P4A Documentation
MCP Server

Overview

What the hosted P4A MCP server is, the endpoint URL, and the streamable-HTTP transport an agentic client uses to connect.

Overview

P4A runs a hosted MCP server — a single HTTPS endpoint that any MCP-aware client can connect to. Once connected, an agentic client such as Claude Code, Codex CLI, or Gemini CLI can search the policy catalog, read the documentation, track deployments, and — if you grant it write access — submit and deploy policies and manage your workspaces, all as you.

There is nothing to install or run locally: the server is hosted by P4A. To connect, a client needs two things:

  1. The endpoint URL.
  2. A personal access token (PAT) to authenticate as you.

The MCP server is just one consumer of your personal access token. The same token authenticates direct API calls and scripts. See Personal access tokens for how tokens, scopes, and revocation work.

Endpoint

The server lives at the /mcp path on the portal origin:

https://www.p4a.dev/mcp

If you reach P4A on a different host (for example a staging or preview deployment), use that host with the /mcp path appended — the server is mounted at /mcp on whichever origin serves the portal.

The transport is streamable HTTP: clients send requests with an HTTP POST, and authenticate with a standard bearer header:

Authorization: Bearer <your-token>

A request with a missing, revoked, or expired token is rejected. What the token can then do is governed by its scopes — see Connecting a client to mint a token and wire up your client, and What the client can do for the full tool list.

Next steps

On this page