Skip to main content

PraisonAI MCP Server

PraisonAI can expose its capabilities via the Model Context Protocol (MCP), allowing integration with Claude Desktop, Cursor, Windsurf, VSCode, and other MCP-compatible clients.
As of C12, the MCP server host ships as the standalone praisonai-mcp Tier-2 package. This page documents the heavy MCP host, whether you run it via praisonai-mcp (standalone) or praisonai mcp (umbrella). Both invocations are equivalent for host commands. See the praisonai-mcp Package guide and The Three MCP Layers for how it fits.

Protocol Version

PraisonAI MCP Server implements MCP Protocol Version 2025-11-25.

Quick Start

HTTP Stream Transport

Features

  • 70+ MCP Tools - Access all PraisonAI capabilities as MCP tools
  • 7 MCP Resources - Read-only access to configuration and status
  • 7 MCP Prompts - Pre-built prompts for common tasks
  • STDIO Transport - For Claude Desktop and local integrations
  • HTTP Stream Transport - For web-based integrations
  • Session Management - Full session support with resumability
  • Origin Validation - Security for HTTP transport
  • Progress Notifications - For long-running operations

Installation

Three pathways install the heavy MCP host.

CLI Commands

Start Server

The standalone praisonai-mcp console script and the umbrella praisonai mcp form are equivalent for all host commands.
Layer positioning: this is the heavy host. For the lighter alternatives (client and light server), see The Three MCP Layers.

List Components

Generate Client Config

Health Check

Server Options

--log-level only sets the level of the per-server praisonai.mcp_server.<name> logger — it no longer touches the process root logger. Other loggers in the host process (including audit and injection-defense telemetry) keep their own levels, so this is not a “quiet everything” switch.

Client Configuration

Claude Desktop

Add to ~/.config/claude/claude_desktop_config.json (macOS/Linux) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

Cursor

Add to Cursor MCP settings:

HTTP Stream Client

Environment Variables

Set these for full functionality:

Available Tools

Run praisonai mcp list-tools to see all available tools. Key categories:

Agent Tools

  • praisonai.agent.chat - Chat with an agent
  • praisonai.agent.run - Run a task with an agent
  • praisonai.workflow.run - Run a workflow
  • praisonai.research.run - Run deep research

Capability Tools

  • praisonai.chat.completion - Chat completion
  • praisonai.images.generate - Generate images
  • praisonai.audio.transcribe - Transcribe audio
  • praisonai.audio.speech - Text to speech
  • praisonai.embed.create - Create embeddings
  • praisonai.moderate.check - Content moderation
  • praisonai.rerank - Rerank documents
  • praisonai.search - Web search

Memory Tools

  • praisonai.memory.show - Show memory
  • praisonai.memory.add - Add to memory
  • praisonai.memory.search - Search memory
  • praisonai.memory.clear - Clear memory

Knowledge Tools

  • praisonai.knowledge.add - Add knowledge
  • praisonai.knowledge.query - Query knowledge
  • praisonai.knowledge.list - List sources
  • praisonai.knowledge.clear - Clear knowledge

Rules Tools

  • praisonai.rules.list - List active rules
  • praisonai.rules.show(rule_name) - Show a specific rule
  • praisonai.rules.create(rule_name, content) - Create a new rule
  • praisonai.rules.delete(rule_name) - Delete a rule
Security: As of PraisonAI 4.6.34, rule names are validated to prevent path traversal attacks. Rule names must be single filenames (no /, \, .., leading ., or NUL bytes).

Rules Tool Examples

Valid rule names:
  • "team-style.md"
  • "coding_standards.txt"
  • "PROJECT_RULES"
Invalid rule names:
  • "../../etc/passwd" ❌ (contains traversal)
  • "subdir/rule.md" ❌ (contains directory separator)
  • ".bashrc" ❌ (starts with dot)
For security details, see GHSA-9mqq-jqxf-grvw.

Available Resources

Available Prompts

Python API

Custom Tools

Register custom tools:

Security

Path Traversal Protection: PraisonAI 4.6.34 includes hardening against path traversal attacks in MCP rules tools. See GHSA-9mqq-jqxf-grvw for details.

Origin Validation

For HTTP Stream transport, origin validation is enabled by default:
  • Localhost binding: Only localhost origins allowed
  • External binding: Requires explicit --allowed-origins configuration

Authentication

Use --api-key for Bearer token authentication:
Clients must include:

STDIO Transport Reliability

The STDIO transport (praisonai-mcp serve --transport stdio) is hardened to work everywhere your MCP client runs and to survive bad input and shutdown.
  • Runs on Windows too — including Windows + Python 3.13, which used to crash. The host reads stdin on a dedicated background thread (named mcp-stdio-reader) instead of the async pipe API, so it no longer fails with OSError: [WinError 6] The handle is invalid when Cursor, Claude Desktop, or Windsurf spawn it with redirected pipes.
  • Bad input never kills the server — malformed (non-UTF-8) bytes become a JSON-RPC parse error (-32700) and the server keeps running.
  • Bounded input queue — incoming lines are capped at 1000 with backpressure, so a fast or hostile client can’t grow memory without limit.
  • Clean shutdown — stopping the server (Ctrl+C or client disconnect) wakes a reader that is blocked on idle-but-open stdin, so it never hangs.
You don’t configure any of this — it’s the default behaviour of the STDIO transport. See MCP STDIO Server Transport for the full picture.

Troubleshooting

Check Server Health

Enable Debug Logging

Clients can also raise the log level at runtime via the JSON-RPC logging/setLevel method. This scopes to the same per-server praisonai.mcp_server.<name> logger, and requires the admin scope when scoped API keys are configured.

Common Issues

  1. “Missing dependency” - Install with pip install praisonai[mcp]
  2. “No API keys configured” - Set OPENAI_API_KEY environment variable
  3. “Origin validation failed” - Add origin to --allowed-origins