> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ironclaw.com/llms.txt
> Use this file to discover all available pages before exploring further.

# MCP Servers

> Connect Model Context Protocol servers to extend IronClaw

IronClaw can connect to any [Model Context Protocol (MCP)](https://modelcontextprotocol.io/) server and expose its tools to the agent. MCP is an open standard for tool servers, with a growing ecosystem of pre-built servers covering databases, APIs, cloud services, and more.

<Info>
  IronClaw connects to MCP servers over **HTTP transport** using JSON-RPC 2.0. The `stdio` transport (subprocess pipes) is not yet supported.
</Info>

***

## Add a Server

To add a MCP server you can either directly request your agent to use it, or configure it via CLI:

```bash theme={null}
ironclaw mcp add <server_name> <server_url>
```

***

## Authentication

If your MCP server requires authentication, use the following command:

```bash theme={null}
ironclaw mcp auth <server_name>
```

***

## Listing Available MCP Servers

Once connected, MCP tools appear in the agent's tool list alongside built-in tools. You can see them:

```bash theme={null}
# Via CLI
ironclaw mcp list
```

***

## Removing an MCP Server

Remove a server with:

```bash theme={null}
ironclaw mcp remove <server_name>
```

***

## WASM vs MCP: When to Use Each

| Consideration            | WASM                                                     | MCP                                                |
| ------------------------ | -------------------------------------------------------- | -------------------------------------------------- |
| **Isolation**            | Strong — wasmtime sandbox, fuel metering, memory limits  | Weaker — separate process, but no wasmtime sandbox |
| **Credential injection** | Proxy-level injection, WASM module never sees raw tokens | MCP server manages its own auth                    |
| **Network control**      | Domain allowlist via `capabilities.json`                 | MCP server controls its own network access         |
| **Ecosystem**            | Custom-built                                             | Large existing ecosystem (databases, APIs, cloud)  |
| **Language**             | Any `wasm32-wasi` target                                 | Any language                                       |
| **Startup cost**         | Module compilation on first load (then cached)           | External process must already be running           |
| **Best for**             | Custom integrations where isolation is critical          | Leveraging existing MCP servers                    |

<Note>
  For integrations that handle sensitive credentials or untrusted external data, prefer WASM tools. The network proxy and credential injection model give you stronger isolation guarantees than an MCP server running as a separate process.
</Note>