Remote MCP Servers (Atlassian, Slack, Linear)

The Agent Receipts proxy expects an upstream MCP server it can spawn as a local stdio process. A growing class of MCP servers — Atlassian, Slack, Linear, HubSpot, Notion, and others — are hosted as remote HTTP/SSE endpoints behind OAuth instead. To audit those today, compose mcp-remote in front of mcp-proxy: mcp-remote handles the OAuth dance and exposes a stdio MCP transport, which the proxy then wraps as it would any local server.

Why this is its own page

The composition pattern works, but a few things differ from local-server setups: ports stack up, OAuth is invisible to the proxy, and the proxy’s prefix-based operation classification drives risk scoring. Native HTTP/SSE support inside mcp-proxy is tracked in issue #227; until that lands, this page is the supported path.

How the composition works

MCP Client (Claude / Codex)
        │  stdio
        ▼
   mcp-proxy   ◄── audits, scores, forwards to daemon
        │  stdio
        ▼
   mcp-remote  ◄── OAuth flow, token refresh, transport bridge
        │  HTTP/SSE + Bearer token
        ▼
Remote MCP Server (e.g. mcp.atlassian.com/v1/mcp)

mcp-remote is responsible for the OAuth flow and token refresh. The proxy never sees the bearer token, which is good for redaction (one less secret to leak into the audit log), but means receipts cannot tie an action to a specific token identity. If you need that, follow #227.

Prerequisites

• mcp-proxy installed
• obsigna-daemon installed, initialised, and running — it holds the signing key and writes every receipt
• Node.js (for npx mcp-remote)
• A remote MCP endpoint and an account that can authorise it. The example below uses Atlassian’s Remote MCP Server at https://mcp.atlassian.com/v1/mcp.

Start the daemon

The proxy holds no signing key of its own — obsigna-daemon owns the key and writes every receipt (ADR-0010). Initialise the key once and start the daemon before connecting your MCP client:

obsigna-daemon --init   # one-time: generates the Ed25519 signing key pair
obsigna-daemon          # start the daemon (listens on a Unix socket)

One daemon signs receipts for every proxied server — local and remote alike. See Daemon Setup for install options and socket paths.

Worked example: Atlassian (Jira + Confluence)

Add an entry to your MCP client config that runs mcp-proxy wrapping npx mcp-remote <url>. For Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "atlassian-audited": {
      "command": "/Users/YOU/go/bin/mcp-proxy",
      "args": [
        "-name", "atlassian",
        "-issuer-name", "Claude Desktop",
        "-operator-id", "did:web:anthropic.com",
        "-operator-name", "Anthropic",
        "npx", "--registry", "https://registry.npmjs.org", "-y", "mcp-remote",
        "https://mcp.atlassian.com/v1/mcp"
      ]
    }
  }
}

For Claude Code:

claude mcp add-json atlassian-audited --scope user '{
  "command": "/Users/YOU/go/bin/mcp-proxy",
  "args": [
    "-name", "atlassian",
    "-issuer-name", "Claude Code",
    "-operator-id", "did:web:anthropic.com",
    "-operator-name", "Anthropic",
    "npx", "--registry", "https://registry.npmjs.org", "-y", "mcp-remote",
    "https://mcp.atlassian.com/v1/mcp"
  ]
}'

Path tips

• Binary path: Claude Desktop doesn’t inherit your shell PATH, so GUI-launched instances may fail to find mcp-proxy if it’s in ~/go/bin. Use the full path — run which mcp-proxy to find it.

The first time the server is invoked, mcp-remote opens a browser tab to complete the OAuth flow with Atlassian. Subsequent runs reuse the cached token (managed by mcp-remote, not the proxy).

Bundled taxonomy

The daemon stores action types in <channel>.<server>.<tool> form — for example, mcp.atlassian.createJiraIssue. Full taxonomy mapping that would reclassify Atlassian tools to canonical types like data.api.write and data.api.read is not yet applied at the daemon level and is tracked for a future release. The proxy’s prefix-based operation classification drives policy risk scoring today.

See the Action Taxonomy reference for the full set of mappings, and open a PR against the taxonomy definitions to add or correct entries.

Caveats

• OAuth is invisible to the proxy. mcp-remote owns the credential. The proxy can’t include token identity in receipts and can’t log auth refreshes. Tracked in #227.
• Naming collision. There are several unrelated tools called mcp-proxy in the ecosystem — make sure your command path points at the Agent Receipts binary (the one you installed via go install or downloaded from this project).

First-run OAuth — do this before connecting via your MCP client

mcp-remote needs an interactive browser session to complete the initial OAuth flow. Claude Code or Claude Desktop will show the server as failed until this is done.

Fix: run the full proxy command directly in a terminal first, complete the browser OAuth, then Ctrl+C and reconnect via /mcp:

$HOME/go/bin/mcp-proxy -name atlassian \
  npx --registry https://registry.npmjs.org -y mcp-remote https://mcp.atlassian.com/v1/mcp

Subsequent launches reuse the cached token managed by mcp-remote.

• Corporate npm registry. If your npm is configured to use a private registry (e.g. AWS CodeArtifact), npx mcp-remote will fail with a 404 Not Found error that looks like a missing package. The fix — already in the examples above — is to pass --registry https://registry.npmjs.org explicitly to npx.