MCP on Catalyst
Catalyst puts a proxy endpoint in front of every Model Context Protocol (MCP) server your agents use. Your agent points its existing MCP client at one Catalyst URL; Catalyst forwards the call to the real upstream server, injects the upstream credentials, and enforces a per-tool access policy on the way through.
Because the proxy endpoint speaks plain MCP over HTTP, off-the-shelf MCP clients and agent frameworks work unchanged — there is no Catalyst-specific MCP SDK to adopt. The agent only ever sees the Catalyst endpoint and a token; it never holds the upstream server's URL or credentials.
How it works
You register an upstream MCP server once as an MCPServer connection — from the MCP Catalog or your own URL. Catalyst exposes it on your project's HTTP endpoint at a stable path keyed by the connection name:
https://<project-http-endpoint>/v1.0/diagrid/mcp/<mcp-server-name>
The agent (the MCP client) connects to that URL and authenticates with its App ID's API token in the dapr-api-token header. Catalyst resolves the connection, applies the access policy attached to it, and — if the call is allowed — forwards it to the upstream server with the configured upstream credentials attached.
For each call, Catalyst:
- Authenticates the caller by its App ID API token
- Filters tool discovery (
tools/list) down to the tools the caller is allowed to use - Rejects unauthorized tool calls (
tools/call) with403before they reach the server - Injects the upstream server's credentials so they never live in agent code
- Captures logs, metrics, and traces for the call
What you control
| Concern | How |
|---|---|
| Which upstream server | An MCPServer connection — enabled from the catalog or declared with your own URL and transport. |
| Who can call which tools | An MCPServerAccessPolicy — a deny-by-default, per-tool, per-caller allow-list managed with diagrid mcpserver access. |
| Upstream credentials | Configured on the MCPServer (static headers, OAuth 2.0, or SPIFFE) and stored in your project's secret store. See Authentication. |