Start, observe, and interact with Claude Managed Agents from any MCP client (Claude.ai, Claude Code, Cursor, mcp-remote, your own agent, …).
Claude Managed Agents run on Anthropic's platform — each is an agent definition
(model, system prompt, tools, skills) that executes inside a sandbox environment.
This MCP server puts a remote control on those agents: connect it to any MCP
client and you can launch an agent, watch what it does, reply to it, approve the
tools it wants to run, and stop it. Claude.ai is the showcase client (do it all
from a normal conversation), but the same tools work from Claude Code, Cursor,
mcp-remote, the MCP Inspector, or a custom MCP client. It is the runtime
companion to the Terraform provider
that defines agents declaratively.
It runs as a local stdio server, a generic HTTP container, or on AWS Lambda, with pluggable inbound auth (static bearer, generic OIDC, or an AWS Cognito preset).
Note
This is a community project. It is not maintained by, endorsed by, or affiliated
with Anthropic. The Managed Agents API is a beta API (managed-agents-2026-04-01).
MCP client ──MCP──▶ managed-agent-control-mcp ──HTTPS (x-api-key)──▶ Managed Agents API
(Claude.ai, (this server: tools + auth) (agents run here)
Claude Code, …)
You drive a loop: discover an agent → start a session → observe by
polling events → interact (reply / interrupt / approve tools) → end.
Because MCP tool calls are request/response, observation is by polling
(session_events / session_get) — there is no live stream into the chat.
You need an ANTHROPIC_API_KEY with Managed Agents access and
uv.
git clone https://github.com/modus-agendi/managed-agent-control-mcp
cd managed-agent-control-mcp
uv sync
# Run the server over stdio:
ANTHROPIC_API_KEY=sk-ant-... uv run python -m managed_agents_mcpExplore the tools interactively with the MCP Inspector:
ANTHROPIC_API_KEY=sk-ant-... npx @modelcontextprotocol/inspector \
uv run python -m managed_agents_mcpRegister it with Claude Code (a project-scoped .mcp.json is included):
claude mcp add managed-agent-control -- uv run python -m managed_agents_mcpOnce published to PyPI, you can skip the clone: uvx managed-agent-control-mcp.
| Tier | Tool | Does |
|---|---|---|
| Discover | agent_list / agent_get |
Find an agent and inspect its config |
environment_list / environment_get |
Find a sandbox environment | |
vault_list / vault_get |
Find a credential vault to attach at session_start |
|
memory_store_list / memory_store_get |
Find a persistent memory store | |
| Start | session_start |
Create a session and (optionally) send the first instruction |
| Observe | session_get |
Status (idle/running/…) + token usage |
session_list |
List sessions | |
session_events |
Poll the agent's output/activity (cursor + type filter) | |
| Interact | session_message |
Send a message / continue a turn |
session_interrupt |
Stop or redirect a running agent | |
session_respond |
Approve/deny a tool the agent is waiting on | |
| Destructive 🔒 | session_archive / session_delete |
Archive (keep history) or delete |
See docs/tools.md for every argument and return shape.
Only ANTHROPIC_API_KEY is required for local use. Full reference in
docs/configuration.md.
| Env var | Purpose |
|---|---|
ANTHROPIC_API_KEY |
Required. Operator key the server acts with. |
ANTHROPIC_BASE_URL |
Override the API base URL (gateways/testing). |
MCP_AUTH_MODE |
Inbound auth for HTTP: bearer, oidc, cognito (comma-separated to combine). |
MCP_BEARER_TOKEN |
Shared token for bearer mode. |
MCP_OIDC_ISSUER / MCP_OIDC_JWKS_URL / MCP_OIDC_AUDIENCE |
JWT verification for oidc/cognito. |
MCP_ALLOWLIST_AGENTS_ACTIVE |
true activates the agent allowlist (default off → all agents allowed). |
MCP_ALLOWED_AGENT_IDS |
Agents session_start may launch when the allowlist is active. |
MCP_ALLOW_DESTRUCTIVE |
false disables archive/delete. |
There are two auth layers (kept separate by design):
- Outbound — how this server calls Anthropic: your
ANTHROPIC_API_KEY. - Inbound — how MCP clients authenticate to this server. Pluggable and
required for any HTTP deployment:
- bearer — a shared static token. Simplest; works with Claude.ai connectors and
mcp-remote. - oidc — verify JWTs from any OIDC provider (Auth0, Okta, Keycloak, Entra, Cognito).
- cognito — the OIDC verifier plus the hosted-UI OAuth facade Cognito needs.
- bearer — a shared static token. Simplest; works with Claude.ai connectors and
Setup and Claude.ai connector onboarding: docs/authentication.md.
Warning
Never expose an HTTP deployment without an inbound auth mode set. Anyone who passes inbound auth can drive your Anthropic key — scope the key and use the guardrails.
| Target | How |
|---|---|
| Local (stdio) | uv run python -m managed_agents_mcp |
| Container (HTTP) | docker build -f deploy/Dockerfile -t macmcp . && docker run -p 8000:8000 … |
| AWS Lambda | Self-contained Terraform module in deploy/aws-lambda/ |
Details: docs/deployment.md.
- Configuration — every env var + guardrails
- Authentication — bearer / OIDC / Cognito + Claude.ai setup
- Deployment — local, container, Lambda
- Architecture — module map, the two auth layers, the polling model
- Tools — full tool reference
- Examples — end-to-end deployment walkthroughs (host + OAuth provider)
Contributions welcome — see CONTRIBUTING.md and the Code of Conduct. Found a security issue? See SECURITY.md.
MIT — see LICENSE. Maintained by Andrei Svirida.