MCP Server Configuration
Each MCP server is defined as a named section under [mcp] in config.toml.
Config Format
toml
[mcp.<server-name>]
command = "<executable>"
args = ["arg1", "arg2", ...]| Key | Type | Default | Description |
|---|---|---|---|
command | string | โ | Executable or script to launch the MCP server |
args | array | [] | Arguments passed to the command |
Discovery Process
- For each
[mcp.*]section, spawn the process with the configured command and args - Initialize the JSON-RPC connection (protocol handshake)
- Call
tools/listto enumerate available tools - Wrap each tool's name, description, and input schema as a native Tool
- Log any errors per-server without failing globally
Examples
Filesystem Access
toml
[mcp.filesystem]
command = "npx"
args = ["-y", "@anthropic/mcp-filesystem", "/home/user/projects"]Web Search
toml
[mcp.brave-search]
command = "npx"
args = ["-y", "@anthropic/mcp-brave-search"]Custom Python Server
toml
[mcp.my-server]
command = "python3"
args = ["/path/to/my_mcp_server.py"]Stderr Logging
MCP server stderr output is captured and logged by aidaemon for debugging. Check the daemon logs if a server isn't working.
Threat Detection
aidaemon performs audit-only threat detection on MCP tool calls. Suspicious patterns are logged but do not block execution.
Suspicious Argument Patterns
- File access:
/etc/passwd,/etc/shadow,.ssh/,.env - Config/secrets:
config.toml,aidaemon.db,api_key,bot_token,encryption_key - Network:
curl,wget,nc,base64 - Code execution:
eval(,exec(,| sh,| bash - Destructive:
; rm,chmod 777
Suspicious Output Patterns
- Potential API keys:
sk-,ghp_prefixes - Private keys:
-----BEGIN,PRIVATE KEY - Sensitive terms:
password,bot_token
Audit Only
Threat detection is informational โ it logs warnings but does not block tool execution. Check your daemon logs for any flagged patterns.