MCP Services

The Intelligence Hub acts as an MCP Server, exposing MCP Services that AI Agents can use to access industrial data, execute operations and perform configuration and troubleshooting. This section covers how to enable MCP, and the different MCP Tools the hub exposes.

Enable the MCP Server

The MCP server is enabled under the REST Data Server options. To enable MCP do the following:

  1. Enable the REST Data Server
  2. Enable the MCP Server

Enable MCP Server

The MCP server supports the Streamable HTTP protocol, and adheres to the 2025-03-26 revision of the MCP specification.

MCP Services

The MCP Services tab provides a view of all the MCP Tools configured in the project. Tools that are active and enabled are shown in green. Tools that are disabled are shown as grayed out. Clicking a tool shows the tool description. Clicking the View button on a tool takes you to the project configuration for the tool.

MCP Services

Pipelines

Pipelines allow you to build custom MCP tools that can access industrial data or perform operations. Each Pipeline with an API Trigger is shown as a tool under Pipelines in the MCP Services view. The pipeline name, description, and parameters are included as context to the AI Agent.

In this way, think of the pipeline description field as part of prompt engineering, where you’re instructing the LLM when and how to best use a tool. As an example, a tool description like “call this to create a work order” is very little context. But something more verbose like “call this to create a maintenance work order when you think work needs to be performed on a machine. Make sure you always include the machineID of the machine that needs the work and a verbose message on what work needs to be done and why you think it needs to be done” will likely yield better results. Prompt engineering is not a science, but generally the more context the better.

In addition to the API Trigger, Pipelines must also include a return stage to return a response to the AI Agent during a tool call.

Connections

Currently OPC UA, MQTT support out-of-the-box tools for basic data discovery and read-only operations. These tools are generally not meant to be used in production, as they provide broad and read-only access to the data sources. However they are useful when using a chat bot or AI Agent to ask questions of the data. To enable these tools, navigate to the Connection Settings for the connection and enable the Enable MCP Tools option.

The MCP Client Connection also supports the Enable MCP Tools option. When enable this connection includes all the tools provided by the underlying MCP Server it’s connected to.

Configuration

Configuration tools are currently not shown in the MCP Services tree. These tools can be enabled by going to the REST Data Server and enabling the MCP Configuration Tool option.

The current release supports tools for creating and editing Pipelines, including tools to get the Pipeline JSON Schema, get example Pipelines, and Create, Read, and Edit Pipelines. These tools allow AI Agents to build Pipelines from human language. A few things to note when using these tools:

  1. Currently the tools don’t know about Connections, Inputs, and Outputs. You must provide the Connection and Input name for example when asking to read a data source
  2. The tools don’t know about output settings. For example, when asking for the Pipeline to write to S3 with a given bucket name, you need to provide an example of the output settings/JSON for the tool to create a correct Write New stage

In general these tools get you 60-80% of the way to building the Pipeline, and are good for making edits to existing Pipelines. We’ll continue to enhance these tools and provide additional context in future releases.

Connecting MCP Inspector

MCP Inspector is an open source tool used to connect to an MCP Server and view tools. To test using MCP Inspector do the following:

  1. Follow the instructions here to launch MCP Inspector https://modelcontextprotocol.io/docs/tools/inspector
  2. Change the Transport Type to Streamable HTTP
  3. Change the URL port to 45345 (default port for our MCP server)
  4. Append /mcp to the URL, after the port
  5. Expand Authentication and copy in the bearer token created (see REST Data Server) for details on creating the token
  6. Click Connect
  7. Click List Tools
  8. You should see all the pipelines with API Triggers enabled and the parameters for each API Trigger

MCP Inspector Example

Tool Refresh

For now, the MCP server refreshes it’s tools list any time a client requests new tools. You can generally force this by one of the following:

  1. Restart the MCP server (toggle off/on). This will force clients to reconnect and re-request tools
  2. Restart the MCP Client (or agent)
  3. Prompt the agent/LLM to refresh

MCP does support a way to notify clients of tool changes, but this currently isn’t supported given that most clients don’t support it either. In general, tool changes only occur during development, and should be rare in production workflows.

Access Control

The MCP Server uses the existing roles and claims system to manage agent access.

The following table lists the MCP claim components required for each type of tool category. Use these when assigning roles/claims to users or API keys.

Tool Category Resource Actions
Pipeline pipeline read, execute write
Connection connection read, execute read, execute write
Config pipeline read, create, update

User and API Key Setup

A new user can be created and assigned the appropriate roles and claims for MCP access. An API Key can be generated for this user, which can be used as a Bearer token to authenticate requests to the MCP Server. See REST Data Server for details on creating the API Key.

Additional information on managing users, roles, and claims is available in the Users and Roles documentation.

Example

Suppose you want an agent to only have access to a specific MQTT Connection you configured. Tag-based access control enables this restriction:

  1. Create a tag (see Tagging for details) and assign it to the specific MQTT connection
  2. Define a role with a claim that specifies the required resources, actions, and tags
  3. Assign the role to a user
  4. Generate an API key for the user and use it as a Bearer Token for MCP Client authentication against the HighByte MCP Server

Access Control Example