This section provides a comprehensive glossary of terms related to the OpenEdge MCP Server that you will see throughout this guide.

  • MCP tool—A secure and discoverable external service that allows AI agents like LLMs to invoke specific business operations exposed by an MCP Server. Each tool corresponds to one OpenAPI operation, such as GET /orders or POST /customers, and includes metadata for safe execution.

    For example, a database query tool for inventory levels enables AI models to fetch real-time inventory data from business systems using the MCP protocol. This tool allows secure, managed access to database queries, supporting operational decisions, and inventory management.

  • Tool generation—Each OpenAPI operation is converted into a distinct MCP tool, ensuring one-to-one mapping between API operations and MCP tools. In addition, helper utilities are generated to expose schemas, tags, and prompts for better discoverability and usability. This approach eliminates manual wiring and promotes consistency across tools.
  • Prompt—A server-provided, Markdown-based asset that guides AI responses and can coordinate multiple tools for complex workflows. It is scope-filtered to ensure visibility only to authorized users and size-guarded to prevent excessive memory consumption or injection risks.
  • Scope—Named permissions that control both the discovery and invocation of MCP tools. They align with the configured security model, enforcing least privilege by gating access to tools and prompts based on assigned scopes.
  • Routing map—Define which HTTP methods and paths are permitted or restricted. They use INCLUDE and EXCLUDE directives to enforce routing policies, such as blocking write operations by default unless explicitly allowed.
  • Response guard—A safety mechanism that enforces limits on response size and array length to ensure that the responses sent back to the client stay within the defined boundaries. It operates in configurable modes, such as block, trim, or warn to prevent runaway responses and maintain predictable behavior during tool execution.
  • Profile—Reproducible environment bundles generated by the mcpgen utility. Each profile includes configuration files, scripts, certificates, and other runtime artifacts required to start and manage an MCP Server instance. Profiles ensure deterministic deployments across environments.
  • Export and hardening—Create deployable artifacts from development profiles. These artifacts are immutable and include pinned image digests. Hardening steps tighten security posture before production deployment.
  • MCP (Model Context Protocol)—A standardized interaction model between agents and servers. It enables AI agents to discover, understand, and safely invoke tools exposed by the OpenEdge MCP Server, ensuring secure and structured communication.
  • Service account JSON Web Token (JWT)—A trusted credential issued to the OpenEdge MCP Server, enabling privileged evaluation of operations.
  • JSON Web Key Set (JWKS)—A standardized format for representing a set of public cryptographic keys in JSON. JWKS is commonly used to publish the keys required to verify the signatures of JWTs. The OpenEdge MCP Server uses JWKS to securely verify authentication tokens (JWTs) presented by users or service accounts. The server is configured with a jwks_uri, which is a URL endpoint provided by an identity provider, such as Azure AD, Keycloak, or AWS Cognito. This endpoint publishes the current set of public keys that the MCP Server retrieves and uses to verify the authenticity of incoming JWTs.
  • User token—Represents the end-user identity that is passed through or exchanged for downstream calls. It ensures that operations are executed under the correct user context, supporting fine-grained authorization.
  • OpenAPI specification—a widely adopted standard for describing RESTful APIs in a machine-readable format, such as JSON or YAML. It provides a structured way to define the endpoints, request and response formats, authentication methods, and other details of an API.