wundergraph
diff --git a/‎docs/docs.json‎
Lines changed: 12 additions & 1 deletion b/‎docs/docs.json‎
Lines changed: 12 additions & 1 deletion
diff --git a/‎docs/router/mcp.mdx‎
Lines changed: 57 additions & 376 deletions b/‎docs/router/mcp.mdx‎
Lines changed: 57 additions & 376 deletions
diff --git a/‎docs/router/mcp/configuration.mdx‎
Lines changed: 132 additions & 0 deletions b/‎docs/router/mcp/configuration.mdx‎
Lines changed: 132 additions & 0 deletions
diff --git a/‎docs/router/mcp/ide-setup.mdx‎
Lines changed: 134 additions & 0 deletions b/‎docs/router/mcp/ide-setup.mdx‎
Lines changed: 134 additions & 0 deletions
@@ -98,7 +98,18 @@
                   "router/configuration/template-expressions"
                 ]
               },
-              "router/mcp",
+              {
+                "group": "MCP Gateway",
+                "icon": "robot",
+                "pages": [
+                  "router/mcp",
+                  "router/mcp/quickstart",
+                  "router/mcp/operations",
+                  "router/mcp/configuration",
+                  "router/mcp/oauth",
+                  "router/mcp/ide-setup"
+                ]
+              },
               {
                 "group": "Custom Modules",
                 "icon": "cubes",
 
@@ -0,0 +1,132 @@
+---
+title: "Configuration"
+description: "Complete reference for all MCP Gateway configuration options, including session handling, storage providers, and environment variables."
+icon: "sliders-up"
+---
+
+## Basic Configuration
+
+To enable MCP in your Cosmo Router, add the following to your `config.yaml`:
+
+```yaml
+mcp:
+  enabled: true
+  server:
+    listen_addr: "localhost:5025"
+  graph_name: "my-graph"
+  exclude_mutations: true
+  storage:
+    provider_id: "mcp"
+
+storage_providers:
+  file_system:
+    - id: "mcp"
+      path: "operations"
+```
+
+## Configuration Options
+
+| Option                        | Description                                                                                                                                              | Default          |
+| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
+| `enabled`                     | Enable or disable the MCP server                                                                                                                         | `false`          |
+| `server.listen_addr`          | The address and port where the MCP server will listen for requests                                                                                       | `localhost:5025` |
+| `server.base_url`            | The public base URL of the MCP server. **Required when OAuth is enabled.** Used for the RFC 9728 metadata endpoint and `resource_metadata` in `WWW-Authenticate` headers. Set this to your externally-reachable URL when behind a reverse proxy or load balancer. | - |
+| `router_url`                  | Custom URL to use for the router GraphQL endpoint in MCP responses. Use this when your router is behind a proxy.                                         | -                |
+| `storage.provider_id`         | The ID of a storage provider to use for loading GraphQL operations. Only `file_system` providers are supported.                                            | -                |
+| `session.stateless`           | Whether the MCP server should operate in stateless mode. When `true`, no server-side session state is maintained between requests.                         | `true`           |
+| `graph_name`                  | The name of the graph this router exposes via MCP. Converted to kebab-case and used to build the MCP server name (`wundergraph-cosmo-<kebab-case-name>`) and for logging; it does not select a different graph. For example, `MyGraph` becomes `wundergraph-cosmo-my-graph`. | `mygraph`        |
+| `exclude_mutations`           | Whether to exclude mutation operations from being exposed                                                                                                | `false`          |
+| `enable_arbitrary_operations` | Enables the `execute_graphql` built-in tool, allowing clients to run arbitrary GraphQL operations beyond the pre-defined operation set.                   | `false`          |
+| `expose_schema`               | Enables the `get_schema` built-in tool, exposing the full GraphQL schema to MCP clients.                                                                 | `false`          |
+| `omit_tool_name_prefix`      | When enabled, MCP tool names omit the `execute_operation_` prefix. For example, `GetUser` becomes `get_user` instead of `execute_operation_get_user`. See [Operations — Omitting the Tool Name Prefix](/router/mcp/operations#omitting-the-tool-name-prefix). | `false`          |
+
+For OAuth-specific configuration, see [OAuth 2.1 Authorization](/router/mcp/oauth).
