website/docs/reference/mcp-config-reference.md
This page is the compact reference companion to the main MCP docs.
For conceptual guidance, see:
mcp_servers:
<server_name>:
command: "..." # stdio servers
args: []
env: {}
# OR
url: "..." # HTTP servers
headers: {}
# Optional HTTP/SSE TLS settings:
ssl_verify: true # bool or path to a CA bundle (PEM)
client_cert: "/path/to/cert.pem" # mTLS client certificate (see below)
# client_key: "/path/to/key.pem" # optional, when key lives in a separate file
enabled: true
timeout: 120
connect_timeout: 60
supports_parallel_tool_calls: false
tools:
include: []
exclude: []
resources: true
prompts: true
| Key | Type | Applies to | Meaning |
|---|---|---|---|
command | string | stdio | Executable to launch |
args | list | stdio | Arguments for the subprocess |
env | mapping | stdio | Environment passed to the subprocess |
url | string | HTTP | Remote MCP endpoint |
headers | mapping | HTTP | Headers for remote server requests |
ssl_verify | bool or string | HTTP | TLS verification. true (default) uses system CAs, false disables verification (insecure), or a string path to a custom CA bundle (PEM) |
client_cert | string or list | HTTP | mTLS client certificate. String = path to a PEM file containing cert + key. List [cert, key] = separate files. List [cert, key, password] = encrypted key |
client_key | string | HTTP | Path to the client private key, when client_cert is a string and the key is in a separate file |
enabled | bool | both | Skip the server entirely when false |
timeout | number | both | Tool call timeout |
connect_timeout | number | both | Initial connection timeout |
supports_parallel_tool_calls | bool | both | Allow tools from this server to run concurrently |
tools | mapping | both | Filtering and utility-tool policy |
auth | string | HTTP | Authentication method. Set to oauth to enable OAuth 2.1 with PKCE |
sampling | mapping | both | Server-initiated LLM request policy (see MCP guide) |
tools policy keys| Key | Type | Meaning |
|---|---|---|
include | string or list | Whitelist server-native MCP tools |
exclude | string or list | Blacklist server-native MCP tools |
resources | bool-like | Enable/disable list_resources + read_resource |
prompts | bool-like | Enable/disable list_prompts + get_prompt |
includeIf include is set, only those server-native MCP tools are registered.
tools:
include: [create_issue, list_issues]
excludeIf exclude is set and include is not, every server-native MCP tool except those names is registered.
tools:
exclude: [delete_customer]
If both are set, include wins.
tools:
include: [create_issue]
exclude: [create_issue, delete_issue]
Result:
create_issue is still alloweddelete_issue is ignored because include takes precedenceHermes may register these utility wrappers per MCP server:
Resources:
list_resourcesread_resourcePrompts:
list_promptsget_prompttools:
resources: false
tools:
prompts: false
Even when resources: true or prompts: true, Hermes only registers those utility tools if the MCP session actually exposes the corresponding capability.
So this is normal:
enabled: falsemcp_servers:
legacy:
url: "https://mcp.legacy.internal"
enabled: false
Behavior:
If filtering removes all server-native tools and no utility tools are registered, Hermes does not create an empty MCP runtime toolset for that server.
mcp_servers:
github:
command: "npx"
args: ["-y", "@modelcontextprotocol/server-github"]
env:
GITHUB_PERSONAL_ACCESS_TOKEN: "***"
tools:
include: [list_issues, create_issue, update_issue, search_code]
resources: false
prompts: false
mcp_servers:
stripe:
url: "https://mcp.stripe.com"
headers:
Authorization: "Bearer ***"
tools:
exclude: [delete_customer, refund_payment]
mcp_servers:
docs:
url: "https://mcp.docs.example.com"
tools:
include: []
resources: true
prompts: false
For HTTP/SSE servers that require a client certificate, set client_cert (and optionally client_key):
mcp_servers:
# Combined cert + key in a single PEM file
internal_api:
url: "https://mcp.internal.example.com/mcp"
client_cert: "~/secrets/mcp-client.pem"
# Separate cert and key files
partner_api:
url: "https://mcp.partner.example.com/mcp"
client_cert: "~/secrets/client.crt"
client_key: "~/secrets/client.key"
# Encrypted key with a passphrase (3-element list form)
bank_api:
url: "https://mcp.bank.example.com/mcp"
client_cert: ["~/secrets/client.crt", "~/secrets/client.key", "my-passphrase"]
# Custom CA bundle (private CA / self-signed server)
lab_api:
url: "https://mcp.lab.local/mcp"
ssl_verify: "~/secrets/lab-ca.pem"
client_cert: "~/secrets/lab-client.pem"
Notes:
~ expansion. Missing files fail fast at connect time with a server-scoped error message.ssl_verify: false disables server certificate verification entirely. Don't use this with real services.After changing MCP config, reload servers with:
/reload-mcp
Server-native MCP tools become:
mcp_<server>_<tool>
Examples:
mcp_github_create_issuemcp_filesystem_read_filemcp_my_api_query_dataUtility tools follow the same prefixing pattern:
mcp_<server>_list_resourcesmcp_<server>_read_resourcemcp_<server>_list_promptsmcp_<server>_get_promptHyphens (-) and dots (.) in both server names and tool names are replaced with underscores before registration. This ensures tool names are valid identifiers for LLM function-calling APIs.
For example, a server named my-api exposing a tool called list-items.v2 becomes:
mcp_my_api_list_items_v2
Keep this in mind when writing include / exclude filters — use the original MCP tool name (with hyphens/dots), not the sanitized version.
For HTTP servers that require OAuth, set auth: oauth on the server entry:
mcp_servers:
protected_api:
url: "https://mcp.example.com/mcp"
auth: oauth
Behavior:
~/.hermes/mcp-tokens/<server>.json and reused across sessionsurl-based servers)