Remote MCP Servers (Atlassian, Slack, Linear)

The Agent Receipts proxy expects an upstream MCP server it can spawn as a local stdio process. A growing class of MCP servers — Atlassian, Slack, Linear, HubSpot, Notion, and others — are hosted as remote HTTP/SSE endpoints behind OAuth instead. To audit those today, compose mcp-remote in front of mcp-proxy: mcp-remote handles the OAuth dance and exposes a stdio MCP transport, which the proxy then wraps as it would any local server.

Why this is its own page

The composition pattern works, but a few things differ from local-server setups: ports stack up, OAuth is invisible to the proxy, and bundled taxonomies are what give risk scoring meaning out of the box. Native HTTP/SSE support inside mcp-proxy is tracked in issue #227; until that lands, this page is the supported path.

How the composition works

MCP Client (Claude / Codex)
        │  stdio
        ▼
   mcp-proxy   ◄── audits, scores, signs receipts
        │  stdio
        ▼
   mcp-remote  ◄── OAuth flow, token refresh, transport bridge
        │  HTTP/SSE + Bearer token
        ▼
Remote MCP Server (e.g. mcp.atlassian.com/v1/mcp)

mcp-remote is responsible for the OAuth flow and token refresh. The proxy never sees the bearer token, which is good for redaction (one less secret to leak into the audit log), but means receipts cannot tie an action to a specific token identity. If you need that, follow #227.

Prerequisites

• mcp-proxy installed
• A signing key pair generated (see below)
• Node.js (for npx mcp-remote)
• A remote MCP endpoint and an account that can authorise it. The example below uses Atlassian’s Remote MCP Server at https://mcp.atlassian.com/v1/mcp.

Generate a signing key

mcp-proxy init --name atlassian-proxy
# creates ~/.agent-receipts/atlassian-proxy.pem (0600) and ~/.agent-receipts/atlassian-proxy.pem.pub

Reuse an existing key

One signing key works for all servers. If you already have a key from a previous setup (e.g. github-proxy.pem), you can reuse it here — just point -key at that file instead.

Worked example: Atlassian (Jira + Confluence)

Add an entry to your MCP client config that runs mcp-proxy wrapping npx mcp-remote <url>. For Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "atlassian-audited": {
      "command": "/Users/YOU/go/bin/mcp-proxy",
      "args": [
        "-name", "atlassian",
        "-key", "/Users/YOU/.agent-receipts/atlassian-proxy.pem",
        "-issuer-name", "Claude Desktop",
        "-operator-id", "did:web:anthropic.com",
        "-operator-name", "Anthropic",
        "npx", "--registry", "https://registry.npmjs.org", "-y", "mcp-remote",
        "https://mcp.atlassian.com/v1/mcp"
      ]
    }
  }
}

For Claude Code:

claude mcp add-json atlassian-audited --scope user '{
  "command": "/Users/YOU/go/bin/mcp-proxy",
  "args": [
    "-name", "atlassian",
    "-key", "'"$HOME"'/.agent-receipts/atlassian-proxy.pem",
    "-issuer-name", "Claude Code",
    "-operator-id", "did:web:anthropic.com",
    "-operator-name", "Anthropic",
    "npx", "--registry", "https://registry.npmjs.org", "-y", "mcp-remote",
    "https://mcp.atlassian.com/v1/mcp"
  ]
}'

Path tips

• Key path: $HOME expands in the shell so you don’t need to hard-code /Users/you. The snippet above uses single-quote escaping ('"$HOME"') so the variable expands before the JSON is passed to claude mcp add-json.
• Binary path: Claude Desktop doesn’t inherit your shell PATH, so GUI-launched instances may fail to find mcp-proxy if it’s in ~/go/bin. Use the full path — run which mcp-proxy to find it.

The first time the server is invoked, mcp-remote opens a browser tab to complete the OAuth flow with Atlassian. Subsequent runs reuse the cached token (managed by mcp-remote, not the proxy).

Bundled taxonomy

The proxy ships with bundled mappings for Atlassian’s Jira and Confluence tools (createJiraIssue, editJiraIssue, searchJiraIssuesUsingJql, createConfluencePage, updateConfluencePage, and others), so writes are scored as data.api.write and reads as data.api.read out of the box. No -taxonomy flag is required for those names. To extend or override, supply your own JSON file via -taxonomy /path/to/file.json — user mappings win on conflict. To disable the bundled set entirely, pass -bundled-taxonomies=false.

The list of bundled taxonomies lives at mcp-proxy/configs/ — open a PR to add or correct mappings.

Caveats

• OAuth is invisible to the proxy. mcp-remote owns the credential. The proxy can’t include token identity in receipts and can’t log auth refreshes. Tracked in #227.
• Naming collision. There are several unrelated tools called mcp-proxy in the ecosystem — make sure your command path points at the Agent Receipts binary (the one you installed via go install or downloaded from this project).

First-run OAuth — do this before connecting via your MCP client

mcp-remote needs an interactive browser session to complete the initial OAuth flow. Claude Code or Claude Desktop will show the server as failed until this is done.

Fix: run the full proxy command directly in a terminal first, complete the browser OAuth, then Ctrl+C and reconnect via /mcp:

$HOME/go/bin/mcp-proxy -name atlassian -key ~/.agent-receipts/atlassian-proxy.pem \
  npx --registry https://registry.npmjs.org -y mcp-remote https://mcp.atlassian.com/v1/mcp

Subsequent launches reuse the cached token managed by mcp-remote.

• Corporate npm registry. If your npm is configured to use a private registry (e.g. AWS CodeArtifact), npx mcp-remote will fail with a 404 Not Found error that looks like a missing package. The fix — already in the examples above — is to pass --registry https://registry.npmjs.org explicitly to npx.