+
+## Environment Variables
+
+All MCP options can also be set via environment variables:
+
+| Environment Variable             | Configuration Path                   |
+| -------------------------------- | ------------------------------------ |
+| `MCP_ENABLED`                    | `mcp.enabled`                        |
+| `MCP_SERVER_LISTEN_ADDR`         | `mcp.server.listen_addr`             |
+| `MCP_SERVER_BASE_URL`            | `mcp.server.base_url`               |
+| `MCP_ROUTER_URL`                 | `mcp.router_url`                     |
+| `MCP_STORAGE_PROVIDER_ID`        | `mcp.storage.provider_id`            |
+| `MCP_SESSION_STATELESS`          | `mcp.session.stateless`              |
+| `MCP_GRAPH_NAME`                 | `mcp.graph_name`                     |
+| `MCP_EXCLUDE_MUTATIONS`          | `mcp.exclude_mutations`              |
+| `MCP_ENABLE_ARBITRARY_OPERATIONS`| `mcp.enable_arbitrary_operations`    |
+| `MCP_EXPOSE_SCHEMA`              | `mcp.expose_schema`                  |
+| `MCP_OMIT_TOOL_NAME_PREFIX`      | `mcp.omit_tool_name_prefix`          |
+
+When OAuth is enabled, the following additional environment variables are available:
+
+| Environment Variable                              | Configuration Path                                  |
+| ------------------------------------------------- | --------------------------------------------------- |
+| `MCP_OAUTH_ENABLED`                               | `mcp.oauth.enabled`                                 |
+| `MCP_OAUTH_AUTHORIZATION_SERVER_URL`               | `mcp.oauth.authorization_server_url`                |
+| `MCP_OAUTH_SCOPE_CHALLENGE_INCLUDE_TOKEN_SCOPES`   | `mcp.oauth.scope_challenge_include_token_scopes`    |
+
+## Storage Providers
+
+MCP loads operations from a configured file system storage provider. This allows you to centralize the configuration of operation sources:
+
+```yaml
+storage_providers:
+  file_system:
+    - id: "mcp"
+      path: "operations"  # Relative to the router binary
+```
+
+Then reference this storage provider in your MCP configuration:
+
+```yaml
+mcp:
+  storage:
+    provider_id: "mcp"
+```
+
+A storage provider **must** be specified to load GraphQL operations. See [Storage Providers](/router/storage-providers) for more details on configuring storage providers.
+
+## Session Handling
+
+The MCP server uses the Streamable HTTP transport and maintains per-session state via the `Mcp-Session-Id` header. When deploying multiple Router instances, you need **sticky sessions** to ensure all requests for a session reach the same instance.
+
+To configure sticky sessions:
+
+1. The Router returns a unique `Mcp-Session-Id` response header when a session is established
+2. Clients must include that value in subsequent requests as the `Mcp-Session-Id` request header
+3. Your load balancer or reverse proxy must route requests with the same `Mcp-Session-Id` to the same instance
+
+For details, see your load balancer or reverse proxy documentation (e.g., [F5 NGINX Plus — MCP Session Affinity](https://community.f5.com/kb/technicalarticles/mcp-session-affinity-with-f5-nginx-plus/341961)).
+
+<Info>
+  The `session.stateless` configuration option is reserved for future use. Currently, the MCP server always operates in stateful mode regardless of this setting.
+</Info>
+
+## CORS
+
+The MCP server automatically configures CORS to allow cross-origin requests from MCP clients. It sets `Access-Control-Allow-Origin: *` and allows the required MCP headers (`Mcp-Protocol-Version`, `Mcp-Session-Id`, `Authorization`, `Last-Event-ID`). The `Mcp-Session-Id` and `WWW-Authenticate` headers are exposed in responses. If you have additional CORS headers configured on the router, they are merged with the MCP-specific headers.
+
+## Full Configuration Example
+
+```yaml
+mcp:
+  enabled: true
+  server:
+    listen_addr: "localhost:5025"
+  router_url: "https://your-public-router-url.example.com/graphql"
+  graph_name: "my-graph"
+  exclude_mutations: true
+  enable_arbitrary_operations: false
+  expose_schema: false
+  omit_tool_name_prefix: false
+  storage:
+    provider_id: "mcp"
+
+storage_providers:
+  file_system:
+    - id: "mcp"
+      path: "operations"
+```
@@ -0,0 +1,134 @@
+---
+title: "IDE & AI Tool Setup"
+description: "Connect Claude Desktop, Cursor, Windsurf, VS Code, and other AI tools to your MCP Gateway. Includes header forwarding for authentication and tracing."
