Model Context Protocol (MCP) Support

Ephos provides a native bridge for the Model Context Protocol, allowing AI agents (like Claude Desktop or local LLMs) to securely access your Phantom Keys through standardized tool definitions.

What is MCP?

MCP is an open standard that enables AI models to interact with external tools and data sources. By integrating Ephos with MCP, you can give your agents specific "capabilities" (e.g., "Post to Slack" or "Query Stripe") without ever sharing the raw API keys with the model or its environment.

MCP Identity Bridge

Ephos acts as an MCP Server and delegated execution gateway. Instead of embedding raw credentials directly into local MCP configurations, agents authenticate using scoped Ephos identities while execution remains isolated behind the Ephos Enclave.

Configuration Example

Add the following to your MCP host configuration file (e.g., claude_desktop_config.json or your Cursor/VSCode settings). This runs the MCP remote bridge to establish a secure, authenticated connection to the Ephos edge:

{
  "mcpServers": {
    "ephos": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/mcp-remote",
        "https://auth.phantom-projects.com/mcp/sse",
        "--header",
        "X-Ephos-Token: ${EPHOS_TOKEN}",
        "--header",
        "X-Ephos-Secret: ${EPHOS_SECRET}"
      ],
      "env": {
        "EPHOS_TOKEN": "et_live_YOUR_TOKEN_HERE",
        "EPHOS_SECRET": "ps_live_YOUR_SECRET_HERE"
      }
    }
  }
}
        

⚠️ Fallback: If your MCP client lacks environment variable substitution, you can specify values directly in the arguments or pass credentials as query parameters: https://auth.phantom-projects.com/mcp/sse?token=et_live_...&secret=ps_live_.... However, this fallback method is deprecated and may expose credentials in intermediate proxy logs.

Fallback Mode Security

Query parameter authentication should only be used with MCP clients that lack header support. To minimize exposure risk:

Use Dedicated Tokens: Create isolated delegated identities for each MCP session.
Restrict Execution: Apply strict domain scoping and short-lived expiration windows.
Rotate Immediately: Revoke temporary identities as soon as the session ends.

How it Works

Discovery: When the agent starts, it queries Ephos for available tools.
Tool Mapping: Ephos returns a list of tools based on the Phantom Keys and Scopes associated with your token.
Execution: When the agent invokes a tool, execution is routed through the Ephos Enclave where delegated access is derived inside transient isolated memory before the outbound request executes statelessly.

Why Delegated MCP Execution Matters

Minimal Exposure: Secrets never persist on your local machine and are only derived transiently during isolated execution.
Centralized Control: Manage tool access and rotation through the Ephos Dashboard.
Full Auditing: Every MCP tool call is recorded in your Ephos Audit Logs with complete agent attribution.