MCP server support with Secrets Manager-backed Bearer auth

dropthejase wires MCP server support into the main agent, storing per-server API keys in AWS Secrets Manager rather than env vars. The credential-handling shape - read once at cold start, scoped by server identifier, no plaintext in config - is portable to any fork that wants to connect external tools without leaking secrets.

integrationsecurity

The implementation lands across four commits. 064677 adds a buildMcpClients() function in mcp-config.ts that reads an mcp.json file from the admin S3 bucket. The format mirrors Claude Code's own MCP config: each server entry has a url and an optional authSecretName. 38f9c4a adds the Secrets Manager path - if authSecretName is set, the agent fetches the secret value at startup and attaches it as a Bearer token header on the StreamableHTTPClientTransport. If the fetch fails, that server is silently dropped rather than crashing the agent.

The client list is built per-invocation by querying user_profiles.disabled_mcp_servers and filtering out anything the user has toggled off. The McpClient instances are passed directly into createAgent() as additional tools, sitting alongside the existing tool list.

The seed server changes from mcp.data.gouv.fr (French open government data) to lex.lab.i.ai.gov.uk (UK legislation search from i.AI/DSIT) - useful if your user base is UK-oriented, otherwise replace it.

Limitations noted in the README: only static Bearer tokens are supported. OAuth 2.0 and three-legged OAuth flows won't work without AgentCore Gateway in the middle.

So what Worth a look if you're building on AgentCore and want to connect external MCP data sources without storing credentials in plaintext. The `authSecretName`-in-config pattern is clean and easy to extend to other auth schemes. Skip if you're not on AWS or don't need external tool connections - the S3-based config and Secrets Manager dependency are both AWS-specific.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

4 commits from dropthejase/louis, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
06467772 feat(mcp): add MCP server support Jason Lee 2026-05-15 ↗ GitHub
commit body
Admin uploads mcp.json to the admin S3 bucket (Claude Code format).
Agent loads and caches config on cold start, wires McpClient[] into
tools filtered by per-user disabled list. Users toggle servers on/off
in Agent Settings. DB migration adds disabled_mcp_servers jsonb column.
Seeded with data.gouv.fr public MCP endpoint.
eec41f4e chore(mcp): swap seed server to lex.lab.i.ai.gov.uk Jason Lee 2026-05-15 ↗ GitHub
38f9c4ae feat(mcp): add Bearer token auth via Secrets Manager Jason Lee 2026-05-15 ↗ GitHub
commit body
Optional authSecretName per server in mcp.json - agent fetches secret
from louis/mcp/* at cold start and sends as Authorization: Bearer.
AgentCore role granted GetSecretValue on louis/mcp/* prefix.
README and Agent Settings help panel updated with format, limitations
(no OAuth/3LO), and auth instructions.
3f247e45 feat: merge feature/mcp-support - MCP server support with Secrets Manager auth Jason Lee 2026-05-15 ↗ GitHub

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-348.md from inside the repo you want the changes in.

⬇ Download capture-thread-348.md