agent MCP — Сценарии использования, Установка & Живое демо

Зачем использовать

Ключевые функции

OAuth 2.1 + scope-based auth out of the box
Hot-reload: edit config, new upstreams appear without restart
Audit logging on every tool call
Tag-based filtering so different clients see different tool sets
Runs via npx @1mcp/agent, binary, or Docker

Живое демо

Как выглядит на практике

agent.replay ▶ готово

0/0

Установка

Выберите клиент

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "agent": {
      "command": "npx",
      "args": [
        "-y",
        "agent"
      ],
      "_inferred": true
    }
  }
}

Откройте Claude Desktop → Settings → Developer → Edit Config. Перезапустите после сохранения.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "agent": {
      "command": "npx",
      "args": [
        "-y",
        "agent"
      ],
      "_inferred": true
    }
  }
}

Cursor использует ту же схему mcpServers, что и Claude Desktop. Конфиг проекта приоритетнее глобального.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "agent": {
      "command": "npx",
      "args": [
        "-y",
        "agent"
      ],
      "_inferred": true
    }
  }
}

Щёлкните значок MCP Servers на боковой панели Cline, затем "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "agent": {
      "command": "npx",
      "args": [
        "-y",
        "agent"
      ],
      "_inferred": true
    }
  }
}

Тот же формат, что и Claude Desktop. Перезапустите Windsurf для применения.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "agent",
      "command": "npx",
      "args": [
        "-y",
        "agent"
      ]
    }
  ]
}

Continue использует массив объектов серверов, а не map.

~/.config/zed/settings.json

{
  "context_servers": {
    "agent": {
      "command": {
        "path": "npx",
        "args": [
          "-y",
          "agent"
        ]
      }
    }
  }
}

Добавьте в context_servers. Zed перезагружается автоматически.

claude mcp add agent -- npx -y agent

Однострочная команда. Проверить: claude mcp list. Удалить: claude mcp remove.

Сценарии использования

Реальные сценарии: agent

Run a multi-tenant MCP gateway for different teams

👤 Platform teams serving multiple squads with different tool needs ⏱ ~45 min advanced

Когда использовать: Design and Eng need different MCPs, but you don't want to run two gateways.

Предварительные требования

A host with Node 20+ or Docker — Any small VM
OAuth IdP (or use built-in for local) — Dex, Auth0, Okta — anything that speaks OIDC

Поток

Define scopes in the agent config

Draft an agent config where 'design' scope exposes figma and davinci-resolve MCPs, 'eng' scope exposes github, sentry, postgres.✓ Скопировано

→ Config with scoped upstream mappings
Wire OAuth

Connect the agent to our Auth0 tenant, map groups to scopes.✓ Скопировано

→ Users see only their scope's tools
Audit usage

Show me the last 24h of tool calls by user, grouped by tool name.✓ Скопировано

→ Usage report

Итог: One gateway, per-team tool views, full audit trail.

Подводные камни

Scope design gets spaghetti fast — Start with 2-3 broad scopes (eng-read, eng-write, design) rather than per-tool scopes
Audit logs balloon disk usage — Rotate logs weekly or ship to a log aggregator

Сочетать с: github · sentry

Develop a custom MCP with hot-reload

👤 Builders iterating on their own MCP server ⏱ ~20 min intermediate

Когда использовать: You're writing a new MCP and don't want to reload the IDE after every change.

Поток

Register your dev MCP under the agent

Add my local dev MCP at node ./my-mcp/dist/index.js under the agent config, tag it 'dev'.✓ Скопировано

→ Tool appears in client
Edit, save, retry

I changed the tool. Tell me if the new version is live without me restarting.✓ Скопировано

→ Hot-reload confirmed

Итог: A fast inner loop for MCP development.

Подводные камни

Hot-reload can leak old tool handles if clients cache — For big interface changes, bounce the client anyway

Front an untrusted upstream MCP with sanitization

👤 Security-conscious admins running community MCPs ⏱ ~15 min intermediate

Когда использовать: You want to try a community MCP but want belt-and-suspenders input guards.

Поток

Enable sanitization

Configure 1mcp agent to enable input sanitization on upstream 'community-x', block any tool returning an oversized payload.✓ Скопировано

→ Limits applied
Verify

Call a tool from that upstream and confirm sanitization log entries.✓ Скопировано

→ Log shows sanitized call

Итог: A safer blast radius when experimenting with community tools.

Комбинации

Сочетайте с другими MCP — эффект x10

agent + proxy-2

Compare feature-heavy 1mcp vs minimal tbxark/mcp-proxy

Run both 1mcp/agent and tbxark/mcp-proxy on the same host and compare tool-call latency through each.✓ Скопировано

agent + jetski

Stack analytics on top of 1mcp

Run 1mcp/agent behind Jetski to get both OAuth and prompt-level analytics.✓ Скопировано

Инструменты

Что предоставляет этот MCP

Инструмент	Входные данные	Когда вызывать	Стоимость
list_tools	(none)	Handshake — handled by clients	free
call_tool	name, args	Any invocation	1 upstream call
mcp_add	name, command, args	Add a new upstream dynamically (admin-only)	free

Стоимость и лимиты

Во что обходится

Квота API: None of its own; bounded by upstream quotas
Токенов на вызов: Small proxy overhead
Деньги: Free, MIT
Совет: Enable audit only on write-capable upstreams — read-only logs fill disk fast for no benefit.

Безопасность

Права, секреты, радиус поражения

Минимальные скоупы: OAuth client config + upstream server credentials

Хранение учётных данных: Env vars and config file; use a secret manager for production

Исходящий трафик: Agent forwards to configured upstreams only

Никогда не давайте: admin scope to end users — reserve for platform team

Rotate audit logs — long-running agents accumulate GB of tool-call history.
OAuth scopes are only as safe as your IdP group mapping; audit who's in which group quarterly.

Устранение неполадок

Частые ошибки и исправления

Hot reload didn't pick up my config change

Check the file watcher has permission on the mounted dir (Docker bind mounts on macOS can miss events). Fall back to SIGHUP.

Проверить: docker exec agent kill -HUP 1

OAuth token rejected

Scope claim doesn't map to any configured scope. Check agent logs for the claim and align config.

Проверить: Decode JWT at jwt.io

Upstream MCP fails health check

Run the upstream command manually to see its stderr. Agent logs only report exit code.

Проверить: docker exec agent sh -c '<upstream command>'

Tool list empty for a user

That user's scopes don't match any tool's required scope tags.

Проверить: Check scope mapping in config vs JWT claims

Альтернативы

agent в сравнении

Альтернатива	Когда использовать	Компромисс
tbxark/mcp-proxy	You want a minimal Go binary without OAuth	No auth, no hot-reload, no scopes
Jetski	You want full analytics dashboards and DCR	K8s + Postgres infrastructure required

Ещё

Ресурсы

📖 Читать официальный README на GitHub

🐙 Открытые задачи

🔍 Все 400+ MCP-серверов и Skills