MCP endpoint

The gateway speaks a minimal dialect of the Model Context Protocol over a single HTTP POST. Enough for Claude Code, Cursor, and other agents to discover skills through Cavalry's policy layer.

Endpoint

POST /mcp
Authorization: Bearer cav_...
Content-Type: application/json

Supported methods

initialize

{"jsonrpc":"2.0","id":1,"method":"initialize","params":{
  "protocolVersion":"2025-03-26","capabilities":{}
}}

Returns protocol version + server info + advertised capabilities.

tools/list

Returns two tools: list_skills and get_skill.

tools/call — list_skills

{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{
  "name":"list_skills",
  "arguments":{"query":"kafka","limit":25}
}}

The gateway evaluates every skill through the org's policies and drops anything that would be denied. An agent can never discover a skill via MCP that would be blocked via HTTP.

tools/call — get_skill

{"jsonrpc":"2.0","id":3,"method":"tools/call","params":{
  "name":"get_skill",
  "arguments":{"namespace":"acme","name":"kafka-wrapper"}
}}

Returns manifest summary + the policy decision. Denied skills still return with decision: "deny" so the agent can surface the reason to the user.

ping

Heartbeat; returns an empty result.

Notes

• Single POST only; SSE transport lands in a later milestone alongside streaming-heavy tools.
• Batch requests are supported — send an array of JSON-RPC requests.
• Authentication is the same Bearer token used for /v1/*. The token's org scopes what the agent sees.