Skip to main content

MCP (Model Context Protocol) Overview

The Zen Mesh MCP server provides programmatic read-only access to platform data through the Model Context Protocol. It is designed for AI agents, operators, and internal tooling.

Current Status

  • Server: Implemented at src/saas/mcp/ in zen-platform-hermes
  • Surface: Read-only operational truth (13 tools)
  • Admin tools: API key management (2 tools, not on default surface)
  • Authentication: MCP API key (mcp_ prefix)
  • Deployment: K8s deployment available (disabled in sandbox, P098)
  • Not production-live

Tool Surface

The MCP server exposes two tool categories:

CategoryCountAccess
Read-only operational truth13Default surface
Admin/mutation2Requires explicit auth elevation

See MCP Tools Reference for full tool descriptions and schemas.

Draft System

The MCP Draft System enables agents to propose infrastructure changes as drafts that require human review and approval before taking effect. Agents can create endpoint drafts; apply is exclusively human. This extends MCP beyond pure read-only while preserving a human-in-the-loop governance model.

Use Cases

  • AI agents: Query delivery status, list webhooks, check evidence
  • Operators: Get runtime convergence proofs, trust lifecycle status
  • Integrations: Automate webhook health checks and delivery verification

Connections

  • Backend: Real HTTP calls to zen-back (no mock data)
  • Auth: MCP API key validated at MCP handler + zen-back scope middleware
  • Audit: All tool calls are logged with tool name, scope, and parameters

Non-Claims

  • Not production-live — sandbox disabled per P098
  • Evidence tools are read-only — no mutating operations on default surface
  • Merkle receipts are integrity-only — not auth, identity, encryption, or delivery guarantee
  • No compliance certification via MCP