What This Does
This guide helps users and administrators connect a compatible MCP client to LoopIQ.
MCP clients can discover LoopIQ tools, retrieve governed context, and, where allowed, request actions. LoopIQ MCP is intended to preserve tenant isolation, user identity, permissions, approvals, idempotency, and auditability.
Before You Begin
Make sure:
- MCP is enabled for your organization
- your role allows MCP access
- you have the correct LoopIQ environment URL
- you have an approved authentication method
- your MCP client supports streamable HTTP MCP connections
- you know which tenant or organization you intend to use
Choose the Correct Endpoint
Your administrator should provide the exact endpoint.
For production, common values are:
- Base AI domain:
https://ai.loopiq.com
- MCP endpoint path:
https://ai.loopiq.com/mcp
Some MCP clients ask for the base server URL. Others ask for the full MCP endpoint path. Use the format required by your client.
Do not hardcode a shared bearer token into a client configuration that other users can see. Use the authentication method approved by your organization.
Authentication
LoopIQ MCP should run with the authenticated user’s identity and tenant context.
Depending on your tenant setup, authentication may use:
- an OAuth access token
- a LoopIQ-issued bearer token
- a backend-mediated Helix session
- another administrator-approved method
The token should identify the user and tenant. If the token contains multiple tenant claims, LoopIQ uses the active tenant context for the request.
Connect a Client
- Open your MCP-compatible client settings.
- Add a new MCP server.
- Enter the LoopIQ MCP URL provided by your administrator.
- Configure authentication if your client supports it.
- Save the connection.
- List available tools.
- Start with a read-only tool to confirm the tenant and data scope.
- Use write tools only after reviewing the payload and expected effect.
Confirm Tenant Context
After connecting, ask a read-only question such as:
- “Which LoopIQ tenant am I connected to?”
- “Show my current release certifications.”
- “List releases for my selected team.”
- “Show evidence gaps for release
backend-v1.0-GCN.”
The response should match the organization and team you expect.
Client Safety Checklist
Before using MCP for write actions, confirm:
- the tool list only includes tools appropriate for your role
- records returned belong to the expected tenant
- write tools require approval where your policy requires it
- tool responses include structured errors when something fails
- action responses include audit details
- repeated requests use idempotency keys where possible
Using MCP Through Helix
Most LoopIQ users should use MCP through Helix rather than configuring a separate client.
Helix can:
- read release and evidence context
- propose a governed action
- show an approval card
- send the approved payload to the backend
- execute the MCP tool with tenant and auth propagation
- show audit details after completion
This keeps the user experience simpler and safer than exposing raw tools directly.
Troubleshooting
The Client Cannot Connect
Check the endpoint URL, network access, authentication token, and whether the client expects the base server URL or the /mcp path.
Confirm MCP is enabled for your organization and your role has MCP access.
The Client Shows the Wrong Tenant
Sign out and sign back in, then reconnect with the correct organization selected. If you belong to multiple tenants, confirm the token and active tenant context.
Your token may be expired, missing tenant claims, or missing permissions for the selected tool.
A Write Action Creates Duplicate Records
Use idempotency keys for repeatable write requests and avoid retrying a write action without checking the audit result.
Related Articles