AdministrationSetupManaged MCP Configuration

Managed MCP configuration

Model Context Protocol (MCP) servers extend Syntic Code with tools that reach beyond the local repository, such as querying an internal issue tracker, reading a documentation store, or calling a company API. Left to individuals, MCP setup drifts: different developers wire up different servers, some point at the wrong environment, and support becomes a guessing game. Managed MCP configuration solves this by letting an administrator push a curated, uniform set of servers to every install.

Why manage MCP centrally

A central configuration means every developer has the same tools available on day one, connected to the environments you approve. It also gives you a place to review what those servers can access before they are handed out, so a risky or unvetted server never reaches the fleet. When an internal tool changes its endpoint or a server is deprecated, you update one managed definition instead of asking hundreds of people to edit their own files.

Distributing a server list

Define the approved servers in a managed configuration that Syntic Code loads alongside its settings. Each entry names the server, how to launch or reach it, and any environment it needs:

{
  "mcpServers": {
    "issue-tracker": {
      "url": "https://mcp.internal.example.com/issues",
      "headers": { "Authorization": "Bearer ${ISSUE_TRACKER_TOKEN}" }
    }
  }
}

Deliver this file through the same mechanism as your server-managed settings so it arrives automatically and is owned by an administrator rather than the user.

Controlling what developers may add

Managed MCP configuration works best alongside a policy on user-added servers. You can allow developers to register their own servers for local experimentation while keeping the managed set authoritative, or you can restrict registration entirely so only vetted servers run. Pair the server list with permission rules that govern how the agent may use each tool, and reference secrets through environment variables supplied by your secret manager rather than hard-coding tokens into the shared file.