

Infrastructure as Code

SuperBox infrastructure is managed with Terraform using a modular architecture. 
# Terraform configuration for SuperBox infrastructure
terraform {
  required_version = ">= 1.0"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

# S3 bucket for MCP server registry
module "s3" {
  source = "./modules/s3"

  project_name = var.project_name
  aws_region   = var.aws_region
}

# IAM roles and policies for Lambda
module "iam" {
  source = "./modules/iam"

  project_name  = var.project_name
  s3_bucket_arn = module.s3.bucket_arn
}

# Lambda function for MCP execution
module "lambda" {
  source = "./modules/lambda"

  project_name       = var.project_name
  aws_region         = var.aws_region
  s3_bucket_name     = module.s3.bucket_name
  execution_role_arn = module.iam.lambda_role_arn
}
Key Infrastructure Components:
  • S3 Module: Creates and configures the MCP registry bucket with versioning
  • IAM Module: Manages roles and policies for Lambda execution
  • Lambda Module: Provisions containerized Lambda functions for MCP server execution
  • Region: Deployed in ap-south-1 (Mumbai) by default

Deployment Pipeline

1

Development

Local development with hot reload - Frontend: npm run dev - Backend: go run main.go
2

Testing

Automated testing and validation - Unit tests - Integration tests - E2E tests with Playwright
3

Staging

Deploy to staging environment - Preview deployments on Vercel - Backend staging on AWS - Smoke tests
4

Production

Production deployment - Blue-green deployment - Canary releases - Rollback capability - Health checks
This architecture is designed for high availability, security, and scalability, ensuring SuperBox can handle thousands of concurrent users and server executions.