MCP (Model Context Protocol)

• Inbound HTTP

  ---

  Optional embedded MCP HTTP transport, stateless by default.

• Safety

  ---

  DNS rebinding protection, host/origin allowlists, optional API key.

• Defaults

  ---

  default_top_k, default_mode for tri-brid retrieval.

Get started Configuration API

Keep Stateless

mcp.stateless_http=true is recommended; clients provide full context each call.

Allowlists

Use mcp.allowed_hosts and mcp.allowed_origins with wildcards like *:* only in development.

Auth

Set mcp.require_api_key=true and pass Authorization: Bearer $MCP_API_KEY in production.

Configuration (Selected)

Field	Default	Meaning
mcp.enabled	true	Enable embedded MCP HTTP server
mcp.mount_path	/mcp	Path prefix
mcp.stateless_http	true	Stateless handling per request
mcp.json_response	true	Prefer JSON over text
mcp.enable_dns_rebinding_protection	true	Prevent DNS rebinding
mcp.allowed_hosts	localhost:*	Allowed Host header values
mcp.allowed_origins	http://localhost:*	Allowed Origin values
mcp.require_api_key	false	Enforce API key on requests
mcp.default_top_k	20	Default top_k for search/answer tools
mcp.default_mode	tribrid	Retrieval mode when not provided

Status Endpoint

Python

import httpx
print(httpx.get("http://localhost:8000/mcp/status").json())

curl

curl -sS http://localhost:8000/mcp/status | jq .

TypeScript

const status = await (await fetch('/mcp/status')).json();

flowchart LR
    Client["MCP Client"] --> HTTP["MCP HTTP\n(mount /mcp)"]
    HTTP --> RAG["Tri-brid Retrieval"]

Legacy stdio

python_stdio_available indicates whether the stdio transport can be launched by clients (no daemon).