Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.truefoundry.com/llms.txt

Use this file to discover all available pages before exploring further.

MCP servers are how your agent reaches real systems: SaaS apps, internal APIs, data platforms, ticketing tools, and infrastructure controls. In Agent Harness, MCP connectivity is fully managed through TrueFoundry MCP Gateway. Authentication, access control, guardrails, and observability are centralized — developers building agents never paste API keys or manage per-server credentials.

Why this matters

In other agent platforms, you must register MCP servers with credential headers per agent or per workspace, and developers handle OAuth tokens or API keys directly:
  • Claude Managed Agents — register MCP servers with vault credentials per workspace. Developers manage vault IDs and credential matching by URL.
  • LangSmith Managed Deep Agents — register MCP servers via API with headers arrays containing raw bearer tokens.
In TrueFoundry, MCP servers are registered once in the MCP Gateway. Agents reference servers by name — the gateway handles auth, token refresh, and user delegation automatically.

Gateway-managed MCP access

ConcernHow TrueFoundry handles it
Server credentialsStored in MCP Gateway. Agents never see tokens or keys.
User-scoped auth (OAuth)Gateway manages per-user OAuth flows, stores and refreshes tokens.
Who can use which servers/toolsRBAC — assign MCP server access to teams, users, or agents.
Tool-level restrictionsEnable/disable individual tools per agent. Exclude destructive tools.
GuardrailsPre-execution and post-execution checks on tool inputs/outputs.
Approval gatesTools marked destructive automatically pause for user confirmation.
ObservabilityEvery tool call traced with inputs, outputs, latency, and attribution.
Platform teams configure MCP servers and policies once. Agent builders just pick servers from a governed catalog — no credential plumbing required.

How MCP works in Agent Harness

When an agent run needs a tool:
  1. The harness discovers tools from connected MCP servers.
  2. The MCP Gateway checks user/team permissions.
  3. The gateway applies stored credentials (user-scoped OAuth or service-level tokens).
  4. The tool is invoked, traced, and results flow back into the agent context.

Server and tool selection

  • Attach only the MCP servers an agent needs
  • Enable only specific tools required for a use case
  • Exclude sensitive or destructive tools from the agent’s tool surface
  • Use virtual MCP servers to curate and expose a controlled subset of tools
This reduces risk and improves tool-call quality by minimizing irrelevant choices.

Preload Skill / MCP tools into agent context

For each MCP server, you can configure Preload Skill / MCP tools into agent context. When disabled for an MCP server:
  • Tool details are not loaded upfront in the agent’s context.
  • The agent dynamically discovers available tools at runtime.
This reduces initial context usage and is useful for large tool catalogs. If you need faster first-tool execution for small, frequently used toolsets, preload can be enabled. See Deferred Tool Loading for the detailed flow.

In-chat authentication

If a user has not yet authenticated to a required MCP server, the agent chat experience prompts authentication inline — the user clicks “Connect”, completes the OAuth flow, and continues the conversation without leaving the chat.
Agent chat interface showing MCP authentication required for Slack, with a connect button and continue flow inside the conversation
No credential handling in code, no token pasting, no interruption to the workflow.

Safety controls

  • Mark destructive or non-read-only tools for approval workflows
  • Require explicit human confirmation before high-impact actions
  • Apply MCP guardrails and gateway policies before and after tool execution
See Human in the Loop and MCP Guardrails.

Operational visibility

MCP tool calls are part of end-to-end agent tracing:
  • Which server and tool were used
  • Inputs and outputs (subject to policy/redaction)
  • Latency and error patterns
  • User/team attribution and cost impact
For the full MCP Gateway architecture, see TrueFoundry MCP Gateway.

Benchmarking and reliability insights

Server-level benchmarking and comparative MCP reliability analytics are being expanded. This will include side-by-side latency, success-rate, and quality benchmarks across MCP servers and toolsets as these capabilities become generally available.