cyberstrike mcp configures and authenticates Model Context Protocol servers. MCP servers expose additional tools and data sources to CyberStrike agents. Servers can be local processes or remote HTTP endpoints.
cyberstrike mcp <subcommand>
Subcommands
| Subcommand | Aliases | Description |
|---|
cyberstrike mcp add | | Add a new MCP server (interactive) |
cyberstrike mcp list | ls | List configured servers and their status |
cyberstrike mcp auth [name] | | Authenticate with an OAuth-enabled MCP server |
cyberstrike mcp auth list | auth ls | List OAuth-capable servers and their auth status |
cyberstrike mcp logout [name] | | Remove stored OAuth credentials for a server |
cyberstrike mcp debug <name> | | Debug OAuth connection for a server |
cyberstrike mcp add
Interactively adds an MCP server to your configuration. The command writes the entry to either the current project config or the global config depending on your selection.
The wizard asks for:
- Location — project (
cyberstrike.json) or global config.
- Name — identifier for the server (used in all other
mcp subcommands).
- Type —
local (run a local command) or remote (connect to a URL).
Local server
For a local server you provide the full command to run (space-separated). The configuration written to cyberstrike.json is:
{
"mcp": {
"filesystem": {
"type": "local",
"command": ["npx", "-y", "@modelcontextprotocol/server-filesystem", "/"]
}
}
}
Remote server
For a remote server you provide the URL and optionally configure OAuth.
{
"mcp": {
"my-server": {
"type": "remote",
"url": "https://mcp.example.com/mcp"
}
}
}
{
"mcp": {
"my-server": {
"type": "remote",
"url": "https://mcp.example.com/mcp",
"oauth": {
"clientId": "your-client-id",
"clientSecret": "your-client-secret"
}
}
}
}
{
"mcp": {
"my-server": {
"type": "remote",
"url": "https://mcp.example.com/mcp",
"oauth": false
}
}
}
cyberstrike mcp list
Prints all configured MCP servers with their current connection status.
cyberstrike mcp list
cyberstrike mcp ls
Connection status icons
| Icon | Status |
|---|
✓ | Connected |
⚠ | Needs authentication |
✗ | Failed or needs client registration |
○ | Not initialised or disabled |
Example output
MCP Servers
✓ filesystem connected
npx -y @modelcontextprotocol/server-filesystem /
⚠ my-server needs authentication
https://mcp.example.com/mcp
✗ broken-server failed
Connection refused
https://broken.example.com/mcp
2 server(s)
cyberstrike mcp auth
Authenticates with an OAuth-enabled remote MCP server. If name is omitted, a prompt lets you pick from the list of OAuth-capable servers.
cyberstrike mcp auth [name]
Only remote MCP servers with OAuth enabled (or not explicitly disabled) appear in the selection list.
Example
# Interactive — pick from list
cyberstrike mcp auth
# Directly authenticate a named server
cyberstrike mcp auth my-server
Client registration error
If the server requires pre-registered client credentials, the command prints guidance:
Authentication failed
Add clientId to your MCP server config:
"mcp": {
"my-server": {
"type": "remote",
"url": "https://mcp.example.com/mcp",
"oauth": {
"clientId": "your-client-id",
"clientSecret": "your-client-secret"
}
}
}
cyberstrike mcp auth list
Lists every OAuth-capable MCP server and shows its current authentication status.
cyberstrike mcp auth list
cyberstrike mcp auth ls
Auth status icons
| Icon | Status |
|---|
✓ | Authenticated |
⚠ | Token expired |
✗ | Not authenticated |
Example output
MCP OAuth Status
✓ my-server authenticated
https://mcp.example.com/mcp
⚠ another-server expired
https://another.example.com/mcp
2 OAuth-capable server(s)
cyberstrike mcp logout
Removes stored OAuth credentials for a server. If name is omitted, a prompt shows all servers with stored credentials.
cyberstrike mcp logout [name]
# Interactive
cyberstrike mcp logout
# Remove credentials for a specific server
cyberstrike mcp logout my-server
cyberstrike mcp debug
Tests the OAuth connection for a named remote MCP server and prints diagnostic information including auth status, token details, and the raw HTTP response from the server.
cyberstrike mcp debug <name>
cyberstrike mcp debug my-server
Output includes
- Server name and URL
- Current auth status (authenticated / expired / not authenticated)
- Access token prefix and expiry time
- Presence of refresh token
- Client ID and client secret expiry (if registered)
- HTTP response status from the server
WWW-Authenticate header (if present)- OAuth flow details when the server returns
401
Run cyberstrike mcp debug first when troubleshooting connection issues. It surfaces the OAuth discovery metadata and shows whether dynamic client registration will be attempted.