Built-in MCP endpoint

merido exposes a small built-in Model Context Protocol server over HTTP, so an MCP-aware client can call gateway-provided tools. The headline tool is rtk_compress, which lets any agent shrink verbose tool output using merido's token-saver filters.

The endpoint

POST /mcp

It speaks JSON-RPC 2.0. The two methods you'll use are tools/list (discover available tools) and tools/call (invoke one).

tools/list

Request:

{ "jsonrpc": "2.0", "id": 1, "method": "tools/list" }

Response (abbreviated):

{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "tools": [
      {
        "name": "rtk_compress",
        "description": "Compress verbose tool output …",
        "inputSchema": {
          "type": "object",
          "properties": { "text": { "type": "string" } },
          "required": ["text"]
        }
      }
    ]
  }
}

tools/call

Request:

{
  "jsonrpc": "2.0",
  "id": 2,
  "method": "tools/call",
  "params": {
    "name": "rtk_compress",
    "arguments": { "text": "diff --git a/x b/x\n--- a/x\n+++ b/x\n…" }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": 2,
  "result": {
    "content": [{ "type": "text", "text": "<compressed text>" }],
    "structuredContent": {
      "filter": "diff",
      "original_bytes": 1640,
      "compressed_bytes": 492,
      "compressed": "<compressed text>"
    },
    "isError": false
  }
}

The rtk_compress tool

rtk_compress takes a single text string — raw tool output such as a git diff/status, grep, ls, tree, find, build logs, or numbered file reads. It auto-detects the best token-saver filter for that text and returns the compressed result along with the filter name and the original/compressed byte counts. Like the rest of the token-saver, compression never grows or empties the input — if nothing matches, it returns the original text with filter none.

Authentication

On the wide-open local default, /mcp is open like the rest of the gateway. On a hardened deploy it becomes auth-gated: when any of MERIDO_REQUIRE_API_KEY=true, a dashboard password (MERIDO_DASHBOARD_PASSWORD_HASH), or multi-tenant mode is set, /mcp requires a valid session JWT or API key (via Authorization: Bearer or X-Api-Key). See Deploy to production for the hardening checklist.

External MCP servers

Beyond the built-in tool, merido can aggregate external MCP servers and expose their tools through the same /mcp endpoint. External servers connect over stdio (a spawned child process) or HTTP (streamable JSON-RPC). Their tools are namespaced with a server:tool prefix (e.g. files:read), while the built-in rtk_compress stays bare.

Related

• Token saving — the filters rtk_compress is built on.
• Deploy to production — gating /mcp behind auth on public deploys.