MCP Integration

Connecting MCP servers to Orchid agents: none, passthrough, and OAuth auth modes.

Orchid agents can call any MCP server over Streamable HTTP or SSE transport. The connection is configured per-server in agents.yaml; the framework handles capability discovery, caching, and per-user authentication transparently.

The MCP client interface

OrchidMCPClient in orchid_ai/core/mcp.py combines two narrower ABCs:

• OrchidMCPToolCaller — code that only invokes tools depends on this
• OrchidMCPDiscoverable — code that discovers capabilities depends on this

StreamableHttpMCPClient in orchid_ai/mcp/client.py is the concrete implementation. It keeps an in-memory capability cache that is populated once (proactively at startup or session-start) and flushed only via explicit invalidate_cache() calls.

Three auth modes

Each MCP server declaration carries exactly one field under auth: — the mode. No credentials, no endpoints, no client IDs live in config.

mcp_servers:
- name: public-weather
  url: https://weather.example.com/mcp
  # auth defaults to: mode: none

- name: tenant-catalog
  url: https://catalog.example.com/mcp
  auth:
    mode: passthrough

- name: external-crm
  url: https://crm.example.com/mcp
  auth:
    mode: oauth

Proactive capability warming

The framework warms MCP capability caches at well-defined boundaries so the per-request hot path never pays discovery cost:

OrchidSessionWarmer drives all three boundaries. It is idempotent per (tenant_key, user_id) pair.

External reading

• Model Context Protocol specification↗
• MCP 2025-03-26 authorization spec↗
• RFC 9728: OAuth 2.0 Protected Resource Metadata↗
• RFC 8414: OAuth 2.0 Authorization Server Metadata↗
• RFC 7591: OAuth 2.0 Dynamic Client Registration↗