POST /api/v1/mcp is a hosted Model Context Protocol endpoint.
It lets a remote agent use the exact same tool surface as the local stdio MCP server
(npm run mcp) without running a local process — every call is a single request/response over
HTTP JSON-RPC. There is no SSE / streaming; the endpoint implements the streamable-HTTP basics
an agent needs: initialize, ping, tools/list, and tools/call.
POST /api/v1/mcp
Single endpoint, JSON-RPC 2.0. The HTTP method is alwaysPOST; the JSON-RPC method field
selects the operation.
Authentication
Two things are required:- RBAC — the caller must resolve to role
editororadmin(otherwise403). - Credential — the request must carry either an
X-API-Keyheader or be an internal-service call (x-user-id: system, set by middleware). A pure session cookie is rejected with403— this surface is for agents holding server credentials, because nested tool calls run with elevated privileges that a session role must not inherit.
Governance. The tool registry is built with
governed = true. Playbook tools that would
mutate data instead queue an AiRecommendation for admin / four-eyes approval rather than
writing directly. See Approvals.Rate limit
60 requests per 60 seconds per caller (fail-closed — a429 is returned when the limiter cannot
be reached).
JSON-RPC envelope
Request:Methods
initialize
Returns the server’s protocol version and capabilities.ping
Liveness check. Returns an empty object.tools/list
Lists every registered tool with its JSON-Schema input.tools/call
Invokes a tool by name.params.name selects the tool; params.arguments carries its inputs.
The authenticated tenantId is injected automatically.
result is the tool’s own MCP content payload. A handler that throws returns a
result with isError: true (not a JSON-RPC error):
notifications/initialized is accepted and answered with 202 No Content (no body).
Tool surface
The registry reuses the same registration functions as the stdio server, grouped by module: data, studio, algorithm, operations, AI, and flow tools, plus governed playbooks. Calltools/list for the live, tenant-scoped catalog — it always reflects what the calling key can do.
Error codes
| Code | Meaning | HTTP status |
|---|---|---|
-32700 | Parse error (body was not valid JSON) | 400 |
-32600 | Invalid Request (not a valid JSON-RPC 2.0 envelope) | 400 |
-32601 | Method not found | 200 |
-32602 | Invalid params (unknown tool, or arguments failed the tool’s schema) | 200 |
403 responses before
JSON-RPC dispatch.