Skip to main content

MCP on Catalyst

Catalyst puts a proxy endpoint in front of every Model Context Protocol (MCP) server your agents use. Your agent points its existing MCP client at one Catalyst URL; Catalyst forwards the call to the real upstream server, injects the upstream credentials, and enforces a per-tool access policy on the way through.

Because the proxy endpoint speaks plain MCP over HTTP, off-the-shelf MCP clients and agent frameworks work unchanged — there is no Catalyst-specific MCP SDK to adopt. The agent only ever sees the Catalyst endpoint and a token; it never holds the upstream server's URL or credentials.

How it works

You register an upstream MCP server once as an MCPServer connection — from the MCP Catalog or your own URL. Catalyst exposes it on your project's HTTP endpoint at a stable path keyed by the connection name:

https://<project-http-endpoint>/v1.0/diagrid/mcp/<mcp-server-name>

The agent (the MCP client) connects to that URL and authenticates with its App ID's API token in the dapr-api-token header. Catalyst resolves the connection, applies the access policy attached to it, and — if the call is allowed — forwards it to the upstream server with the configured upstream credentials attached.

For each call, Catalyst:

  • Authenticates the caller by its App ID API token
  • Filters tool discovery (tools/list) down to the tools the caller is allowed to use
  • Rejects unauthorized tool calls (tools/call) with 403 before they reach the server
  • Injects the upstream server's credentials so they never live in agent code
  • Captures logs, metrics, and traces for the call

What you control

ConcernHow
Which upstream serverAn MCPServer connection — enabled from the catalog or declared with your own URL and transport.
Who can call which toolsAn MCPServerAccessPolicy — a deny-by-default, per-tool, per-caller allow-list managed with diagrid mcpserver access.
Upstream credentialsConfigured on the MCPServer (static headers, OAuth 2.0, or SPIFFE) and stored in your project's secret store. See Authentication.

Get started