Back to Asistn

Asistn MCP

Give trusted external agents a controlled tool interface to Asistn.

The Asistn MCP server is a separate internal service that exposes selected Asistn workspace API capabilities as MCP tools. Agents such as Hermes can monitor workspaces, read conversations, inspect analytics, push leads, and optionally send WhatsApp messages when the deployment explicitly enables those permissions.

Internal by default

The production container is exposed only on the Docker network, not through public Nginx.

Read-only by default

Read tools are enabled by default. Write and message sending must be explicitly enabled by env.

Configured workspaces only

MVP multi-workspace access means every workspace listed in ASISTN_MCP_WORKSPACES.

Architecture

How the MCP wrapper fits around the workspace API

MCP does not bypass tenant boundaries or read the database directly. It proxies the existing /api/v1 endpoints with configured workspace tokens.

Hermes / External Agent
  -> MCP client
  -> http://asistn-mcp:3010/mcp
  -> Asistn MCP Server
  -> http://app:3006/api/v1/*
  -> Asistn workspace API

Important model

There is no true super-admin API in this MVP. The MCP server can only access workspaces configured through environment variables. Each configured workspace still uses its own Asistn workspace API token.

Connect

MCP endpoint and client authentication

External agents connect to the Streamable HTTP MCP endpoint. The agent must send the MCP server bearer token, not a workspace API token.

Endpoint

POST http://asistn-mcp:3010/mcp
Authorization: Bearer $ASISTN_MCP_SERVER_TOKEN

From another container on the same Docker network, use the service name. If the compose project exposes a different DNS name, use that internal hostname instead.

Non-MCP health check

curl http://asistn-mcp:3010/healthz

/healthz is intentionally unauthenticated and only returns service-level health. Use MCP check_health tools for authenticated workspace checks.

Agent setup rule

The MCP client uses one server token for the MCP service. Workspace API tokens stay inside the MCP container environment and should never be copied into external agent prompts, browser code, or public config.

Token

Create and install ASISTN_MCP_SERVER_TOKEN

This is an internal bearer secret for the MCP service. It is generated by you, installed into the production .env file, and used by trusted MCP clients.

Generate MCP server token

Generated locally in this browser. The token is not sent to Asistn or stored by this page.

Production install path

Current deploys run from /opt/asistn/Agentic CRM. Put the token in/opt/asistn/Agentic CRM/.env, then restart the MCP container.

TOKEN='paste_generated_token_here'
ENV_FILE='/opt/asistn/Agentic CRM/.env'

if grep -q '^ASISTN_MCP_SERVER_TOKEN=' "$ENV_FILE"; then
  sed -i "s|^ASISTN_MCP_SERVER_TOKEN=.*|ASISTN_MCP_SERVER_TOKEN=$TOKEN|" "$ENV_FILE"
else
  printf '\nASISTN_MCP_SERVER_TOKEN=%s\n' "$TOKEN" >> "$ENV_FILE"
fi

cd '/opt/asistn/Agentic CRM'
docker compose -f docker-compose.prod.yml up -d mcp

Do not publish this token

Docs can be public because they contain placeholders only. The realASISTN_MCP_SERVER_TOKENshould stay in server env, a password manager, or a trusted agent secret store.

If a trusted server agent needs the token

It can read ASISTN_MCP_SERVER_TOKEN from/opt/asistn/Agentic CRM/.env. Only allow this for agents that are already trusted with production infrastructure, because the same file may contain other production secrets.

Configuration

Environment variables

Production config lives in .env on the server. Token JSON is not checked into the repository.

