- Builtin Kubernetes tools are provided by the AgentK and synchronized through the control plane.
- Builtin VM tools are provided by the AgentV and synchronized through the control plane.
- Remote MCP tools are discovered by the LLM gateway from target-scoped MCP server settings.
Tool sources
Newly discovered remote MCP tools stay disabled until an owner or admin enables each tool with an explicit
read or write capability.
Builtin Kubernetes tools
The current builtin tool set is:list_resourcesget_resourceget_resource_logsrestart_workloadscale_workloadsimulate_patchapply_remediation
Builtin VM tools
The current builtin VM tool set is read-only:get_host_summarylist_processesget_processlist_servicesget_service_statusget_logssearch_logscheck_portlist_listening_ports
Remote MCP server setup
Create remote MCP servers from the management console’s MCP Servers view, or through the target-scoped control-plane API. Server creation is discovery-first: provide connection details, then review and enable discovered tools.
Server URL changes are modeled as delete and re-add. Owners and admins can update the server name, enabled state, secret-backed auth fields, public headers, and tool settings in place.
Public header policy
UsepublicHeaders only for non-secret metadata such as client version, tenant hint, or feature flag headers required by a trusted MCP server.
Public headers must follow these rules:
- at most 64 headers per server,
- header names must be valid HTTP header tokens and 128 characters or fewer,
- values must be strings, 4096 characters or fewer, and cannot contain CR or LF,
- credential-like names such as
Authorization,Cookie,x-api-key,x-auth-token, and names containingtoken,secret,credential,api-key, orapikeyare rejected, - platform scope headers such as
x-workspace-id,x-target-id,x-target-type,x-run-id, andx-tool-nameare reserved.
staticHeaders is no longer part of the public API. Send non-secret metadata as top-level publicHeaders; keep credentials in the secret-backed auth fields.
Header forwarding order
When the gateway calls a remote MCP server, it applies headers in this order:- configured
publicHeaders, - platform scope headers,
- the configured auth header derived from the secret store.
x-workspace-id, x-target-id, and x-target-type. Runtime tool calls also include x-run-id.
Public headers cannot override platform scope or auth headers. Remote MCP servers should treat platform scope headers as AcornOps-provided context, not user-controlled data.
Egress controls
Production gateways should require HTTPS for remote MCP servers and block private, local, and reserved network targets unless you intentionally allow specific hosts. Use these controls together:
Use allow-lists for trusted internal MCP endpoints instead of enabling broad private-network access.