Skip to main content

MCP Config Reference

This page is the compact reference for Anyy's MCP client and MCP server bridge configuration. For setup workflow and safety guidance, see MCP Integration. Use the anyy mcp commands instead of hand-editing YAML when possible.

MCP client support is disabled until you enable it and configure servers. A server's tools are only exposed to a model when the matching mcp-<server> toolset is selected.

Root Shape

mcp:
client:
enabled: false
session_idle_ttl_ms: 300000
servers:
docs:
enabled: true
display_name: Docs
transport: stdio
command: npx
args: ["-y", "@example/mcp-server"]
env:
EXAMPLE_TOKEN: secret:mcp/docs/token
startup: lazy
connect_timeout_ms: 5000
call_timeout_ms: 30000
tools:
include: [search]
exclude: []
resources: false
prompts: false
default_risk: runtime-high
approval_policy: none
execution_policy: confirm
output_visible_chars: 6000
output_stored_chars: 30000
sampling:
enabled: false

server:
enabled: false
transport: stdio

Unknown fields fail config validation.

CLI Commands

Use these commands for normal setup and inspection:

anyy mcp add SERVER_ID --command CMD --enable --include tool_a,tool_b
anyy mcp configure SERVER_ID --include tool_a,tool_b --enable
anyy mcp list
anyy mcp show SERVER_ID
anyy mcp probe SERVER_ID
anyy mcp test SERVER_ID
anyy mcp reload [SERVER_ID]
anyy mcp logs [SERVER_ID]

--activate-toolset adds the matching mcp-<server> toolset to toolsets.default, but Anyy rejects activation when the server is not enabled or has no include list.

Client Fields

FieldTypeDefaultMeaning
mcp.client.enabledboolfalseEnables MCP client runtime.
mcp.client.session_idle_ttl_msint300000Idle TTL before a client session can be closed.
mcp.client.serversmapemptyServer definitions keyed by server id.

Server ids may contain letters, digits, _, -, and .. The id is normalized for visible tool names and toolset names.

Server Definition

FieldTypeDefaultMeaning
enabledboolfalseDisabled servers stay in config but are not connected or exposed.
display_namestringserver idFriendly label for status surfaces.
transportstringinferredstdio or http.
authstringnoneHTTP auth posture: none, header, or oauth.
commandstringnoneExecutable for stdio servers.
cwdstringnoneWorking directory for stdio; must be absolute when set.
argslistemptyArguments for the stdio command.
envmapemptyEnvironment values for stdio servers. Sensitive values must use refs.
urlstringnoneURL for http servers.
headersmapemptyHTTP headers. Sensitive values must use refs.
startupstringlazylazy, gateway, or session.
connect_timeout_msint5000Initial connect timeout.
call_timeout_msint30000Tool call timeout.
toolsmapdefaults belowTool filtering and policy.
samplingmapdisabledServer-initiated model request limits.

Transport inference is simple: a server with command becomes stdio; a server with url becomes http. Set transport explicitly when the inference is not what you want.

Transports

stdio servers launch a local process and use the official MCP stdio transport: one UTF-8 JSON-RPC message per line over stdin/stdout. They require command, may set args, cwd, and env, and must not set url. auth must be empty or none.

http servers use the official Streamable HTTP transport. Anyy advertises its latest supported MCP protocol version during initialization, stores the negotiated version, and sends it in MCP-Protocol-Version on HTTP requests.

http servers require a valid url, may set headers, and must not set command or args. Their auth value may be empty, none, header, or oauth.

cwd is validated as an absolute path when present. Timeouts must be zero or positive; zero means the default is applied.

Environment And Secrets

MCP env and headers values can use secret:, env:, or file: references. Do not use the older secret://, env://, or file:// forms.

literal: is rejected for MCP secret-bearing fields. Values whose names or contents look sensitive, such as Authorization, *_TOKEN, api_key, password, or Bearer ..., must use a secret reference.

Good:

headers:
Authorization: secret:mcp/docs/auth_header
env:
GITHUB_TOKEN: env:GITHUB_TOKEN

Rejected:

headers:
Authorization: "Bearer raw-token"
env:
API_KEY: literal:raw-token

Tools Policy

MCP servers are treated as untrusted by default. If tools.include is empty, remote server-native tools are not exposed. Utility tools for resources or prompts can still be exposed when explicitly enabled and advertised by the server.

FieldDefaultMeaning
includeemptyExact MCP tool names to allow. Config validation rejects *.
excludeemptyTool names to deny when they would otherwise be allowed.
resourcesfalseExpose list_resources and read_resource utility tools when the server supports resources.
promptsfalseExpose list_prompts and get_prompt utility tools when the server supports prompts.
default_riskempty -> readRisk assigned to exposed server tools. anyy mcp add writes runtime-high.
approval_policyempty -> noneApproval policy assigned to exposed server tools.
execution_policyempty -> directExecution policy assigned to exposed server tools. anyy mcp add writes confirm.
output_visible_chars6000Model-visible output budget.
output_stored_chars30000Stored output budget.

When a tool is allowed, its visible name is:

mcp_<server>_<tool>

Server ids and tool names are lowercased and sanitized. For example, GitHub.Prod plus issues.search becomes the toolset mcp-github_prod and tool mcp_github_prod_issues_search.

Use original MCP tool names in include and exclude, not the sanitized visible names.

Risk And Execution Values

default_risk accepts:

read, runtime-low, runtime-high, config-low, config-high, credential-high, dangerous, and force-required.

approval_policy accepts none, hook, and always.

execution_policy accepts direct, audit, confirm, change_plan, and force_change_plan.

These policies do not replace global tool governance. They set the descriptor for tools coming from this MCP server.

Sampling

Sampling is disabled unless sampling.enabled is true.

FieldDefault when enabledMeaning
model_allowlistemptyModels the MCP server may request.
max_tokens_cap4096Maximum requested output tokens.
timeout_ms30000Sampling call timeout.
max_rpm10Per-server request-rate cap.
tool_loop_limit1Tool-loop cap for sampled calls.

When sampling is enabled, every numeric limit must be positive after defaults are applied.

Anyy As An MCP Server

The mcp.server block exposes Anyy itself through an MCP bridge. It is off by default.

FieldDefaultMeaning
enabledfalseEnable the server bridge.
transportstdioOnly stdio is currently supported.
scopesemptyOptional scope allowlist.
expose_approvalsfalseExpose approval-related bridge features.
expose_toolsfalseExpose selected Anyy tools through the bridge.

Allowed scopes are conversations, messaging, approvals, tasks, reminders, memory, skills, and tools.

Operational Notes

Changing config.yaml does not automatically update already connected MCP sessions. Use anyy mcp reload [SERVER_ID] after edits, or restart the resident gateway.

Use anyy mcp probe SERVER_ID or anyy mcp test SERVER_ID to inspect server health and discovered tools. Use anyy mcp logs SERVER_ID when a server fails to start or connect.