Skip to main content
The Matcher MCP server exposes Matcher’s reconciliation surface as Model Context Protocol tools, so an AI assistant — or any MCP client — can operate Matcher on your behalf: inspect contexts, start reconciliation runs, work exceptions, and pull reports, all with the same permissions you already have.
Matcher is only available if you’ve acquired the Matcher product. Want access? Get in touch with our team to learn more.

How it connects


The server speaks Streamable HTTP. It runs as its own service alongside the Matcher API and exposes a single MCP endpoint (POST /mcp) plus a plain liveness probe (GET /healthz). There is no stdio transport: every client connects to it as a remote server over the network. Point any Streamable-HTTP MCP client at the endpoint your platform team provides and send your Matcher bearer token on the connection. For example, with Claude Code:
claude mcp add --transport http matcher https://your-matcher-mcp.example.com/mcp \
  --header "Authorization: Bearer <matcher-jwt>"
For local development, the relay is also published as a public npm package — start it pointed at your Matcher API and connect to http://localhost:4019/mcp:
MATCHER_API_URL=https://your-matcher-api npx @lerianstudio/matcher-mcp
Any MCP client that supports Streamable HTTP works the same way: give it the URL and the Authorization: Bearer <matcher-jwt> header.

Auth posture


The server is a stateless credential relay — it adds no identity of its own:
  • Your token, relayed verbatim. The client sends the same Matcher JWT you’d use against the API directly (issued by your Access Manager). The server forwards it to the Matcher API on every tool call and never logs, stores, or echoes it.
  • Fail-closed. A tool call arriving without a bearer token is rejected before any request reaches Matcher. There is no anonymous or default-tenant fallback.
  • Tenant follows the token. No tool accepts a tenant parameter; Matcher resolves your tenant entirely from the relayed JWT, so the MCP surface can never cross tenant boundaries.
  • No session state. Each request builds a fresh in-memory server, so the relay can be scaled and restarted freely.
To verify your client is wired correctly, call the mcp_whoami tool after connecting — it reports only whether the credential arrived, never its value.

What you can do with it


The server exposes curated tool families covering configuration, reconciliation runs, exceptions and disputes, ingestion, and reporting, plus a generic escape hatch over the full Matcher API. See Matcher MCP tools for the catalog.