Model Context Protocol for your product model.
Vadyl exposes product entities, workflows, agents, operations, and installed project capability surfaces as MCP tools and resources. tools/list filters by the connected client's grants. tools/call dispatches through the same operation dispatcher as REST, GraphQL, gRPC, and the SDK. No second authority.
MCP is a product projection — not a parallel API
The MCP server is a thin canonical projection of the same product model: every tool dispatches through the platform's operation dispatcher. Same access enforcement, same observability, same audit trail.
Canonical dispatch
tools/call routes through the same operation dispatcher REST and SDK use for your product operations.
Grant-filtered tools
tools/list returns only tools your client's grants authorize.
RFC 9728 OAuth
OAuth metadata bound to the project resource via canonical authorization spec.
Observable
Every tools/call surfaces in the canonical observability plane.
Branch-aware
Connect an MCP client to a sandbox or feature branch for safe testing.
Live tool list
tools/list reflects the live product capability graph. New tools become available the moment a grant is added.
JSON-RPC 2.0
Standard MCP transport. Compatible with Claude Desktop, Cursor, and any MCP-aware client.
Resource projection
Customers, orders, invoices, and other entities surface as MCP resources. Read-only tools auto-generated. Mutations require explicit grants.
Vadyl-native agents
Vadyl's own Agent plane consumes MCP against the same product model for inter-agent and external-tool integration.
Installed surfaces
Project-published commands, workflows, agent skills, analytics, events, and operations become MCP tools only when the consumer installation grants them.
Exact MCP contracts
The overview explains the projection; the references define transport, methods, metadata, resource shape, prompt shape, errors, and exposure bindings.
MCP reference
JSON-RPC methods, resource metadata, token model, tools, resources, prompts, errors, and observability.
Exposure bindings
The shared projection model that binds MCP, REST, GraphQL, gRPC, SDKs, CLI, dashboards, and Runtime Fabric scaling vocabulary.
Project capability surfaces
Project-authored, project-published, project-installed capability surfaces across manifests, grants, exposure bindings, PCG, SDK, CLI, MCP, and usage evidence.
Authentication reference
Bearer tokens, API keys, scopes, project grants, policy evaluation, sessions, and authorization envelopes.
REST controller atlas
Every controller-backed endpoint with parameters, request examples, responses, errors, and samples.
SDK method reference
Every client method across TypeScript, Python, C#, Go, and Rust with inputs, returns, and errors.
CLI command reference
Every command group, subcommand, flag, sample output, and exit code for automation and CI.
Errors reference
Canonical error envelopes, HTTP status mapping, machine-readable codes, reason codes, and correlation IDs.
Where MCP lives
POST /mcp # JSON-RPC 2.0 endpoint GET /mcp/.well-known/oauth-authorization-server # RFC 9728 metadata GET /mcp/.well-known/oauth-protected-resource # resource metadata GET /mcp/openapi.json # OpenAPI for the JSON-RPC surface
Opt operations into MCP via project capability grants
Nothing exposes by default. Operations only appear in tools/list when a project capability grant authorizes them for the client.
mcp: {
enabled: true,
endpoint: "/mcp",
exposures: [
{
name: "support-toolkit",
tools: [
"entityRead:Customer",
"entityRead:Order",
"entityWrite:RefundRequest",
"agent:SupportAgent.run",
"workflow:processRefund.start",
],
auth: { kind: "oauth2", scopes: ["mcp:support-toolkit"] },
},
],
},JSON-RPC 2.0 in any language
MCP is a wire protocol. Any client that speaks JSON-RPC 2.0 can connect — including the official MCP SDKs.
tools/list
// → request
{ "jsonrpc": "2.0", "id": 1, "method": "tools/list" }
// ← response
{
"jsonrpc": "2.0", "id": 1,
"result": {
"tools": [
{
"name": "list_orders",
"description": "List orders with typed filtering, sorting, pagination.",
"inputSchema": { /* JSON Schema */ }
},
{ "name": "get_order", "description": "Read one order by id.", "inputSchema": { ... } },
{ "name": "create_refund_request", "description": "Open a refund request.", "inputSchema": { ... } }
]
}
}tools/call
// → request
{
"jsonrpc": "2.0", "id": 2,
"method": "tools/call",
"params": {
"name": "list_orders",
"arguments": {
"filter": { "status": { "in": ["paid", "fulfilled"] } },
"pageSize": 50
}
}
}
// ← response
{
"jsonrpc": "2.0", "id": 2,
"result": {
"content": [{
"type": "text",
"text": "Found 23 orders. Latest: ord_abc ($129.99, paid 2 minutes ago)..."
}],
"structuredContent": { "data": [ /* Order[] */ ], "page": { /* ... */ } },
"isError": false
}
}Drop into Claude Desktop, Cursor, or any MCP-aware host
{
"mcpServers": {
"vadyl": {
"command": "vadyl",
"args": ["mcp", "serve", "--stdio"],
"env": {
"VADYL_API_KEY": "$VADYL_API_KEY",
"VADYL_API_SECRET": "$VADYL_API_SECRET",
"VADYL_TENANT": "acme",
"VADYL_PROJECT": "support"
}
}
}
}{
"mcpServers": {
"vadyl": {
"url": "https://api.vadyl.app/mcp",
"headers": {
"Authorization": "Bearer $VADYL_TOKEN"
}
}
}
}RFC 9728 — auto-discoverable
MCP-aware clients can auto-discover the OAuth flow. Tokens are scoped to the exposure and bound to the project resource.
{
"issuer": "https://api.vadyl.app/mcp",
"authorization_endpoint": "https://auth.vadyl.app/oauth/authorize",
"token_endpoint": "https://auth.vadyl.app/oauth/token",
"registration_endpoint": "https://auth.vadyl.app/oauth/register",
"scopes_supported": ["mcp:support-toolkit"],
"response_types_supported": ["code"],
"grant_types_supported": ["authorization_code", "refresh_token"],
"code_challenge_methods_supported": ["S256"],
"token_endpoint_auth_methods_supported": ["client_secret_basic", "none"]
}Connect your AI client to a backend that understands the product.
No bespoke tool registry. No stale product snapshot. No second authority.