Quick Start: Add from Registry
The easiest way to get started is using the built-in registry. Type/mcp in droid and select “Add from Registry” to browse 40+ pre-configured servers:
Select a server from the list, authenticate if required (most HTTP servers support OAuth—just follow the browser prompt), and the server is ready to use.
Interactive Manager (/mcp)
Type /mcp within droid to open the interactive MCP manager. From here you can:
- Browse servers - See all configured servers and their connection status
- View tools - Inspect what tools each connected server provides
- Enable/disable - Temporarily disable servers without removing them
- Authenticate - Connect to OAuth-enabled servers via browser
- Clear auth - Remove stored credentials for a server
- Add from registry - One-click setup for popular MCP servers
- Remove servers - Delete user-configured servers
Adding Servers via CLI
For scripting and automation, usedroid mcp add. Droid supports three transports: http (Streamable HTTP — the current MCP standard, which uses SSE internally to stream responses), sse (the legacy standalone HTTP+SSE transport, for older servers), and stdio (local processes).
Adding HTTP Servers
HTTP servers are remote MCP endpoints - the recommended way to connect to cloud services and APIs. Syntax:name- Unique server identifierurl- HTTP/HTTPS URL of the MCP server--type http- Required flag to specify HTTP transport--header "KEY: VALUE"- HTTP headers for authentication (can be used multiple times)
Popular HTTP MCP Servers
Development & Testing
Sentry - Monitor errors, debug production issuesProject Management & Documentation
Notion - Read docs, update pages, manage tasksPayments & Commerce
Stripe - Payment processing and subscriptionsDesign & Media
Figma - Generate code with Figma contextInfrastructure & DevOps
Netlify - Create, deploy, and manage websitesAdding SSE Servers
sse is the legacy HTTP+SSE transport (MCP protocol version 2024-11-05), which exposes a standalone Server-Sent Events endpoint. It was superseded by Streamable HTTP (--type http), which already streams over SSE internally — so prefer http and reach for sse only when a server offers just the older standalone SSE endpoint. Arguments mirror HTTP servers; only --type changes.
Syntax:
Adding Stdio Servers
Stdio servers run as local processes on your machine - ideal for tools that need direct system access. Syntax:name- Unique server identifiercommand- Command to start the server (quote if it contains spaces)--env KEY=VALUE- Environment variables (can be used multiple times)
Popular Stdio MCP Servers
Airtable - Read/write records, manage bases and tablesRemoving Servers
Remove a server from your configuration:Managing Servers
Type/mcp within droid to open an interactive UI for managing MCP servers.
- See all configured servers with status
- View all tools provided by each server
- Authenticate remote servers that require OAuth authentication
- Add/remove and enable/disable servers
Configuration
MCP server configurations are loaded from local files at the following levels:
Organization administrators can also centrally provide servers and restrict which ones are allowed via organization-managed settings (see Enterprise MCP policy).
How Layering Works
When the same server is defined at multiple levels, user config takes priority, followed by folder-level config, then project config. Key behaviors:- When you enable/disable a project-defined server, a copy is saved to your user config with the new state. The original project config remains unchanged, so your teammates aren’t affected.
- Project servers cannot be removed via CLI or the
/mcpUI. To remove them, edit.factory/mcp.jsondirectly. - Servers you add via
droid mcp addor the registry always go to your user config.
OAuth Tokens
OAuth tokens are stored globally in your system keyring (or fallback file), not per-project. If you authenticate with a server in one project, you’re authenticated everywhere that server is configured. To clear authentication for a server, use the/mcp interactive manager and select “Clear Auth”.
Configuration Schema
Each server entry includes:
For stdio servers:
- command: Executable to run
- args: Command-line arguments (array)
- env: Environment variables (object)
- url: HTTP/HTTPS endpoint URL
- headers: HTTP headers for authentication (object)
- oauth: OAuth overrides for this server (object), or
falseto disable OAuth entirely
OAuth Overrides
For most remote servers, OAuth works with zero configuration: droid discovers the authorization server, registers a client automatically via Dynamic Client Registration (DCR), and uses Factory’s published client metadata when the server supports Client ID Metadata Documents (CIMD). Prefer these defaults. Only setoauth overrides when a provider requires a custom trust or compatibility policy.
