MCP

Warning

Be aware that when enabled, this endpoint does not require any authentication. Tools can be called by anyone. However, GraphQL requests still go through any configured authentication & authorization. All the headers passed by the MCP client will be forwarded to the Gateway, and handled like the headers on any other GraphQL request, including for authentication and authorization purposes. See the authentication section of the docs for more information on how to implement MCP spec compliant authentication with OAuth 2.0 protected resource metadata.

The gateway can start an MCP server endpoint with:

[mcp] enabled = true # defaults to false # Path at which to expose the MCP service path = "/mcp" # Whether mutations can be executed execute_mutations = false # Either "http-streaming" or "sse". The default is "http-streaming". transport = "http-streaming"