MCP Interface

WebStream ships an MCP (Model Context Protocol) server, webstream-ops-mcp, that lets an AI assistant such as Claude, Cursor, or ChatGPT observe and administer your deployment through natural language — listing sessions, auditing access, onboarding users, publishing applications, and more. It exposes 89 tools, every one governed by an API key, a privacy mode, and a scope allowlist.

How it works

The MCP server is a small Node.js process that runs on the operator's machine (or a jump host). The AI client spawns it as a child process and talks to it over stdio — nothing listens on a network port. Every tool call is translated into an HTTPS request to the Gateway's /mcp/* proxy, authenticated with the X-MCP-Key header:

AI client (Claude / Cursor / ChatGPT)
    ↓ stdio (spawned child process)
webstream-ops-mcp  (privacy + scope filtering)
    ↓ HTTPS with X-MCP-Key header
Gateway  /mcp/*  proxy
    ↓                       ↓
/mcp/iam/*                /mcp/api/*
Access Management (IAM)   Metrics Engine

The Gateway validates the key against <mcpApiKeys> in app.config.xml before forwarding: /mcp/iam/* is served by the in-process IAM handlers, /mcp/api/* is proxied to the Metrics Engine. See Gateway for the proxy routing table.

Note

Sensitive administration is deliberately not exposed over MCP: server settings (SMTP credentials), JWT secrets, and authentication password/MFA routes stay with the CLI and admin console, where the MCP privacy layer cannot be bypassed by a prompt.

Step 1 — Configure a gateway API key

Generate a key and add it to the <mcpApiKeys> section of app.config.xml on the gateway host, then restart the gateway. The name attribute is used for audit logging; the value is the secret the MCP server sends.

<mcpApiKeys>
  <key name="ops-admin" value="sk-mcp-0f3a...your-generated-key" />
</mcpApiKeys>

A quick way to generate a strong key:

python -c "import secrets; print('sk-mcp-' + secrets.token_hex(20))"
Tip

If the <mcpApiKeys> section is missing or empty, the gateway rejects all /mcp/* requests with 401. Create one key per operator or per role so keys can be revoked individually and attributed in audit logs.

Step 2 — Build and configure the MCP server

The server lives in the webstream-ops-mcp folder of the WebStream distribution and requires Node.js 18 or later.

cd webstream-ops-mcp
npm install
copy config.example.json config.json   # cp on macOS/Linux

Edit config.json and set three values:

{
  "webstreamUrl": "https://your-gateway-host",
  "apiKey": "sk-mcp-0f3a...your-generated-key",
  "defaultOrgId": "default"
}
PropertyPurpose
webstreamUrl *The Gateway's public HTTPS URL. All traffic goes via /mcp/* on this host.
apiKey *Must match a key in the gateway's <mcpApiKeys>. Sent as X-MCP-Key.
defaultOrgIdOrganization used when a prompt does not name one (default default).
privacyModenoRestriction, maskRestriction (default), or fullRestriction — see below.
scope.allowTool allowlist patterns — see below (default ["*"]).

Build and verify:

npm run build
npm start

The server logs to stderr on startup. A healthy start looks like:

[webstream-ops-mcp v1.1.0] Starting MCP server...
[webstream-ops-mcp] Privacy mode: maskRestriction
[webstream-ops-mcp] Scope allow: [*]
[webstream-ops-mcp] Registered 89 tool(s), skipped 0 (out of scope)
[webstream-ops-mcp] Server running on stdio transport

Press Ctrl+C to stop — the AI client will spawn it automatically from here on.

Step 3 — Connect an AI client

Example: Claude Desktop

Claude Desktop reads its MCP server list from a JSON config file. Edit (or create) the file for your platform:

OSConfig file
Windows%APPDATA%\Claude\claude_desktop_config.json
macOS~/Library/Application Support/Claude/claude_desktop_config.json

Add (or merge into) the mcpServers block, pointing at your built dist/index.js with an absolute path:

{
  "mcpServers": {
    "webstream-ops": {
      "command": "node",
      "args": ["C:/WebStream/webstream-ops-mcp/dist/index.js"]
    }
  }
}

Then:

  1. Fully quit and restart Claude Desktop (File > Exit — closing the window is not enough).
  2. Open the tools menu (hammer icon) in a new conversation — webstream-ops should be listed with its tools.
  3. Verify end to end with a first prompt: “Show me all active streaming sessions”. Claude calls observe_active_sessions and the gateway logs the request against your key name.
Tip

The server reads config.json from its working directory. If Claude starts it from elsewhere, set the WEBSTREAM_MCP_CONFIG environment variable to the absolute path of your config.json, or use environment variables (WEBSTREAM_URL, WEBSTREAM_API_KEY, WEBSTREAM_ORG_ID) in the env block of the server entry.

