--- title: "MCP Gateway URL" sidebarTitle: "Gateway URL" description: "Expose Bifrost as an MCP server for Claude Desktop and other MCP clients." icon: "server" --- This feature is only available on `v1.4.0-prerelease1` and above. This feature is only available in the **Gateway** deployment. It is not available when using Bifrost as a Go SDK. ## Overview Bifrost can act as an **MCP server**, exposing all your connected MCP tools to external MCP clients like Claude Desktop, Cursor, or any other MCP-compatible application. This enables a powerful pattern: - Connect Bifrost to multiple MCP servers (filesystem, web search, databases, etc.) - Expose all those tools through a single MCP endpoint - External clients connect to Bifrost and get access to all aggregated tools ```mermaid graph TD Clients["External MCP Clients
Claude Desktop, Cursor
Custom Apps"] Gateway["Bifrost Gateway"] Endpoints["Endpoints
POST /mcp: JSON-RPC
GET /mcp: SSE Stream"] Registry["Aggregated Tool Registry
filesystem • web search
databases • custom tools"] Servers["External MCP Servers
filesystem • web-search
databases • custom"] Clients -->|MCP Protocol
HTTP/SSE| Gateway Gateway --> Endpoints Gateway --> Registry Gateway -->|MCP Protocol| Servers style Clients fill:#F3E5F5,stroke:#4A148C,stroke-width:2.5px,color:#1A1A1A style Gateway fill:#E8F5E9,stroke:#1B5E20,stroke-width:2.5px,color:#1A1A1A style Endpoints fill:#E3F2FD,stroke:#0D47A1,stroke-width:2.5px,color:#1A1A1A style Registry fill:#FFF3E0,stroke:#BF360C,stroke-width:2.5px,color:#1A1A1A style Servers fill:#FFFDE7,stroke:#F57F17,stroke-width:2.5px,color:#1A1A1A ``` --- ## Endpoints | Endpoint | Method | Purpose | |----------|--------|---------| | `/mcp` | POST | JSON-RPC 2.0 messages for tool discovery and execution | | `/mcp` | GET | Server-Sent Events (SSE) for persistent connections | ### POST /mcp (JSON-RPC) Handle JSON-RPC 2.0 messages for tool listing and execution: ```bash # List available tools curl -X POST http://localhost:8080/mcp \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": 1, "method": "tools/list" }' # Call a tool curl -X POST http://localhost:8080/mcp \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": 2, "method": "tools/call", "params": { "name": "filesystem_read_file", "arguments": { "path": "/tmp/test.txt" } } }' ``` ### GET /mcp (SSE) Establish a persistent SSE connection for real-time communication: ```bash curl -N http://localhost:8080/mcp \ -H "Accept: text/event-stream" ``` The SSE endpoint sends: - `connection/opened` message on connect - Keeps connection alive until client disconnects --- ## External MCP Client Integration The `/mcp` endpoint supports any MCP-compatible client that can communicate via HTTP or SSE: - **Claude Desktop** - macOS and Windows desktop application - **Cursor** - IDE with MCP support - **Custom Applications** - Any app implementing the MCP protocol - **Browser Extensions** - Tools with MCP client capability To connect an external MCP client, configure it to connect to: ``` http://your-bifrost-gateway/mcp ``` Include any required Virtual Key authentication headers if governance is enabled. --- ## Virtual Key Authentication Bifrost supports per-Virtual Key MCP servers, allowing you to expose different tools to different clients. ### Global Server (No Virtual Key) When `enforce_auth_on_inference` is `false`, requests without a Virtual Key use the global MCP server with all available tools. ### Virtual Key-Specific Servers When using Virtual Keys, each VK gets its own MCP server with filtered tools based on its configuration. **Authenticate with Virtual Key:** ```bash # Via Authorization header curl -X POST http://localhost:8080/mcp \ -H "Authorization: Bearer vk_your_virtual_key" \ -H "Content-Type: application/json" \ -d '{"jsonrpc": "2.0", "id": 1, "method": "tools/list"}' # Via X-Api-Key header curl -X POST http://localhost:8080/mcp \ -H "X-Api-Key: vk_your_virtual_key" \ -H "Content-Type: application/json" \ -d '{"jsonrpc": "2.0", "id": 1, "method": "tools/list"}' # Via x-bf-virtual-key header curl -X POST http://localhost:8080/mcp \ -H "x-bf-virtual-key: vk_your_virtual_key" \ -H "Content-Type: application/json" \ -d '{"jsonrpc": "2.0", "id": 1, "method": "tools/list"}' ``` **Claude Desktop with Virtual Key:** ```json { "mcpServers": { "bifrost-production": { "url": "http://localhost:8080/mcp", "headers": { "Authorization": "Bearer vk_your_production_key" } }, "bifrost-development": { "url": "http://localhost:8080/mcp", "headers": { "Authorization": "Bearer vk_your_development_key" } } } } ``` --- ## Tool Filtering for MCP Clients Control which tools are exposed to MCP clients using Virtual Keys: ### Per-Virtual Key Tool Access Configure which