TrueFoundry MCP server - TrueFoundry Docs

The TrueFoundry MCP server exposes your platform as a set of tools that any MCP-compatible agent can call.

Server URL: https://<CONTROL_PLANE_URL>/api/svc/mcp
Auth: TrueFoundry API key as a Bearer token
Transport: Streamable HTTP

All actions run as the authenticated user. The server enforces the same RBAC as the dashboard and CLI.

When using the MCP server directly, you get the raw tools without the diff previews or approval flows available in Ask AI Agent. You can still pair it with TrueFoundry skills in any agent that supports the Agent Skills standard.

Authentication

Generate an API key from Settings > API Keys in the TrueFoundry dashboard.

Tools

Resource management

Tool	Read / Write	Description
`apply_manifest`	Write	Apply a manifest to create or update a resource.
`delete_manifest`	Write	Delete a resource identified by the provided manifest.
`validate_manifest`	Read	Validate a manifest object against the schema for the given type.
`get_manifest_json_schema`	Read	Get the JSON schema for the specified manifest type.

AI Gateway

Tool	Read / Write	Description
`generate_multi_lang_code_snippets`	Read	Generate code snippets for calling an AI Gateway model.
`gateway_execute_sql`	Read	Query AI Gateway observability data using SQL.
`get_gateway_config`	Read	Get the AI Gateway configuration for a given type.
`get_budget_usage`	Read	Get the current budget usage for every budget rule configured in the tenant.
`list_data_routing_destinations`	Read	List data routing destination names for the current tenant.
`list_mcp_servers`	Read	List MCP servers for the current tenant.
`get_mcp_server`	Read	Get a single MCP server by its ID.
`delete_mcp_server`	Write	Permanently delete an MCP server by ID.
`list_mcp_server_tools`	Read	List the tools available on a given MCP server.
`list_mcp_catalogue`	Read	Returns the TFY-managed MCP server catalogue and the MCP integrations catalogue.
`get_mcp_server_oauth_config`	Read	Get the OAuth authorization server configuration for an MCP server URL.

Provider accounts

Tool	Read / Write	Description
`list_providers`	Read	List all provider types along with their supported integrations, models, and model types.
`list_provider_accounts`	Read	List provider accounts the caller can read.
`get_provider_account`	Read	Get a single provider account by its ID.

Secrets

Tool	Read / Write	Description
`list_secrets`	Read	List secrets the caller has access to.
`delete_secret`	Write	Delete a secret and all its versions permanently.
`list_secret_groups`	Read	List secret groups along with associated secrets. Secret values are not included.
`get_secret_group`	Read	Get a secret group by ID.
`list_secret_active_deployments`	Read	Get active deployments associated with the given secret IDs.
`get_secret_deployments`	Read	List active deployments that reference a specific secret.

Identity and user management

Tool	Read / Write	Description
`get_me`	Read	Returns the identity and role information of the currently authenticated user or service account.
`list_users`	Read	List users in the current tenant.
`get_user`	Read	Get a single user by their ID.
`delete_user`	Write	Permanently delete a user by ID.
`check_user_registration`	Read	Check whether a user with the given email is registered in the current tenant.

Teams

Tool	Read / Write	Description
`list_teams_for_user`	Read	List teams accessible to the current user.
`get_team`	Read	Get a single team by its ID.
`list_team_members`	Read	List users who are members of a team.
`list_team_managers`	Read	List users who hold the team-manager role on a team.
`get_team_permissions`	Read	Get all role bindings associated with a team.
`delete_team`	Write	Permanently delete a team.

Roles and access control

Tool	Read / Write	Description
`list_roles`	Read	List roles for the current tenant.
`delete_role`	Write	Permanently delete a role.
`get_actions_for_resource_type`	Read	Get all permission actions available for a given resource type.

Virtual accounts and tokens

Tool	Read / Write	Description
`list_virtual_accounts`	Read	List virtual accounts accessible to the current user.
`get_virtual_account`	Read	Get a single virtual account by its ID.
`check_virtual_account_exists`	Read	Check whether a virtual account with the given name exists.
`delete_virtual_account`	Write	Permanently delete a virtual account.
`list_personal_access_tokens`	Read	List personal access tokens created by the current user.
`create_personal_access_token`	Write	Create a new personal access token for the current user.
`check_personal_access_token_exists`	Read	Check whether a personal access token with the given name exists.
`delete_personal_access_token`	Write	Permanently delete a personal access token.

Platform configuration

Tool	Read / Write	Description
`list_settings`	Read	List all settings configured for the tenant.

Tool annotations

Every tool carries MCP annotations:

Annotation	Meaning
`readOnlyHint: true`	Only reads data. Safe to call without confirmation.
`destructiveHint: true`	Creates, updates, or deletes a resource. Human confirmation recommended.

​Authentication

​Tools

​Resource management

​AI Gateway

​Provider accounts

​Secrets

​Identity and user management

​Teams

​Roles and access control

​Virtual accounts and tokens

​Platform configuration

​Tool annotations

Authentication

Tools

Resource management

AI Gateway

Provider accounts

Secrets

Identity and user management

Teams

Roles and access control

Virtual accounts and tokens

Platform configuration

Tool annotations