Cloud MCP
Cross-team MCP via SSE with bearer-token auth. Shared decisions and pgvector RAG. Team or higher tier required.
Cloud MCP
The Cloud MCP server extends the local MCP surface (decisions, journals, search) across team members. It speaks the MCP protocol over SSE with bearer-token auth and persists shared context to a Postgres-backed pgvector store.
Cloud MCP requires the Team tier or higher. The local MCP server (stdio) is available on every tier including Free.
Endpoint
| Deployment | Endpoint |
|---|---|
| Vupt SaaS | https://mcp.vupt.dev/v1/sse |
| Self-hosted | https://{your-host}/v1/mcp/sse |
Auth
Same Bearer token as the REST API. Token scopes determine which tools the agent can call:
| Scope | Allowed tools |
|---|---|
mcp:read | search_decisions, list_squads, read_journal |
mcp:write | log_decision, write_journal |
mcp:admin | manage shared workspaces |
Configuring an agent
Most MCP-aware agents take a JSON config with the SSE endpoint:
{
"mcpServers": {
"vupt-cloud": {
"type": "sse",
"url": "https://mcp.vupt.dev/v1/sse",
"headers": {
"Authorization": "Bearer ${VUPT_TOKEN}"
}
}
}
}Shared decisions
vupt.search_decisions queries the team's shared pgvector store. Per-project ACLs apply: an agent only sees decisions for projects the calling user has access to. The decision payload includes the original prompt context, the chosen path, and the reasoning — so future agents can grep history before re-deciding.
Throughput
The Cloud MCP supports up to 200 concurrent SSE connections per workspace on Team, 1,000 on Business, and is sized per-customer on Enterprise. Connections that idle for >5 minutes are recycled.
Security
All traffic is TLS 1.3. The SSE handler authorizes every event against the user's scopes. A failing authorization closes the SSE stream with event: error and a problem-details payload. No data is shared across workspaces — pgvector queries are scoped to the workspace at the SQL level (WHERE workspace_id = $1), not in application code.