+icon: "display-code"
+---
+
+This guide covers how to connect popular AI tools to your Cosmo Router MCP server and configure header forwarding for authentication, tracing, and custom headers.
+
+## Header Forwarding
+
+<Info>
+  Available since Router [0.260.0](https://github.com/wundergraph/cosmo/releases/tag/router%400.260.0)
+</Info>
+
+The MCP server forwards **all headers** from MCP clients to the Router, including authorization headers, custom headers, and tracing headers. This allows you to:
+
+- Leverage all authentication and authorization capabilities of your Cosmo Router
+- Pass custom headers for tracing, debugging, or application-specific purposes
+- Maintain consistent security and observability across all API consumers
+
+<Info>
+  All headers sent by MCP clients are forwarded through the complete chain: MCP Client → MCP Server → Router → Subgraphs. The router's [header forwarding rules](/router/proxy-capabilities/subgraph-request-header-operations) determine what ultimately reaches your subgraphs.
+</Info>
+
+## IDE Setup Guides
+
+### Cursor
+
+<Note>Requires Cursor v0.48.0+ for Streamable HTTP support.</Note>
+
+Go to **Settings** > **Tools & Integrations** > **MCP Servers** and add the following to the `mcp.json` file:
+
+```json
+{
+  "mcpServers": {
+    "my-graph": {
+      "url": "http://localhost:5025/mcp",
+      "headers": {
+        "Authorization": "Bearer YOUR_API_KEY",
+        "X-Trace-Id": "cursor-session-123",
+        "X-Client": "cursor"
+      }
+    }
+  }
+}
+```
+
+All `headers` fields are optional — include only what your setup requires.
+
+### Claude Desktop
+
+Requires the latest version of Claude Desktop. Go to **Settings** > **Developer** and click on **Edit Config**. Add the following to the `claude_desktop_config.json` file:
+
+```json
+{
+  "mcpServers": {
+    "my-graph": {
+      "command": "npx",
+      "args": ["-y", "mcp-remote", "http://localhost:5025/mcp"]
+    }
+  }
+}
+```
+
+After saving, **restart Claude Desktop** for changes to take effect.
+
+### Windsurf
+
+Windsurf supports Streamable HTTP servers with a `serverUrl` field:
+
+```json
+{
+  "mcpServers": {
+    "my-graph": {
+      "serverUrl": "http://localhost:5025/mcp",
+      "headers": {
+        "Authorization": "Bearer YOUR_API_KEY",
+        "X-Trace-Id": "windsurf-session-456",
+        "X-Client": "windsurf"
+      }
+    }
+  }
+}
+```
+
+### VS Code
+
+Click **View** > **Command Palette** > **MCP: Add Server** and use the URL `http://localhost:5025/mcp` to complete the configuration.
+
+For more information, see the [VS Code MCP Servers documentation](https://code.visualstudio.com/docs/copilot/chat/mcp-servers).
+
+### Other MCP-compatible Tools
+
+Other tools and AI models that support the MCP protocol typically provide similar ways to configure the server URL and authentication headers. Check the documentation for your specific AI tool for the exact configuration syntax.
+
+## Common Header Patterns
+
+### Authentication & Authorization
+
+Pass authorization tokens to secure your GraphQL operations:
+
+```json
+{
+  "headers": {
+    "Authorization": "Bearer YOUR_API_KEY"
+  }
+}
+```
+
+### Tracing
+
+Include trace IDs for request correlation and debugging:
+
+```json
+{
+  "headers": {
+    "X-Trace-Id": "trace-123",
+    "X-Request-Id": "req-456"
+  }
+}
+```
+
+### Custom Headers
+
+Pass application-specific headers for business logic:
+
+```json
+{
+  "headers": {
+    "X-Tenant-Id": "tenant-abc",
+    "X-Feature-Flag": "new-feature-enabled"
+  }
+}
+```