tools each Virtual Key can access: ```json { "governance": { "virtual_keys": [ { "name": "production-key", "mcp_configs": [ { "mcp_client_name": "filesystem", "tools_to_execute": ["read_file", "list_directory"] }, { "mcp_client_name": "web_search", "tools_to_execute": ["*"] } ] }, { "name": "admin-key", "mcp_configs": [ { "mcp_client_name": "filesystem", "tools_to_execute": ["*"] }, { "mcp_client_name": "database", "tools_to_execute": ["*"] } ] } ] } } ``` Learn more about Virtual Key tool filtering in [MCP Tool Filtering](../features/governance/mcp-tools). --- ## Advanced Gateway Features ### Health Monitoring Bifrost automatically monitors the health of connected MCP clients: **How it works:** - **Ping Mechanism:** Every 10 seconds (configurable), sends a ping to each connected client - **Check Timeout:** Each ping has a 5-second timeout - **Failure Threshold:** After 5 consecutive failed pings, client is marked as `disconnected` - **State Tracking:** Real-time state updates (connected ↔ disconnected) - **Manual Reconnection:** Once disconnected, requires manual reconnect via API or UI **Configuration:** ```json { "mcp": { "health_monitor_config": { "check_interval": "10s", "check_timeout": "5s", "max_consecutive_failures": 5 } } } ``` When a client is disconnected after 5 consecutive failed health checks, tools from that client become unavailable. You can manually reconnect using the API or Go SDK: **Gateway API:** ```bash POST /api/mcp/client/{id}/reconnect ``` **Go SDK:** ```go // Reconnect a disconnected MCP client err := client.ReconnectMCPClient(context.Background(), clientID) if err != nil { // Handle reconnection error log.Printf("Failed to reconnect client: %v", err) } ``` ### Request ID Tracking For Agent Mode operations, Bifrost can track intermediate tool executions: ```go mcpConfig := &schemas.MCPConfig{ FetchNewRequestIDFunc: func(ctx context.Context) string { // Generate unique ID per agent iteration return fmt.Sprintf("agent-%s-%d", ctx.Value("original-id"), time.Now().UnixMilli()) }, } ``` This enables detailed audit trails for autonomous tool execution. ### Dynamic Tool Discovery Tools are discovered from MCP servers during: 1. **Client Connection** - Initial ListTools request 2. **Runtime Updates** - When server tool list changes 3. **Configuration Changes** - When tools_to_execute is updated The MCP Server dynamically updates its tool registry from the tool manager. --- ## Per-User OAuth for MCP Clients When at least one MCP server is configured with `per_user_oauth`, the `/mcp` endpoint automatically advertises OAuth support via standard discovery headers. OAuth-capable MCP clients (Claude Code, Cursor, and others) detect this automatically — no manual configuration is needed on the client side. When an unauthenticated client connects, Bifrost responds with a `401` that points to the discovery endpoints: ``` WWW-Authenticate: Bearer resource_metadata="https://your-bifrost-domain/.well-known/oauth-protected-resource" ``` The client then fetches the OAuth metadata and kicks off a consent flow where the user can attach an identity and connect their upstream services. Subsequent requests use a Bifrost-issued session token as the Bearer credential. See [Per-User OAuth →](./per-user-oauth) for the full flow and identity options. --- ## Security Considerations The MCP Gateway exposes tools to external clients. Consider these security measures: ### 1. Enable Virtual Key Enforcement Always enable `enforce_auth_on_inference` in production: ```json { "client": { "enforce_auth_on_inference": true } } ``` This ensures all MCP requests require a valid Virtual Key. ### 2. Use HTTPS Deploy Bifrost behind a reverse proxy (nginx, Cloudflare, etc.) with TLS enabled: ``` MCP Client → HTTPS → Reverse Proxy → HTTP → Bifrost Gateway ``` ### 3. Limit Tool Access Use Virtual Keys to limit which tools each client can access. Follow the principle of least privilege. ### 4. Network Restrictions Consider network-level restrictions to limit which IPs can access the MCP endpoint. --- ## Troubleshooting 1. Verify the URL is correct and Bifrost is running 2. Check if Bifrost is accessible from Claude Desktop's network 3. Restart Claude Desktop after configuration changes 4. Check Bifrost logs for connection attempts 1. Verify MCP clients are connected in Bifrost 2. Check that `tools_to_execute` includes the expected tools 3. If using Virtual Keys, verify the VK has MCP tool access configured 1. Ensure the Virtual Key exists and is active 2. Check the header format (Bearer prefix for Authorization) 3. Verify `enforce_auth_on_inference` setting matches your setup --- ## Next Steps Control which tools are available per request Configure per-VK tool access