The oauth object on an http or sse server supports:
Constraints:
clientMetadataUrlmust be an HTTPS URL with a non-root path and no credentials, query string, fragment, or dot segments.clientMetadataUrlis mutually exclusive withclientId/clientSecret: a metadata document is the client identity, so pre-registered credentials cannot be combined with it.clientMetadataUrldescribes a public client, sotokenEndpointAuthMethodmust be"none"(or omitted) when it is set.clientId/clientSecretrequireauthorizationServerIssuerto be set.
"none" when an authorization server advertises confidential methods but your deployment requires a public client flow:
mcp.json:
Variable expansion
Droid expands${VAR} and ${VAR:-default} references in mcp.json against your current shell environment when the configuration is loaded. This lets you keep secrets out of the file itself and source them from a secret manager, .env loader, or your shell profile.
Variable expansion is supported in:
commandandargsentries for stdio serversenvvalues for stdio serversurlfor http serversheadersvalues for http servers
${VAR:-fallback} to provide a safe default.
The raw
mcp.json file is never rewritten with expanded values — expansion happens in memory at load time, so secrets stay out of disk and version control.Per-tool filtering
Servers can expose many tools, and not all of them need to be loaded into every session.enabledTools and disabledTools let you trim the tool surface persistently in mcp.json, mirroring the --enabled-tools / --disabled-tools flags available on droid exec.
disabledTools: blocklist — every tool the server reports is loaded except the listed names.enabledTools: allowlist — only the listed tools are loaded.- If both are set,
enabledToolstakes precedence anddisabledToolsis ignored. - Filtered-out tools are never registered with the model, so they don’t consume context tokens.
MCP call timeout
By default, droid applies a global timeout to every MCP tool invocation. Long-running tools (large data exports, browser automations, model-backed servers) can exceed this default and fail with a timeout error. Override the timeout per server withtimeoutMs:
mcp.callTimeoutMs setting in settings.json:
- Per-server
timeoutMsinmcp.json - Global
mcp.callTimeoutMsinsettings.json - Built-in default
Increasing the timeout only changes how long droid waits for a response — it does not extend any timeouts enforced by the MCP server itself or its upstream APIs.
Per-droid server selection
Custom droids can select which configured MCP servers they’re allowed to use via themcpServers field in their frontmatter. This scopes a subagent to specific servers (e.g., mcpServers: ["linear", "github"]) instead of inheriting every server in the session. For finer-grained control, a droid’s tools list can name exact registered MCP tool IDs. See Selecting MCP servers for details.
Enterprise MCP policy
Organizations can centrally control which MCP servers are allowed via themcpPolicy setting in org-managed settings. This lets administrators restrict MCP access at the org level so users can only connect to vetted servers.
Example org-managed settings:
mcpPolicy is an enterprise/org-level setting and is enforced through managed settings — individual users cannot override it. Servers disallowed by policy remain in mcp.json and are still loaded into your configuration, but they are filtered out from running or connecting and do not appear as available in the /mcp manager.MCP autonomy URL overrides
Administrators can assign a default autonomy risk level to remote MCP servers by URL with themcpAutonomyUrlOverrides org-managed setting, controlling how much confirmation a matching server’s tools require before Droid runs them.
Each rule maps a URL pattern to a risk level:
Example org-managed settings:
Matching and precedence
- Remote servers only. Rules match remote servers that have a URL (
httpandssetransports); localstdioservers are unaffected. - First match wins. Rules are checked in order, so list them most-specific first.
- Safety floor. A rule sets a tool’s risk classification, not an absolute prompt:
high-classified tools still follow the normal Autonomy Level comparison (High autonomy runs them without an extra prompt unless another safety check intervenes). The floor is one-directional —lowormediumcannot pull a tool that isn’t read-only (destructive, or missing safety metadata) belowhigh, so you can relax confirmation for read-only tools but never auto-approve destructive ones. - Fallback. Servers with no matching rule use Droid’s built-in tool risk classification (read-only hints and curated defaults).
mcpAutonomyUrlOverrides is admin-managed (MDM): it is delivered through org-managed settings and users cannot override or weaken it.