Skip to content
Documentation
MCP proxy
Request flow

Request flow

For tools/call the server generally:

  1. Resolves the proxy key to agent, member, and dashboard user identifiers.
  2. Checks agent enabled state, membership approval, and that the target service is allowed and connected.
  3. Builds a Cedar resource from adapter metadata (mapResource) and optional cached entity attributes (entity-cache, GitHub installation scope when applicable).
  4. Loads structured policies (agent-wide or per-member), compiles them, and evaluates with WASM Cedar (cedar-engine.ts).
  5. Updates the tool-session counters used for session-based policy rules.
  6. Writes an audit record with redacted arguments where applicable (maskToolArgs).
  7. Forwards the JSON-RPC payload to the upstream MCP endpoint configured for that connector.

Denials return MCP-friendly JSON-RPC errors; exact shapes follow Nitro error helpers in server/error.ts.

Overview