Skip to Content

Add an MCP server

A remote MCP server can be governed just like any other platform. Once you add it, its tools become grantable scopes, and your agents reach it only through AgentValet. For the concepts behind this, see MCP servers as platforms.

Open the Add-server dialog

Go to Platforms in the sidebar. At the top right, click + Add MCP server. A dialog titled Add MCP server opens.

You will see two tabs: Paste config and Manual.

For an OAuth-protected server, use the Manual tab. The paste-config tab does not detect OAuth and will send you down the static-secret path instead.

Enter the server

On the Manual tab, fill in:

  • MCP server URL (for example https://mcp.example.com/mcp)
  • Display name (optional)

Click Continue. AgentValet probes the server to discover its tools and how it authenticates.

If the server uses OAuth

When the probe detects OAuth, the dialog moves to an authorization step:

  1. Under Which agent?, choose the agent that should be authorized. Only active agents appear here; if you have none, create one first.
  2. Click Authorize. Your browser is sent to the provider’s own consent screen.
  3. Approve on the provider’s screen. You are returned to the Platforms page.

On a successful return you will see the toast “MCP server connected. Grant its tools to the agent from its detail page.” The agent now has its own token for that server, stored in the vault.

A few honest limitations:

  • OAuth works only for servers that support automatic client registration. A server without it returns “This server doesn’t support automatic OAuth registration.”
  • The optional display name is usually not kept on the OAuth path; the server’s host is used as the name.
  • Demo workspaces cannot connect external servers, and the connection counts against your plan’s platform limit.

If the server uses a static secret

When the probe finds token, header, or query-key auth (or you skip detection), the dialog shows an auth step where you choose None, Bearer token, Custom header, or API key in URL query and enter the secret. Click Test connection. On success you see “Connected” with the number of tools available, and a Done button. Any secret you enter is encrypted in the vault; agents never see it.

Grant the tools to an agent

Adding the server does not grant anything on its own. Open the agent’s detail page and grant the specific tools (scopes) you want it to use. See Configure an agent’s permissions.

If an agent tries to use an OAuth MCP server it has not been authorized for, you get a notification instead of a silent failure.

  1. Open Notifications. Under PLATFORM ACCESS REQUESTS and AGENT AUTHORIZATION REQUESTS, requests that need you appear as cards.
  2. On the authorization card, click Authorize →. It opens a consent page naming the agent and the server.
  3. Click Authorize to run the provider consent flow and store a token for that agent.

Authorizing an agent for an OAuth server is an admin action. A member is shown a message to ask an admin instead.

Next

Last updated on