MCP Servers

External MCP servers extend InfraScout's tool catalog without touching its codebase. Anything that speaks the Model Context Protocol — a vendor server like Context7, an internal Confluence/Jira bridge, your own custom server — can be registered here, and its tools immediately become available as a tool group at chat start.

External MCP Servers tab with three registered HTTP servers (Context7, ITdesign Atlassian Rovo, Microsoft Learn) showing internal name, URL, auth headers, and allowed tools count

Layout

The page header carries the AI Integrations title and the Admin Access chip; the tab strip puts you on MCP Servers. Two header buttons sit above the list: Add Server and Refresh. The body is a card grid — one card per registered server.

A description line under the heading reminds you what registration does: "Register remote MCP servers — their tools are injected into every AI chat session."

Card contents

Each server card shows the registration metadata:

  • Server name and transport chip — for example Context7, transport HTTP.
  • Description — one-line context ("Use this server to fetch current documentation whenever the user asks about a library, framework, SDK, API, CLI...").
  • Internal name — the slug used in tool calls and audit logs (context7, itdesign_atlassian_rovo, microsoft-learn). Lowercase with underscores or hyphens; immutable once set.
  • URL — the full HTTPS endpoint of the server.
  • Auth headers — count of registered headers (typically the API key or OAuth bearer).
  • Allowed tools — count of tools the server exposes that this tenant is permitted to call.

Two action icons live at the bottom of each card: Edit (rename, change URL, rotate auth headers, edit allowlist) and Delete (revoke registration; the matching tool group disappears immediately).

Registering a new server

The Add Server dialog walks through the four fields above plus a Test Connection step. The test fires the standard MCP initialize and list_tools calls; on success, the dialog populates the Allowed tools selector with everything the server exposes so you can untick what you do not want this tenant to call.

Save the server and three things happen simultaneously: the card appears here, the tool group appears in Tool Groups, and end users see the new group in the Chat launcher on the next page load.

Allowlist behavior

The Allowed tools allowlist is enforced server-side on every call. If the registered server later adds new tools, those tools do not automatically become callable — the allowlist is closed by default. Edit the server registration to extend the list when a new tool is needed.

Audit

Every call from the AI to a registered MCP server is captured in Audit & Compliance — MCP Sessions: the calling user, the chat, the tool name, the arguments, and the response. Treat external MCP servers as you would any other privileged dependency — rotate keys regularly, narrow allowlists, and review the audit log when something unusual happens.