ASISTN_MCP_SERVER_TOKENRequiredBearer token used by external agents to connect to /mcp.
ASISTN_MCP_WORKSPACESRequiredJSON array of configured workspace slugs and token env names.
ASISTN_API_TOKEN_*RequiredActual workspace API tokens referenced by ASISTN_MCP_WORKSPACES.
ASISTN_BASE_URLDefault: http://app:3006Asistn app URL from the MCP container. Production uses Docker DNS.
ASISTN_MCP_PORTDefault: 3010Internal HTTP port for /mcp and /healthz.
ASISTN_MCP_DEFAULT_WORKSPACEDefault: first workspaceWorkspace used when tool input omits workspace.
ASISTN_MCP_READDefault: trueRegisters read tools when true.
ASISTN_MCP_WRITEDefault: falseRegisters write tools when true.
ASISTN_MCP_SEND_MESSAGESDefault: falseRegisters send_message only when this and write are both true.
ASISTN_MCP_DELETEDefault: falseReserved for future delete tools. No delete tools exist in the MVP.
ASISTN_MCP_ALLOWED_ORIGINSDefault: emptyComma-separated browser Origin allowlist. Server-to-server requests without Origin are allowed.

Minimal read-only config

ASISTN_MCP_SERVER_TOKEN=long_random_internal_bearer_token
ASISTN_MCP_WORKSPACES=[{"slug":"klaser","tokenEnv":"ASISTN_API_TOKEN_KLASER"},{"slug":"safencare","tokenEnv":"ASISTN_API_TOKEN_SAFENCARE"}]
ASISTN_API_TOKEN_KLASER=asistn_live_xxx
ASISTN_API_TOKEN_SAFENCARE=asistn_live_xxx

ASISTN_BASE_URL=http://app:3006
ASISTN_MCP_PORT=3010
ASISTN_MCP_DEFAULT_WORKSPACE=klaser
ASISTN_MCP_READ=true
ASISTN_MCP_WRITE=false
ASISTN_MCP_SEND_MESSAGES=false
ASISTN_MCP_DELETE=false
ASISTN_MCP_ALLOWED_ORIGINS=

Permissions

Tool registration is controlled at startup

Permissions decide which MCP tools exist. If a tool is disabled, agents do not see it in list_tools.

Read-only monitoring agent

Use this for Hermes, dashboards, QA agents, and reporting jobs that should inspect workspaces without changing customer data.

ASISTN_MCP_READ=true
ASISTN_MCP_WRITE=false
ASISTN_MCP_SEND_MESSAGES=false
ASISTN_MCP_DELETE=false

Lead intake agent

Enable write only when an external service needs to push leads or conversion events into Asistn. WhatsApp sending remains disabled.

ASISTN_MCP_READ=true
ASISTN_MCP_WRITE=true
ASISTN_MCP_SEND_MESSAGES=false
ASISTN_MCP_DELETE=false

Controlled messaging agent

Use only in a trusted internal environment or test workspace. This exposes send_message and can send real WhatsApp messages.

ASISTN_MCP_READ=true
ASISTN_MCP_WRITE=true
ASISTN_MCP_SEND_MESSAGES=true
ASISTN_MCP_DELETE=false

send_message is a real WhatsApp action

Keep ASISTN_MCP_SEND_MESSAGES=false unless the agent is trusted, the workspace is approved for this action, and you have a manual test plan. Write permission alone does not expose send_message.

Tools

Available MCP tools

Tool results are returned as JSON text content so MCP clients can inspect and pass them into their own reasoning loop.

Read tools

Registered when ASISTN_MCP_READ=true.

list_workspacesNo inputLists every workspace configured in this MCP service, then fetches each workspace profile.
get_workspace{ workspace? }Reads one workspace profile. Uses the configured default workspace when omitted.
list_contacts{ workspace?, status?, q?, updated_since?, tag?, limit? }Lists contacts using the filters supported by the current workspace API.
get_contact{ workspace?, contact_id }Reads one contact by id.
list_conversations{ workspace?, limit? }Lists recent conversations without full message history.
get_conversation{ workspace?, contact_id, limit? }Reads message history for one contact.
get_analytics{ workspace? }Reads the compact workspace analytics summary.
get_agent_memory{ workspace?, contact_id?, type?, limit? }Reads AI memory. Type filtering is applied by the MCP server after fetching.
get_content_insights{ workspace?, days?, limit? }Reads customer questions, objections, content signals, and learning signals.
get_audiences{ workspace?, segment?, tag?, limit? }Reads audience segments such as ghosted, engaged, qualified, recent, or all.

