MCP Integration Layer — Archon Platform¶
Overview¶
Claude Code on the CanEast AI Node workstation is augmented with Model Context Protocol (MCP) servers that provide natural language access to infrastructure, secrets, and cloud resources. MCP servers extend Claude Code's capabilities without requiring custom code — each server exposes tools that Claude Code can invoke during sessions.
Lazy loading reduces active context by ~95% compared to loading all tools upfront. Only the tools relevant to the current task are loaded.
MCP Servers¶
| Server | Package | Scope | Purpose |
|---|---|---|---|
| azure-devops | @tiberriver256/mcp-server-azure-devops | project | ADO work items, PRs, pipelines, boards |
| cloudflare | remote (Cloudflare MCP) | project | DNS, Pages, Workers, R2 management |
| kubernetes | flux159/mcp-server-kubernetes | user | Natural language kubectl for k3s cluster |
| azure-infra | @azure/mcp | user | Azure resource management and provisioning |
| infisical | @infisical/mcp | user | Secrets management via self-hosted Infisical |
Project scope: configured in .mcp.json at the repo root — travels with the repository.
User scope: configured in ~/.claude/mcp.json — available across all repos and sessions on the workstation.
Machine Identities¶
Each non-human system that accesses Infisical uses a dedicated machine identity with least-privilege access:
| Identity | Access | Purpose |
|---|---|---|
| alienware-wsl | archon-platform (Developer), archon-cloud (Developer) | CanEast AI Node WSL — MCP server, CLI tooling |
| caneast-site1-node2-terraform-runner | archon-cloud (Developer) | Docker-based Terraform runner on caneast-site1-node2 |
Machine identities are managed at Access Control → Identities in the Infisical admin UI. Details are in docs/internal/infisical-navigation.md (internal only, not published).
Agent Architecture¶
Claude Code sessions are further governed by 21 custom sub-agents (prefix: ccagnt-) covering architecture review, security, IaC, OT, and session management.
See Agent Architecture for the full registry and invocation guide.
Design Principles¶
- MCP servers extend Claude Code without loading all tools upfront — lazy loading reduces context by ~95%
- Project-scoped MCPs in
.mcp.jsontravel with the repo and are version-controlled - User-scoped MCPs are available across all projects on the CanEast AI Node workstation
- Secrets are never hardcoded — Infisical machine identity auth is used for all automated access
- All MCP server configurations are committed to source control (no secrets in config files)