managed-agent-control-mcp
Start, observe, and interact with Claude Managed Agents from any MCP client — launch an agent, watch its events, reply, approve the tools it wants to run, and stop it. Runs over stdio, HTTP, or AWS Lambda with pluggable auth.
README
managed-agent-control-mcp
Start, observe, and interact with Claude Managed Agents from any MCP client (Claude.ai, Claude Code, Cursor, mcp-remote, your own agent, …).
Claude Managed Agents run on Anthropic's platform — each is an agent definition
(model, system prompt, tools, skills) that executes inside a sandbox environment.
This MCP server puts a remote control on those agents: connect it to any MCP
client and you can launch an agent, watch what it does, reply to it, approve the
tools it wants to run, and stop it. Claude.ai is the showcase client (do it all
from a normal conversation), but the same tools work from Claude Code, Cursor,
mcp-remote, the MCP Inspector, or a custom MCP client. It is the runtime
companion to the Terraform provider
that defines agents declaratively.
It runs as a local stdio server, a generic HTTP container, or on AWS Lambda, with pluggable inbound auth (static bearer, generic OIDC, or an AWS Cognito preset).
[!NOTE] This is a community project. It is not maintained by, endorsed by, or affiliated with Anthropic. The Managed Agents API is a beta API (
managed-agents-2026-04-01).
How it works
MCP client ──MCP──▶ managed-agent-control-mcp ──HTTPS (x-api-key)──▶ Managed Agents API
(Claude.ai, (this server: tools + auth) (agents run here)
Claude Code, …)
You drive a loop: discover an agent → start a session → observe by
polling events → interact (reply / interrupt / approve tools) → end.
Because MCP tool calls are request/response, observation is by polling
(session_events / session_get) — there is no live stream into the chat.
Quickstart (local, <2 min)
You need an ANTHROPIC_API_KEY with Managed Agents access and
uv.
git clone https://github.com/modus-agendi/managed-agent-control-mcp
cd managed-agent-control-mcp
uv sync
# Run the server over stdio:
ANTHROPIC_API_KEY=sk-ant-... uv run python -m managed_agents_mcp
Explore the tools interactively with the MCP Inspector:
ANTHROPIC_API_KEY=sk-ant-... npx @modelcontextprotocol/inspector \
uv run python -m managed_agents_mcp
Register it with Claude Code (a project-scoped .mcp.json is included):
claude mcp add managed-agent-control -- uv run python -m managed_agents_mcp
Once published to PyPI, you can skip the clone: uvx managed-agent-control-mcp.
Tools
| Tier | Tool | Does |
|---|---|---|
| Discover | agent_list / agent_get |
Find an agent and inspect its config |
environment_list / environment_get |
Find a sandbox environment | |
vault_list / vault_get |
Find a credential vault to attach at session_start |
|
memory_store_list / memory_store_get |
Find a persistent memory store | |
| Start | session_start |
Create a session and (optionally) send the first instruction |
| Observe | session_get |
Status (idle/running/…) + token usage |
session_list |
List sessions | |
session_events |
Poll the agent's output/activity (cursor + type filter) | |
| Interact | session_message |
Send a message / continue a turn |
session_interrupt |
Stop or redirect a running agent | |
session_respond |
Approve/deny a tool the agent is waiting on | |
| Destructive 🔒 | session_archive / session_delete |
Archive (keep history) or delete |
See docs/tools.md for every argument and return shape.
Configuration
Only ANTHROPIC_API_KEY is required for local use. Full reference in
docs/configuration.md.
| Env var | Purpose |
|---|---|
ANTHROPIC_API_KEY |
Required. Operator key the server acts with. |
ANTHROPIC_BASE_URL |
Override the API base URL (gateways/testing). |
MCP_AUTH_MODE |
Inbound auth for HTTP: bearer, oidc, cognito (comma-separated to combine). |
MCP_BEARER_TOKEN |
Shared token for bearer mode. |
MCP_OIDC_ISSUER / MCP_OIDC_JWKS_URL / MCP_OIDC_AUDIENCE |
JWT verification for oidc/cognito. |
MCP_ALLOWLIST_AGENTS_ACTIVE |
true activates the agent allowlist (default off → all agents allowed). |
MCP_ALLOWED_AGENT_IDS |
Agents session_start may launch when the allowlist is active. |
MCP_ALLOW_DESTRUCTIVE |
false disables archive/delete. |
Authentication
There are two auth layers (kept separate by design):
- Outbound — how this server calls Anthropic: your
ANTHROPIC_API_KEY. - Inbound — how MCP clients authenticate to this server. Pluggable and
required for any HTTP deployment:
- bearer — a shared static token. Simplest; works with Claude.ai connectors and
mcp-remote. - oidc — verify JWTs from any OIDC provider (Auth0, Okta, Keycloak, Entra, Cognito).
- cognito — the OIDC verifier plus the hosted-UI OAuth facade Cognito needs.
- bearer — a shared static token. Simplest; works with Claude.ai connectors and
Setup and Claude.ai connector onboarding: docs/authentication.md.
[!WARNING] Never expose an HTTP deployment without an inbound auth mode set. Anyone who passes inbound auth can drive your Anthropic key — scope the key and use the guardrails.
Deployment
| Target | How |
|---|---|
| Local (stdio) | uv run python -m managed_agents_mcp |
| Container (HTTP) | docker build -f deploy/Dockerfile -t macmcp . && docker run -p 8000:8000 … |
| AWS Lambda | Self-contained Terraform module in deploy/aws-lambda/ |
Details: docs/deployment.md.
Documentation
- Configuration — every env var + guardrails
- Authentication — bearer / OIDC / Cognito + Claude.ai setup
- Deployment — local, container, Lambda
- Architecture — module map, the two auth layers, the polling model
- Tools — full tool reference
- Examples — end-to-end deployment walkthroughs (host + OAuth provider)
Contributing
Contributions welcome — see CONTRIBUTING.md and the Code of Conduct. Found a security issue? See SECURITY.md.
License
MIT — see LICENSE. Maintained by Andrei Svirida.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.