Other clients

Security controls

Privacy modes

The privacyMode setting controls what per-user data the AI model ever sees. The same prompt produces different output in each mode:

ModeWhat the agent receives
noRestrictionData passes through unmodified, e.g. "username": "jsmith", "displayName": "John Smith". For on-premises administration with a trusted model.
maskRestriction (default)Usernames replaced by stable hashes ("user-a7b3c2"), emails and display names stripped, clipboard content redacted. Individuals remain trackable across queries without being identifiable.
fullRestrictionNo per-user data at all — only counts, averages, and distributions (e.g. "activeSessions": 12, "avgFps": 28.5).

Scope allowlist

The scope.allow list controls which tools are registered at startup. Tools outside the scope are not denied — they are invisible: the agent cannot discover or call them. Patterns are * (everything), category.* (a whole category), or category.tool (one tool).

RoleScope
Read-only reporting["observe.*", "reports.*", "usage.*", "system.*"]
Governance / compliance["observe.*", "reports.*", "usage.*", "governance.*", "anomaly.*", "system.*"]
IT helpdesk["observe.*", "sessions.*", "users.*", "groups.*", "workflows.onboard_user", "workflows.offboard_user"]
Catalogue admin["orgs.*", "apps.*", "workspaces.*", "policies.*"]
Full admin["*"]
Warning

Destructive tools — users_delete, apps_delete, workspaces_delete, policies_delete, sessions_disconnect — are included by their category wildcard. To hand an agent a safer key, list only the specific tools you want, for example ["apps.list", "apps.get", "apps.create", "apps.update"].

Tool catalogue

The 89 tools are grouped into categories; the qualified tool name is category_tool (for example observe_active_sessions).

CategoryToolsCovers
observe9Active/recent sessions, session quality, nodes, node metrics history, input activity, recent activity, composite health.
sessions1sessions_disconnect — forcibly end a session.
reports5User access, activity audit, policy posture, usage and billing reports.
usage6Workspace/app ranking, peak hours, per-user summary, stale workspace and stale app detection.
governance7Inactive users, orphaned users, empty groups, missing MFA, access review.
anomaly4Long sessions, after-hours access, high clipboard activity, multi-session users.
users10CRUD, find across organizations, enable/disable, entitlements, import/export.
groups10CRUD, membership management, import/export.
orgs4List, get, create (auto-seeds everyone-group and default policies), update.
apps5Application catalogue CRUD.
workspaces12CRUD, app assignment, group access rights, policy assignment.
policies11CRUD, templates, clone, compare, effective policy for a user.
system1system_license_status — edition, session caps, expiry.
workflows4Compound operations: onboard user, offboard user, compliance audit, executive summary.

Sample prompts

PromptTool called
“Show me all active streaming sessions”observe_active_sessions
“Find workspaces with zero sessions in the last month”usage_stale_workspaces
“Which users don't have MFA enabled?”governance_no_mfa
“Onboard user jsmith and add them to the Designers group”workflows_onboard_user
“Create an AppCollection workspace called Design Tools”workspaces_create
“Assign the high-security policy to workspace ws_456”workspaces_assign_policy
“What edition are we licensed for?”system_license_status
“Run a full compliance audit”workflows_compliance_audit

Troubleshooting

SymptomCause and fix
Every tool returns 401The key in config.json does not match any <mcpApiKeys> entry, or the section is missing/empty. Fix the key and restart the gateway.
IAM tools (users, orgs, workspaces…) return 404 but observe/metrics tools workThe gateway binary predates the /mcp/iam path-rewrite fix. Update webstream.exe to a build that includes it and restart the gateway service.
Tools time outwebstreamUrl is wrong or the gateway is unreachable from the machine running the MCP server. Test with curl https://your-gateway-host/gateway/health.
Server not listed in the AI clientPath in the client config is not absolute, dist/index.js has not been built (npm run build), or the client was not fully restarted.
Fewer than 89 tools registeredWorking as intended — the startup log shows how many were skipped as out of scope by scope.allow.