hostfunc

MCP

MCP endpoint is available at /api/mcp with API-token auth, rate limiting, and tool-call audit logging.

Step-by-Step Guide

1.Endpoint and auth

MCP traffic is served at /api/mcp and requires bearer API token auth.

  • Send Authorization: Bearer <api-token> with each request.
  • Tokens are validated against hashed token records and expiry checks.

2.Supported protocol methods

Current endpoint supports these JSON-RPC methods.

  • initialize
  • tools/list
  • tools/call
  • ping

3.Available tools

Tool names currently implemented in hostfunc MCP handlers.

  • functions.list, functions.get, functions.execute
  • executions.list, executions.get, executions.logs

4.Operational controls

MCP requests are protected with origin policy checks, rate limits, and tool-call audit rows.

  • Rate limit is enforced per token id.
  • Origin checks apply only when MCP_ALLOWED_ORIGINS is configured.
  • Tool calls are recorded for observability and compliance workflows.

5.Client config example

Example MCP client configuration using mcp-remote.

json
{  "mcpServers": {    "hostfunc": {      "command": "npx",      "args": [        "-y",        "mcp-remote",        "http://localhost:3000/api/mcp",        "--header",        "Authorization: Bearer <api-token>"      ]    }  }}

Related Documentation

Security
CLI