Skip to content
AM

From the legacy stdio MCP server

The current production MCP runtime is the Cloudflare Worker at https://ai-coo.inblack.app/mcp. Legacy stdio code under apps/ai-coo/ remains only for compatibility or local development, the old hosted Cloud Run service has been removed, and legacy /sse and /messages transports are retired.

Do not configure a new integration against the legacy package or infer the production catalog from its source.

Current contract

ConcernCurrent behavior
RuntimeCloudflare Worker (apps/ai-coo-cf)
Public endpointhttps://ai-coo.inblack.app/mcp
Aliashttps://mcp.inblack.app/mcp
TransportStateless MCP streamable HTTP using JSON-RPC POST
AuthenticationZITADEL bearer token on every request
Tenant contextX-Tenant-ID on every tenant-scoped request
Catalogapps/ai-coo-cf/src/tools/catalog.ts
Discovery/mcp/manifest and MCP tools/list, filtered for the request context

The runtime does not currently advertise a complete OAuth authorization-server flow for remote MCP clients. Obtain a bearer token through the supported InBlack authentication flow and configure your client or bridge to send both required headers. Do not rely on a browser opening automatically.

Migration steps

1. Remove the legacy command

Delete any client entry that launches a local legacy InBlack package over stdio. Also remove obsolete configuration for /sse or /messages; those paths return a retired response and cannot be used as a fallback transport.

2. Choose a streamable HTTP client or bridge

Prefer a client with native remote streamable HTTP support. A client that only supports stdio needs a maintained bridge that can forward JSON-RPC to the Worker and attach custom headers.

Configure:

URL: https://ai-coo.inblack.app/mcp
Authorization: Bearer <zitadel-access-token>
X-Tenant-ID: <tenant-id>

Treat bearer tokens as secrets. Do not commit them to a repository or place them in shared client configuration.

3. Rediscover tools

Do not assume legacy and current tool names or schemas are identical. Fetch the current filtered manifest:

Terminal window
curl https://ai-coo.inblack.app/mcp/manifest \
-H "Authorization: Bearer <zitadel-access-token>" \
-H "X-Tenant-ID: <tenant-id>"

Then use MCP tools/list for the protocol-level definitions. Update prompts and integrations against the returned tools and input schemas.

4. Re-test write workflows

The current Worker catalog generates a simulate twin for every write. T3 writes and guardrail-escalated T2 writes can return INBLACK_CONFIRMATION_REQUIRED; destructive tools are excluded from the public surface.

For every migrated write flow:

  1. Call the matching inblack_simulate_* tool when a preview is needed.
  2. Handle INBLACK_CONFIRMATION_REQUIRED and retain the returned pending-action ID.
  3. Confirm or reject through the supported pending-action flow.
  4. Handle structured INBLACK_* errors rather than legacy text matching.

5. Remove local legacy state

After verification, uninstall the legacy package and remove obsolete startup scripts, local package configuration, and tokens that were used only by that runtime. Retain no legacy endpoint as a failover target.

Verification

Verify the migration with the selected tenant:

  1. Initialize the MCP connection.
  2. Run tools/list and compare it with /mcp/manifest.
  3. Call a T1 read tool using test-safe data.
  4. Call a simulate tool and confirm no platform state changes.
  5. Exercise a representative write in a non-production tenant and verify pending-action handling when required.
  6. Switch tenant context, resend X-Tenant-ID, and rediscover tools.

Different tenants can return different catalogs because policy, scope, pillars, features, GL layer, entitlements, roles, permissions, and personas are evaluated at request time.