MCP access
The MCP module exposes a hosted Model Context Protocol endpoint so cloud agents — ChatGPT, Claude, and other MCP clients — can read mission context and use approved Overlord actions from their own interface. The assistant still follows workspace permissions and the mission lifecycle.
Endpoints
Section titled “Endpoints”The hosted implementation is mounted by the backend when
OVERLORD_MCP_ENABLED=true:
GET /mcp— server/tool metadata for authenticated callers.POST /mcp— JSON-RPC MCP requests.GET /.well-known/oauth-protected-resourceGET /.well-known/oauth-protected-resource/mcpGET /.well-known/oauth-authorization-serverPOST /oauth/registerGET /oauth/authorize(redirects to the web approval page)POST /oauth/tokenPOST /oauth/revoke
The public ChatGPT Apps surface uses Apps SDK–compatible metadata: every tool
has an input/output schema and a safety annotation, and read tools may point at
bundled ui://overlord/* widget resources. The widgets are self-contained MCP
Apps HTML; they render only a tool result’s structuredContent and make no
third-party network or iframe requests.
Authentication
Section titled “Authentication”MCP requests authenticate through the backend Auth Layer before any tool is
listed or invoked. Unauthenticated /mcp calls return a
WWW-Authenticate: Bearer challenge pointing clients at the protected-resource
metadata.
OAuth-aware clients use dynamic client registration followed by an
authorization-code + PKCE flow. Approval happens in the web app at
/oauth/approve; approving creates a scoped USER_TOKEN with the
mission_lifecycle preset and exchanges the one-time authorization code for a
bearer access token. Refresh tokens are not issued in contract version 0.
When a client supplies an OAuth resource parameter, Overlord binds it to the
canonical hosted /mcp URL at approval and token exchange. A mismatch returns
invalid_target; missing, denied, expired, revoked, or malformed credentials
receive an OAuth-compatible 401 at /mcp.
See Authentication & troubleshooting for the credential model behind these tokens and the errors above.
The tool catalog is mission-first:
overlord_resolve_projectoverlord_search_missionsoverlord_create_missionoverlord_load_mission_contextoverlord_add_objectivesoverlord_attach_sessionoverlord_update_sessionoverlord_deliver_session
Widgets are attached to project resolution, mission search, mission-context, and delivery results:
ui://overlord/project-selector.htmlui://overlord/mission-list.htmlui://overlord/objective-viewer.htmlui://overlord/file-changes.html
The local connector MCP bridge scripts for Codex, Cursor, and Antigravity
advertise the same canonical tool names and input contract shape. Backend tests
compare those local tools/list responses against this hosted registry, so a
new hosted tool cannot be added without updating the shipped connector shims.
Boundaries
Section titled “Boundaries”MCP handlers call existing service/protocol functions and rely on their RBAC checks. They must not write database tables directly. Hosted MCP intentionally does not expose local filesystem inspection, runner queue claiming, execution-target mutation, or branch actions — those stay on the local CLI and runner surfaces.
Related
Section titled “Related”- The agent protocol — the equivalent lifecycle over the CLI, with the same operation names.
- Authentication & troubleshooting — token scopes and OAuth errors.
