Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.clarion.cantina.xyz/llms.txt

Use this file to discover all available pages before exploring further.

This guide walks you through connecting a custom MCP server to Clarion. Once connected, every tool your server exposes becomes available to Clarion agents during triage and response.
Estimated time: 2 minutes. You will need a Clarion workspace with permission to manage integrations and an MCP-compatible HTTP server that Clarion can reach over the public internet.

Prerequisites

  • A Clarion workspace with permission to manage integrations
  • An MCP server that speaks the Streamable HTTP transport and is reachable from Clarion
  • (Optional) an API key if your server requires authentication — Clarion sends it as Authorization: Bearer <key> on every request

Step 1 — Add an MCP server

  1. In Clarion, go to Settings > Integrations
  2. Scroll to the Custom MCPs section and click Add MCP Server
  3. Fill in the form:
    • Name — a short label for this server (e.g. My Security Scanner). Clarion slugifies the name and registers the server as custom-<your-slug> so it can never shadow a built-in MCP server
    • Server URL — the HTTP endpoint of your MCP server (e.g. https://mcp.example.com)
    • API key (optional) — sent as Authorization: Bearer <key> on every request to your server
  4. Click Connect
Clarion validates the connection before saving — if the server is unreachable or doesn’t speak MCP, the form surfaces the error and nothing is stored.
You can add multiple custom MCP servers to a single workspace. Each one shows up as its own card on the Integrations page.

Step 2 — Verify the tools

Once connected, the server card shows the number of tools Clarion discovered. Open the card’s View tools menu to see each tool’s name and description as advertised by your server. If you don’t see the tools you expect, double-check that your server returns them from the MCP tools/list method and that the names contain no underscores in the server segment.

What Clarion can do

After connecting, agents can:
  • Invoke any tool your MCP server exposes — Clarion forwards the call through a proxy that authenticates the agent and attaches your API key on every request
  • See tool descriptions straight from your server, so updating the description on your side is enough to update what the agent sees
Clarion does not modify or cache your tool schemas — every agent run pulls the live list from your server.

Security model

  • Your server URL and API key are stored encrypted and only decrypted server-side when a Clarion agent needs to call your server. The API key is never bundled into agent sandbox code or exposed to agent prompts.
  • Requests from Clarion agents are proxied through Clarion’s backend — your server only ever sees traffic from Clarion’s IPs, never from the agent sandbox directly.
  • Clarion validates the upstream URL before each call to prevent SSRF against internal addresses.
  • Treat the tools your MCP server exposes as attacker-controlled input to Clarion agents. Tool descriptions and outputs can contain instructions — Clarion already redacts secrets in transcripts, but only connect servers you trust.

Remove an MCP server

To remove a server:
  1. Open Settings > Integrations in Clarion
  2. Find the server card under Custom MCPs
  3. Click the menu () and choose Remove
  4. Confirm the dialog
Removing a server deletes its stored URL and API key from Clarion immediately and revokes agent access to its tools. Anything your server already did on Clarion’s behalf stays in place — only the connection is removed.