Public Docs / MCP / Installation
MCP Installation
Connect any MCP-compatible AI client to Phoenix Security in three steps: get an API key, download the bridge script, and add the server configuration to your client.
Before You Start
- A Phoenix Security account with API access enabled (Registered tier or above).
- An API key with the
mcp,api_power,api_integration, orapi_unlimitedscope. Generate one in Account → API Keys. - Python 3.8 or later installed on your machine (for the stdio bridge).
Option A — Claude Desktop
Claude Desktop reads MCP servers over stdio. The Phoenix bridge script translates between stdio and the Phoenix HTTP endpoint.
Step 1 — Download the bridge script
Save mcp_http_bridge.py from the Phoenix developer resources page (or your account downloads) to a stable location on your machine, for example ~/.phoenix/mcp_http_bridge.py.
Step 2 — Add Phoenix to Claude Desktop's config
Open (or create) ~/Library/Application Support/Claude/claude_desktop_config.json on macOS, or %APPDATA%\Claude\claude_desktop_config.json on Windows, and add the following entry inside "mcpServers":
{
"mcpServers": {
"phoenix-security": {
"command": "python3",
"args": ["/Users/you/.phoenix/mcp_http_bridge.py"],
"env": {
"MCP_HTTP_URL": "https://phxintel.security/api/v1/mcp/claude",
"MCP_API_KEY": "phx_your_key_here"
}
}
}
}Replace /Users/you/.phoenix/mcp_http_bridge.py with your actual path, and phx_your_key_here with your API key.
Step 3 — Restart Claude Desktop
Quit and reopen Claude Desktop. A hammer icon in the toolbar indicates MCP servers are active. Ask Claude: "What is CVE-2024-27198?" to verify the connection.
Option B — ChatGPT Desktop
The ChatGPT Desktop integration is identical in structure. Use the ChatGPT-specific bridge script and alias endpoint.
Step 1 — Download the ChatGPT bridge script
Save mcp_http_bridge_chatgpt.py from your account resources to a stable location, for example ~/.phoenix/mcp_http_bridge_chatgpt.py.
Step 2 — Configure ChatGPT Desktop
In ChatGPT Desktop, open Settings → Integrations → Model Context Protocol and add a new MCP server with the command and env variables below:
Command: python3
Args: /Users/you/.phoenix/mcp_http_bridge_chatgpt.py
Env:
MCP_HTTP_URL = https://phxintel.security/api/v1/mcp/chatgpt
MCP_API_KEY = phx_your_key_hereStep 3 — Verify the connection
Restart ChatGPT Desktop and test with: "Look up CVE-2024-3400 using Phoenix."
Option C — Direct HTTP (Custom Clients)
If your MCP client supports HTTP transport natively (no stdio bridge needed), point it directly at the endpoint:
POST https://phxintel.security/api/v1/mcp
Content-Type: application/json
x-api-key: phx_your_key_here
{
"jsonrpc": "2.0",
"id": "1",
"method": "initialize",
"params": {}
}Any JSON-RPC 2.0 client or HTTP client that can set headers will work. See the Tools Reference for available methods.
Local HTTPS (Self-Hosted Deployments)
If you run a self-hosted Phoenix instance and want to serve MCP over local HTTPS, you can generate a local
certificate with mkcert and use the bridge's --insecure flag for self-signed certificates.
# Generate a local certificate
brew install mkcert
mkcert -install
mkdir -p ssl
mkcert -cert-file ssl/cert.pem -key-file ssl/key.pem localhost 127.0.0.1
# Start Phoenix with the HTTPS proxy overlay
BACKEND_HTTP_PORT=8001 docker-compose \
-f docker-compose.dev.yml \
-f docker-compose.mcp-https.local.yml up -d
# Use the bridge pointing at local HTTPS
MCP_HTTP_URL="https://localhost:8000/api/v1/mcp/claude" \
MCP_API_KEY="phx_your_key_here" \
python3 mcp_http_bridge.py --insecureEnvironment Variables (Bridge Scripts)
| Variable | Default | Description |
|---|---|---|
MCP_HTTP_URL |
http://localhost:8000/api/v1/mcp/claude |
Full URL of the Phoenix MCP endpoint |
MCP_API_KEY |
empty | Your Phoenix API key (required) |
MCP_HTTP_TIMEOUT |
30 |
HTTP request timeout in seconds |
MCP_HTTP_INSECURE |
0 |
Set to 1 to disable TLS verification (self-hosted only) |
Troubleshooting
- 401 Unauthorized — the API key is missing or the
x-api-keyheader is not being sent. Check yourMCP_API_KEYvalue. - 403 Forbidden — MCP is not enabled for your account tier, or you're calling an Enterprise-only tool with a lower-tier key.
- Method not found (-32601) — the JSON-RPC method name is invalid. Verify you are using
tools/call,tools/list,resources/list, orresources/read. - Bridge exits immediately — Python is not in your PATH, or the script path is wrong. Confirm
python3 --versionruns in your shell. - Claude Desktop shows no MCP tools — check that the JSON config is valid (no trailing commas) and that you restarted Claude Desktop after editing it.