# MCP Server

* TrustLogix utilizes **MCP** protocol to expose the TrustAI Policy Engine to the registered agents. 
* The TrustAI **MCP Server** implements [**RFC9728**](https://datatracker.ietf.org/doc/html/rfc9728) in accordance with the [**MCP Authentication Specification**](https://modelcontextprotocol.io/specification/2025-11-25/basic/authorization)**.** 

{% hint style="info" %}
If securing an agent platform (like ChatGPT, Claude Desktop, Databricks, etc), you must setup a custom external MCP connection.
{% endhint %}

* When configuring OAuth for the MCP connection (see [mcp-server](https://docs.trustlogix.io/trust-ai-private-preview/mcp-server "mention") for more details), be sure to use the **same** registered application's OAuth details provided earlier to TrustLogix. 
* This ensures the proper agent identity is propagated at decision time and is correctly correlated with activity logs from other registered systems.

The MCP URL is custom for each agent, and follows the following pattern:

> https\://{tlx-mcp-host}/tenants/{tenant-id}/agents/{agent-id}/mcp

* If securing a custom agent, developers must implement an additional MCP Client connection in the agent code. 
* Ensure that the end-user's OAuth token is passed in the Authorization header to properly propagate end user identities. 

{% hint style="warning" %}
It is the developer's responsibility to properly implement authentication, the MCP client, and to add needed changes to system prompts. 
{% endhint %}