Skip to content

MCP Proxy (Tier A)

OpenCode loads MCP servers from opencode.json. Wrapping a server with mcp-proxy gives the MCP channel an adversary-resistant audit trail: the proxy runs out-of-process and signs locally, so it holds even if OpenCode itself misbehaves. This is Tier A — docs-only, reusing a shipped component. For native tool calls, see the plugin (Tier B).

OpenCode launches local MCP servers as subprocesses. Point the command at mcp-proxy, which wraps the upstream server transparently — OpenCode doesn’t know the proxy is there. Use absolute paths; OpenCode launches MCP servers with a clean environment.

{
"$schema": "https://opencode.ai/config.json",
"mcp": {
"github-audited": {
"type": "local",
"enabled": true,
"command": [
"/usr/local/bin/mcp-proxy",
"-name", "github",
"-issuer-name", "OpenCode",
"-operator-id", "did:web:opencode.ai",
"-operator-name", "OpenCode",
"/usr/local/bin/github-mcp-server", "stdio"
]
}
}
}

The proxy reaches obsigna-daemon over its default platform socket automatically — no extra flag needed.

Run an MCP tool in OpenCode (e.g. a GitHub query), then:

Terminal window
obsigna receipt list # receipts with channel: mcp from the proxy
obsigna receipt verify # walk the chain and check signatures

Receipts from the proxy carry channel: mcp; native-tool receipts from the plugin carry channel: opencode. Both land in the same daemon chain, giving you a complete picture across both channels.