Write tools

Registered when ASISTN_MCP_WRITE=true.

upsert_contact{ workspace?, phone, name?, status?, source?, intent?, profile_data?, ad_source?, meta_data? }Creates or updates a contact by phone.
push_lead{ workspace?, phone, name?, source?, external_id?, status?, intent?, payload?, ad_source?, meta_data? }Pushes an external lead into Asistn.
fire_conversion_event{ workspace?, contact_id?, phone?, event_name, platform?, payload?, response? }Records a conversion event for a contact or phone.

Message send tool

Registered only when both ASISTN_MCP_WRITE=true and ASISTN_MCP_SEND_MESSAGES=true.

send_message{ workspace?, contact_id?, phone?, content }Sends a WhatsApp text from the workspace number. Disabled by default.

Health tools

Always registered so operators can validate the MCP service and workspace API reachability.

check_healthNo inputPings the default workspace through the Asistn API and returns status, latency, base URL, and API version.
check_all_workspaces_healthNo inputChecks workspace and analytics health for every configured workspace. A failed workspace returns degraded status instead of crashing.

Examples

Common agent flows

These examples describe how an external agent should use the tools once it has connected to the MCP endpoint.

Monitor every configured workspace

1. list_workspaces {}
2. check_all_workspaces_health {}
3. For each workspace:
   - get_analytics { "workspace": "klaser" }
   - list_contacts { "workspace": "klaser", "status": "open", "limit": 50 }
   - get_content_insights { "workspace": "klaser", "days": 30, "limit": 50 }

Investigate one customer conversation

1. list_contacts { "workspace": "klaser", "q": "6281234567890", "limit": 5 }
2. get_contact { "workspace": "klaser", "contact_id": "CONTACT_ID" }
3. get_conversation { "workspace": "klaser", "contact_id": "CONTACT_ID", "limit": 100 }
4. get_agent_memory { "workspace": "klaser", "contact_id": "CONTACT_ID", "limit": 50 }

Push a lead from another system

push_lead {
  "workspace": "klaser",
  "phone": "6281234567890",
  "name": "Albert",
  "source": "agentic_marketing",
  "external_id": "meta_lead_123",
  "intent": "consultation",
  "ad_source": {
    "platform": "meta",
    "campaign": "k-laser-leadgen"
  },
  "meta_data": {
    "tags": ["meta-lead", "k-laser"]
  }
}

Security

Operational security checklist

Treat the MCP service as a privileged internal integration. It can aggregate multiple workspace tokens in one process.

Keep it internal

Do not expose /mcp through public Nginx in the MVP. Connect from Hermes or other agents on the same Docker network.

Use a separate MCP token

ASISTN_MCP_SERVER_TOKEN is independent from workspace API tokens and should be rotated separately.

Store workspace tokens in env

ASISTN_MCP_WORKSPACES references token env names. The actual asistn_live_* values stay in the server environment.

Default to read-only

Start with write and send disabled. Enable write only for agents that need to mutate data.

Restrict browser origins

Requests with browser Origin headers are denied unless the origin is in ASISTN_MCP_ALLOWED_ORIGINS.

No delete tools

The delete flag exists for compatibility, but the MVP registers no delete tools.

Redact secrets

Startup and error logs redact asistn_live_* token values.

Use strong container boundaries

The production image runs as a non-root user and communicates with the app over Docker DNS.

Audit list_tools

After each permission change, call list_tools to confirm the exposed capability surface is expected.

Troubleshooting

Common failures and what they mean

401 from /mcp

The MCP client is missing Authorization: Bearer <ASISTN_MCP_SERVER_TOKEN> or is using the wrong token.

403 origin rejected

The request has a browser Origin header that is not listed in ASISTN_MCP_ALLOWED_ORIGINS.

Startup fails with token env missing

A workspace entry references tokenEnv, but that environment variable is not set.

Unknown workspace error

The tool input used a workspace slug that is not present in ASISTN_MCP_WORKSPACES.

send_message not visible

Confirm both ASISTN_MCP_WRITE=true and ASISTN_MCP_SEND_MESSAGES=true, then restart the MCP container.

Health is degraded

At least one workspace API request failed. Check the workspace token, app container reachability, and /api/v1/analytics/summary.