Skip to main content

Plugged.in MCP Proxy

The Plugged.in MCP Proxy is your single connection point to every MCP server defined in your Plugged.in workspace. It pulls configuration from the Plugged.in API, normalises capability names, and adds knowledge-base and notification tooling so any MCP client can act on your data.
Use the proxy when you want Claude, Cline, Cursor, Smithery, or any other MCP-compatible client to talk to multiple servers without bespoke configuration.

Core responsibilities

  • Fetch server definitions, instructions, and static prompts from Plugged.in using PLUGGEDIN_API_KEY.
  • Expose every discovered tool, resource, and prompt to the connected MCP client.
  • Provide Plugged.in-specific static tools—discovery, notifications, and document management—alongside downstream servers.
  • Prefix tool names with their server UUID to prevent collisions (override with PLUGGEDIN_UUID_TOOL_PREFIXING=false if required).
  • Run in STDIO mode for desktop clients or as a Streamable HTTP service for remote consumers.

Request lifecycle

1

Client request

The MCP client asks for tools/resources/prompts or invokes an operation through STDIO or HTTP.
2

Workspace lookup

The proxy validates your API key, then queries the Plugged.in API. Responses are cached for 1 second to keep calls fast while reflecting recent changes.
3

Routing

Based on the capability metadata, the proxy either calls the downstream MCP server (STDIO, SSE, Streamable HTTP) or serves a Plugged.in static tool.
4

Response shaping

Results are normalised, prefixed, and returned to the MCP client. Knowledge-base answers include document IDs and snippets; notifications include severity metadata.

Transport modes

ModeDefault portWhen to choose itCommand
STDION/AClaude Desktop, Cursor, Cline, or MCP Inspector running locally.PLUGGEDIN_API_KEY=... npx @pluggedin/pluggedin-mcp-proxy
Streamable HTTP12006External deployments, remote IDEs, CI jobs, or multiple users sharing the same proxy.... --transport streamable-http --port 12006 [--require-api-auth] [--stateless]
Streamable HTTP supports session stickiness by default. Pass --stateless when you want a fresh transport per request (useful for serverless deployments). Add --require-api-auth to enforce Authorization: Bearer <PLUGGEDIN_API_KEY>.

Built-in Plugged.in tool surface

CategoryToolsNotes
Onboardingpluggedin_setupWorks without an API key to show setup, configuration, and troubleshooting help.
Discoverypluggedin_discover_toolsForces a capabilities refresh. Partial metadata is available without a key; full results require authentication.
Knowledge basepluggedin_ask_knowledge_base, pluggedin_search_documents, pluggedin_get_document, pluggedin_update_document, pluggedin_create_document, pluggedin_list_documentsRead and write documents stored in Plugged.in with full model attribution metadata.
Notificationspluggedin_send_notification, pluggedin_list_notifications, pluggedin_mark_notification_done, pluggedin_delete_notificationSend notifications (with optional email) and manage inbox state.
Every MCP server you add through the Plugged.in UI is surfaced alongside these static tools. In clients you will see them labeled with their UUID-prefixed names under the external tools section, complete with the instructions, prompts, and resources you configured in the dashboard. All other tools/resources/prompts originate from the MCP servers you register in the Plugged.in app. The proxy automatically maps UUID-prefixed tool names back to their original identifiers when forwarding requests.

Integration with the Plugged.in app

  • Create and manage servers under MCP Servers in Plugged.in; the proxy reads the API on demand.
  • The proxy sanitises environment variables and command arguments before spawning STDIO servers.
  • Server metadata includes transport type, custom headers, session IDs, and optional instructions that appear as formatted prompts in your client.
  • Knowledge-base operations respect workspace permissions, document visibility, and model attribution.

Security posture

  • API keys are validated for allowed characters before use. Invalid input fails fast.
  • Downstream HTTP URLs are checked to avoid localhost/SSRF exploits.
  • Command execution is allow-listed to frequently used binaries (node, npx, python, etc.).
  • Optional HTTP auth (--require-api-auth) ensures remote deployments stay private.
  • Set PLUGGEDIN_DEBUG=true to emit detailed logs during debugging; leave it false in STDIO mode to avoid polluting the MCP stream.

Next steps

  • Follow the Setup Guide to configure credentials and connect your clients.
  • When you are ready to deploy, use the Installation guide for CLI, pnpm, or Docker workflows.