External tool servers
External tool servers extend the catalog with tools the platform itself does not implement. Each server speaks JSON-RPC 2.0, declares the tools it offers, and runs them on its own infrastructure. The chat handler discovers the server's tools at the start of every session, merges them into the catalog with a name prefix, and dispatches calls to the server when the model uses one of the discovered names.
Overview
- Wire protocol
- JSON-RPC 2.0 over HTTPS
- Client library
src/lib/mcp-client.ts- Methods used
initialize, notifications/initialized, tools/list, tools/call- Tool naming
- Server prefix + originalName
- Cache lifetime
- 10 minutes per (server, workspace)
- Authentication
- Bearer token, custom header, or URL-embedded scoping
- Per-user scoping
- Workspace code substituted into URL or header at call time
External tool servers are how the catalog grows without shipping new code. A server is anything that speaks the protocol. It can be hosted by us, by a vendor, or by the user. Every server registers a prefix; every tool it returns shows up under that prefix in the merged catalog. The platform does not need to know what the tool does until the model asks for it.
What an external tool server is
A small, focused HTTP endpoint that exposes one or more tools.
An external tool server is a service that answers four JSON-RPC methods. initialize negotiates the protocol version and exchanges capabilities. tools/list returns the schemas the server makes available. tools/call executes a named tool with the provided arguments and returns a result. notifications/initialized is a fire-and-forget signal that the handshake is complete.
The server holds its own state, knows how to call the upstream provider it wraps, and is responsible for its own authentication with that provider. The platform's job is to discover what the server offers, hand the catalog to Claude, and route calls back.
Server registration
A server is registered with a config object stored in env or in a per-workspace table.
Handshake
Three calls at the start of a session, run once and cached.
Mcp-Session-Id header on the initialize response is preserved across subsequent calls. Servers that maintain stateful sessions rely on it; stateless servers can ignore it.Tool discovery
The catalog is merged at the start of every turn.
Discovery is cached for ten minutes per (server, workspace). If a server adds or removes tools during the cache window, the change does not surface until the cache expires or the user reconnects the integration. This is a deliberate trade-off: live discovery on every turn would balloon latency for sessions that touch a dozen servers.
Execution
A tool call is routed back to the originating server with the original tool name.
Authentication
Three patterns cover every server we register.
| Pattern | When to use it | Header set |
|---|---|---|
| Bearer | Server owns the credential, one token per server | Authorization: Bearer <token> |
| Custom header | Server expects a vendor specific header | The header name configured, value from env |
| URL-embedded scoping | Server scopes by URL path or query, no extra header | None beyond content-type |
Per-user scoping
The same server can return a different tool catalog to different users.
Some servers expect a per-user identifier in the URL so the discovery response only includes tools that the connected user has authorised. The platform substitutes the workspace code into the URL at discovery and execution time. The result is that two users who hit the same server see different tool sets, depending on which apps they have connected through the upstream provider's OAuth flow.
Discovery cache
A small TTL cache keeps the merge fast.
| Property | Value |
|---|---|
| Cache key | (server name, workspace code) |
| TTL | 10 minutes |
| Invalidation | User reconnects an integration, server returns a 401, or admin clears the cache |
| Cold start cost | One full handshake per server on the first turn |
| Warm cost | Local map lookup, no network |
Available integrations
The external surface that ships today. Each block shows the upstream service and the kind of work routed through it.







Microsoft


Communications





CRM and outreach





Data and workflow







Operations





Limits and errors
What goes wrong and how the platform handles it.
| Condition | Platform behaviour |
|---|---|
| Server returns 401 or 403 | Cache is invalidated, tool is dropped from the next merge, user is prompted to reconnect |
| Server returns 5xx | The call is retried once with exponential backoff, then surfaced to the model as a tool error so it can decide what to do |
| Server times out | 30 second cap by default. Hard timeout; the tool result reads as a transient error. |
| Schema is malformed | Tool is dropped from the merge with a warning logged. Other tools from the same server still load. |
| Server is unreachable | All tools from that server are skipped for the current turn. Future turns retry on the cache TTL. |
File map
Glossary
- External tool server
- An HTTPS endpoint that answers initialize, tools/list, and tools/call. Provides tools the platform itself does not implement.
- Tool prefix
- The short string prepended to every tool name the server returns. Used to route calls back to the originating server.
- Workspace code
- The per-user identifier substituted into a server URL or header so the server can scope its catalog to that user's connected apps.
- Discovery cache
- A 10-minute TTL cache keyed by (server, workspace) that stores the schemas returned by tools/list.
- Handshake
- The three-step sequence (initialize, notifications/initialized, tools/list) run once per cache window to learn what a server offers.
- Session id
- The opaque identifier returned in the Mcp-Session-Id header on initialize. Preserved across subsequent calls for servers that need it.