Docs/build/mcp
Beta

MCP and agent integrations

Agents can discover and invoke permitted commerce capabilities, but cannot replace user consent, policy, or backend authorization.

Current transport

Mobazha Node exposes MCP over Streamable HTTP at /v1/mcp. GET and POST share this endpoint. Treat discovery, authentication, scopes, tool availability, and errors as properties of the connected Node version—not of this prose page.

Current authentication and scope contract

  • Every /v1/mcp request first passes the Node gateway authentication boundary.
  • The Streamable HTTP front door resolves the caller identity and requires the ai:use scope.
  • Administrator identities receive the applicable administrative scope set; API tokens must be minted with ai:use explicitly.
  • Individual tools also require their domain scopes, such as listings:read, orders:manage, wallet:read, or chat:write.
  • A tool missing its required scope must remain unavailable or return permission denied; MCP does not bypass the underlying HTTP authorization.

Non-bypassable boundaries

  • Authenticate the human, service, or agent identity appropriate to the action.
  • Request the narrowest scopes and make spend or settlement authority explicit.
  • Require confirmation where the backend or policy requires it.
  • Do not let prompt text override order state, quote terms, recipient amounts, or authorization checks.
  • Keep auditable request, approval, and result identifiers without logging secrets.

Audit and errors

The standalone server records structured MCP tool audit events with the tool name, result, duration, transport, resolved identity when available, and redacted arguments. Bridge errors preserve the API error boundary, including authentication, permission, conflict, rate-limit, and server failures.