MCP

Not production-ready

Be aware that when enabled, this endpoint does not require any authentication. Tools can be called by anyone. However, GraphQL requests still go through any configured authentication & authorization. Furthermore there is no header forwarding of any form, so any headers your subgraph expect should be hardcoded with a header rule.

The gateway can start an MCP server endpoint with:

[mcp] enabled = true # defaults to false # Path at which to expose the MCP service path = "/mcp" # Whether mutations can be executed execute_mutations = false