OxagenDocs
MCP server

External MCP servers

Connect your Oxagen workspace to external MCP servers — GitHub, Linear, custom internal tools, and any MCP-compatible service.

Oxagen can connect outbound to external MCP servers, making their tools available to the agent alongside built-in capabilities. This is the inverse of the connecting page (which covers inbound connections to the Oxagen MCP server).

How it works

External MCP servers are registered per-workspace. Once connected and authenticated, the agent can invoke their tools during a chat session — subject to IAM policies, consent rules, and permission configuration.

There are two ways to configure external MCP servers:

MethodBest forRequires API?
File-based configurationCLI users, CI/CD, offline development, version-controlled configsNo
Platform registration (web app / API)Teams using the marketplace, OAuth flows, enterprise governanceYes

Both methods feed tools into the same runtime pipeline — permissions, telemetry, and audit logging apply uniformly regardless of how the server was registered.

Supported transports

TransportStatusNotes
Streamable HTTPFully supportedThe current MCP standard. Used by GitHub MCP, Linear, and most hosted servers.
SSE (Server-Sent Events)SupportedOlder MCP servers still use this transport.
WebSocketSupportedFor servers that require persistent bidirectional connections.
stdioCLI-only (local)Spawns a local process. Not available in the cloud runtime.

Authentication strategies

StrategyUse case
nonePublic or locally-running MCP servers
bearerStatic API keys or tokens
headerArbitrary header-based auth (e.g. X-API-Key)
oauthOAuth 2.1 with PKCE (GitHub MCP, enterprise SSO)

See Credentials for how tokens are stored and refreshed.

Architecture

┌──────────────────────────────────────────────────────┐
│  Agent Runtime (materializeTools)                     │
├──────────────┬───────────────────────────────────────┤
│  DB-backed   │  File-based (@oxagen/mcp-config)      │
│  servers     │  servers                              │
│  (mcp.mcp_   │  (.oxagen/settings.json +             │
│   servers)   │   ~/.config/oxagen/settings.json)     │
├──────────────┴───────────────────────────────────────┤
│  Uniform wrapping: IAM gate, telemetry, consent      │
├──────────────────────────────────────────────────────┤
│  Model receives merged tool set                      │
└──────────────────────────────────────────────────────┘

Both contributor types produce ContributedRawTool entries that pass through the same IAM gate, ClickHouse telemetry, and consent/approval flow before reaching the model.

Quick start

The fastest way to connect an external MCP server:

# Add GitHub MCP with a static auth header
oxagen mcp add github --url https://api.githubcopilot.com/mcp/ --auth header --header "Authorization=Bearer ${GITHUB_TOKEN}"

# Add a bearer-token server
oxagen mcp add linear --url https://mcp.linear.app/sse --transport sse --auth bearer --env-token LINEAR_MCP_TOKEN

# Add a local stdio server
oxagen mcp add filesystem --transport stdio --command npx --arg -y --arg @modelcontextprotocol/server-filesystem --arg ./src

# Check connectivity
oxagen mcp check

See CLI reference for the full command set.

On this page