Remote MCP Server¶

Web-based AI platforms (ChatGPT, Claude.ai, Bedrock, Gemini Enterprise) require Salient's MCP server over HTTP. The remote MCP server provides the same 44+ tools and compiled twin resources as the local stdio server, served via Streamable HTTP with bearer token authentication.

When You Need This¶

Platform	Transport	Needs Remote?
Claude Code	stdio	No
Claude Desktop	stdio	No
Gemini CLI	stdio	No
Cursor, VS Code, Windsurf, Cline, JetBrains	stdio	No
ChatGPT	HTTP only	Yes
Claude.ai (web)	HTTP only	Yes
Gemini Enterprise	HTTP only	Yes
Amazon Bedrock	HTTP only	Yes

Endpoint¶

If you're running the production stack, the remote MCP endpoint is:

https://mcp.{your-domain}/mcp

For example: https://mcp.salient.zeroperse.com/mcp

Verify the endpoint

curl https://mcp.salient.zeroperse.com/health

Should return: {"status": "ok", "server": "salient-mcp-http", "transport": "streamable-http"}

Self-Hosted Setup¶

The remote MCP server runs as a separate container alongside the backend:

1. Generate an auth token¶

python3 -c "import secrets; print(secrets.token_hex(32))"

2. Add to your `.env`¶

MCP_AUTH_TOKEN=your-generated-token
MCP_REQUIRE_AUTH=true

3. Add DNS record¶

Point mcp.yourdomain.com to your droplet IP (Cloudflare A record, DNS only).

4. Deploy¶

make prod

The production Docker Compose includes the mcp-http service. Caddy auto-provisions TLS for the mcp. subdomain.

Architecture¶

mcp.yourdomain.com (Caddy auto-TLS)
    → MCP HTTP server (:8080, bearer auth)
        → Salient backend API (:8000)
            → SQLite + twin data

The MCP HTTP server is stateless, lightweight (128MB limit), and shares the same tools/resources as the stdio server. It forwards all tool calls to the backend API.

Authentication¶

Every request must include:

Authorization: Bearer <MCP_AUTH_TOKEN>

Clients that omit the header get 401 Unauthorized. Invalid tokens get 403 Forbidden.

Using the Endpoint¶

ChatGPTClaude.ai (web)Amazon BedrockGemini Enterprise

Developer Mode → Create App → enter https://mcp.yourdomain.com/mcp

ChatGPT setup guide

Settings → Connectors → Add custom connector → enter URL + auth

Claude.ai web uses remote MCP

AgentCore Gateway target → point to https://mcp.yourdomain.com/mcp

Bedrock setup guide

Cloud Console → custom MCP connector → enter URL

Gemini setup guide

Docker Standalone¶

If you want to run just the MCP HTTP server (without the full production stack):

docker build -t salient-mcp -f tools/mcp-ttx/Dockerfile .

docker run -d \
  -p 8080:8080 \
  -e SALIENT_API_URL=http://your-backend:8000 \
  -e MCP_AUTH_TOKEN=your-token \
  -e MCP_REQUIRE_AUTH=true \
  salient-mcp

Security¶

HTTPS is required

Never expose the MCP server over plain HTTP. Auth tokens are sent in every request header.

Use a dedicated token (not your personal JWT)
Rotate tokens regularly
Caddy provides auto-TLS — no manual cert management
The MCP server only reads from the backend — it never writes twin data to external systems
All tool calls are logged

ChatGPT Setup · Bedrock Setup · MCP Overview