diagrid mcpserver update
Update an MCP server's scopes, connection, or credentials
Description
Update an MCP server. Any field you set is changed; fields you omit keep their stored value. Connection fields (url, transport, timeout, headers, protocol version) and OAuth2 credentials can all be edited, and a changed --oauth2-client-secret rotates the stored credential. Use --clear-scopes or --clear-headers to reset those lists.
diagrid mcpserver update <mcpserver> [flags]
Examples
# Restrict an MCPServer to specific App IDs (replaces the scope list).
diagrid mcpserver update my-mcp --project my-project --scope agent-a --scope agent-b
# Clear scopes so every App ID can use the server again.
diagrid mcpserver update my-mcp --project my-project --clear-scopes
# Change the endpoint URL and per-call timeout.
diagrid mcpserver update my-mcp --project my-project --url https://mcp.example.com/mcp --timeout 1m
# Replace the header list (e.g. update an API key).
diagrid mcpserver update my-mcp --project my-project --header X-API-Key:new-secret
# Rotate the OAuth2 client secret (other auth fields are preserved).
diagrid mcpserver update my-mcp --project my-project --oauth2-client-secret new-secret
Options
-p, --project string Name of existing project
--scope stringArray App ID scopes (repeatable). Replaces the existing scope list; omit to leave scopes unchanged.
--clear-scopes Remove all scopes so every App ID can use the server
--url string URL for the MCP server endpoint
--transport string Transport type: streamable-http or sse
--timeout string Per-call deadline (e.g. 30s, 1m)
--header stringArray Headers in Name:Value format (repeatable). Replaces the existing header list.
--clear-headers Remove all headers
--protocol-version string MCP protocol version (e.g. "2025-06-18")
--oauth2-issuer string OAuth2 token endpoint URL
--oauth2-audience string OAuth2 audience
--oauth2-scope stringArray OAuth2 scope (repeatable). Replaces the existing OAuth2 scope list.
--oauth2-client-id string OAuth2 client identifier sent to the token endpoint
--oauth2-client-secret string OAuth2 client secret to rotate to (stored securely via transparent secret management)
--clear-auth Remove all auth (OAuth2/SPIFFE) so the server is called without credentials
-w, --wait Wait for long-running resource update to finish
-h, --help help for update
Options inherited from parent commands
--api-key string Diagrid Cloud API key
SEE ALSO
- diagrid mcpserver - Manage MCP servers