MCP Interface
WebStream ships an MCP (Model Context Protocol) server, webstream-ops-mcp, that lets an AI assistant such as Claude, Cursor, or ChatGPT observe and administer your deployment through natural language — listing sessions, auditing access, onboarding users, publishing applications, and more. It exposes 89 tools, every one governed by an API key, a privacy mode, and a scope allowlist.
How it works
The MCP server is a small Node.js process that runs on the operator's machine (or a jump host). The AI client spawns it as a child process and talks to it over stdio — nothing listens on a network port. Every tool call is translated into an HTTPS request to the Gateway's /mcp/* proxy, authenticated with the X-MCP-Key header:
AI client (Claude / Cursor / ChatGPT)
↓ stdio (spawned child process)
webstream-ops-mcp (privacy + scope filtering)
↓ HTTPS with X-MCP-Key header
Gateway /mcp/* proxy
↓ ↓
/mcp/iam/* /mcp/api/*
Access Management (IAM) Metrics Engine
The Gateway validates the key against <mcpApiKeys> in app.config.xml before forwarding: /mcp/iam/* is served by the in-process IAM handlers, /mcp/api/* is proxied to the Metrics Engine. See Gateway for the proxy routing table.
Sensitive administration is deliberately not exposed over MCP: server settings (SMTP credentials), JWT secrets, and authentication password/MFA routes stay with the CLI and admin console, where the MCP privacy layer cannot be bypassed by a prompt.
Step 1 — Configure a gateway API key
Generate a key and add it to the <mcpApiKeys> section of app.config.xml on the gateway host, then restart the gateway. The name attribute is used for audit logging; the value is the secret the MCP server sends.
<mcpApiKeys>
<key name="ops-admin" value="sk-mcp-0f3a...your-generated-key" />
</mcpApiKeys>
A quick way to generate a strong key:
python -c "import secrets; print('sk-mcp-' + secrets.token_hex(20))"
If the <mcpApiKeys> section is missing or empty, the gateway rejects all /mcp/* requests with 401. Create one key per operator or per role so keys can be revoked individually and attributed in audit logs.
Step 2 — Build and configure the MCP server
The server lives in the webstream-ops-mcp folder of the WebStream distribution and requires Node.js 18 or later.
cd webstream-ops-mcp
npm install
copy config.example.json config.json # cp on macOS/Linux
Edit config.json and set three values:
{
"webstreamUrl": "https://your-gateway-host",
"apiKey": "sk-mcp-0f3a...your-generated-key",
"defaultOrgId": "default"
}
| Property | Purpose |
|---|---|
webstreamUrl * | The Gateway's public HTTPS URL. All traffic goes via /mcp/* on this host. |
apiKey * | Must match a key in the gateway's <mcpApiKeys>. Sent as X-MCP-Key. |
defaultOrgId | Organization used when a prompt does not name one (default default). |
privacyMode | noRestriction, maskRestriction (default), or fullRestriction — see below. |
scope.allow | Tool allowlist patterns — see below (default ["*"]). |
Build and verify:
npm run build
npm start
The server logs to stderr on startup. A healthy start looks like:
[webstream-ops-mcp v1.1.0] Starting MCP server...
[webstream-ops-mcp] Privacy mode: maskRestriction
[webstream-ops-mcp] Scope allow: [*]
[webstream-ops-mcp] Registered 89 tool(s), skipped 0 (out of scope)
[webstream-ops-mcp] Server running on stdio transport
Press Ctrl+C to stop — the AI client will spawn it automatically from here on.
Step 3 — Connect an AI client
Example: Claude Desktop
Claude Desktop reads its MCP server list from a JSON config file. Edit (or create) the file for your platform:
| OS | Config file |
|---|---|
| Windows | %APPDATA%\Claude\claude_desktop_config.json |
| macOS | ~/Library/Application Support/Claude/claude_desktop_config.json |
Add (or merge into) the mcpServers block, pointing at your built dist/index.js with an absolute path:
{
"mcpServers": {
"webstream-ops": {
"command": "node",
"args": ["C:/WebStream/webstream-ops-mcp/dist/index.js"]
}
}
}
Then:
- Fully quit and restart Claude Desktop (File > Exit — closing the window is not enough).
- Open the tools menu (hammer icon) in a new conversation —
webstream-opsshould be listed with its tools. - Verify end to end with a first prompt: “Show me all active streaming sessions”. Claude calls
observe_active_sessionsand the gateway logs the request against your key name.
The server reads config.json from its working directory. If Claude starts it from elsewhere, set the WEBSTREAM_MCP_CONFIG environment variable to the absolute path of your config.json, or use environment variables (WEBSTREAM_URL, WEBSTREAM_API_KEY, WEBSTREAM_ORG_ID) in the env block of the server entry.
Other clients
- Cursor — add the same
mcpServersblock to.cursor/mcp.jsonin your workspace root; Cursor detects it automatically. - ChatGPT Desktop — Settings > Tools & Integrations > Add Server; command
node, argument the absolute path todist/index.js.
Security controls
Privacy modes
The privacyMode setting controls what per-user data the AI model ever sees. The same prompt produces different output in each mode:
| Mode | What the agent receives |
|---|---|
noRestriction | Data passes through unmodified, e.g. "username": "jsmith", "displayName": "John Smith". For on-premises administration with a trusted model. |
maskRestriction (default) | Usernames replaced by stable hashes ("user-a7b3c2"), emails and display names stripped, clipboard content redacted. Individuals remain trackable across queries without being identifiable. |
fullRestriction | No per-user data at all — only counts, averages, and distributions (e.g. "activeSessions": 12, "avgFps": 28.5). |
Scope allowlist
The scope.allow list controls which tools are registered at startup. Tools outside the scope are not denied — they are invisible: the agent cannot discover or call them. Patterns are * (everything), category.* (a whole category), or category.tool (one tool).
| Role | Scope |
|---|---|
| Read-only reporting | ["observe.*", "reports.*", "usage.*", "system.*"] |
| Governance / compliance | ["observe.*", "reports.*", "usage.*", "governance.*", "anomaly.*", "system.*"] |
| IT helpdesk | ["observe.*", "sessions.*", "users.*", "groups.*", "workflows.onboard_user", "workflows.offboard_user"] |
| Catalogue admin | ["orgs.*", "apps.*", "workspaces.*", "policies.*"] |
| Full admin | ["*"] |
Destructive tools — users_delete, apps_delete, workspaces_delete, policies_delete, sessions_disconnect — are included by their category wildcard. To hand an agent a safer key, list only the specific tools you want, for example ["apps.list", "apps.get", "apps.create", "apps.update"].
Tool catalogue
The 89 tools are grouped into categories; the qualified tool name is category_tool (for example observe_active_sessions).
| Category | Tools | Covers |
|---|---|---|
observe | 9 | Active/recent sessions, session quality, nodes, node metrics history, input activity, recent activity, composite health. |
sessions | 1 | sessions_disconnect — forcibly end a session. |
reports | 5 | User access, activity audit, policy posture, usage and billing reports. |
usage | 6 | Workspace/app ranking, peak hours, per-user summary, stale workspace and stale app detection. |
governance | 7 | Inactive users, orphaned users, empty groups, missing MFA, access review. |
anomaly | 4 | Long sessions, after-hours access, high clipboard activity, multi-session users. |
users | 10 | CRUD, find across organizations, enable/disable, entitlements, import/export. |
groups | 10 | CRUD, membership management, import/export. |
orgs | 4 | List, get, create (auto-seeds everyone-group and default policies), update. |
apps | 5 | Application catalogue CRUD. |
workspaces | 12 | CRUD, app assignment, group access rights, policy assignment. |
policies | 11 | CRUD, templates, clone, compare, effective policy for a user. |
system | 1 | system_license_status — edition, session caps, expiry. |
workflows | 4 | Compound operations: onboard user, offboard user, compliance audit, executive summary. |
Sample prompts
| Prompt | Tool called |
|---|---|
| “Show me all active streaming sessions” | observe_active_sessions |
| “Find workspaces with zero sessions in the last month” | usage_stale_workspaces |
| “Which users don't have MFA enabled?” | governance_no_mfa |
| “Onboard user jsmith and add them to the Designers group” | workflows_onboard_user |
| “Create an AppCollection workspace called Design Tools” | workspaces_create |
| “Assign the high-security policy to workspace ws_456” | workspaces_assign_policy |
| “What edition are we licensed for?” | system_license_status |
| “Run a full compliance audit” | workflows_compliance_audit |
Troubleshooting
| Symptom | Cause and fix |
|---|---|
Every tool returns 401 | The key in config.json does not match any <mcpApiKeys> entry, or the section is missing/empty. Fix the key and restart the gateway. |
IAM tools (users, orgs, workspaces…) return 404 but observe/metrics tools work | The gateway binary predates the /mcp/iam path-rewrite fix. Update webstream.exe to a build that includes it and restart the gateway service. |
| Tools time out | webstreamUrl is wrong or the gateway is unreachable from the machine running the MCP server. Test with curl https://your-gateway-host/gateway/health. |
| Server not listed in the AI client | Path in the client config is not absolute, dist/index.js has not been built (npm run build), or the client was not fully restarted. |
| Fewer than 89 tools registered | Working as intended — the startup log shows how many were skipped as out of scope by scope.allow. |