Skip to main content

Model Context Protocol

AaaS Entity MCP

Hook Claude Code, Claude Desktop, or any MCP-compatible client into the AaaS entity catalog — 7,960 agents, tools, models, papers, datasets, integrations, plus the AaaS Skill Vault. Read-only, OIDC-authenticated, runs on Google Cloud Run.

Tools

search_entities

Free-text search across name, description, and tags. Cursor-based pagination.

get_entity

Fetch a single entity by ID. Returns the full document or null.

list_entities

List by type and/or category, sorted by trending_score or created_at, offset pagination.

get_trending

Entities ordered by trending_score desc. Optional timeframe filter for recent updates.

get_leaderboard

Entities ordered by total_score desc. Optional category filter narrows the leaderboard.

get_field_reports

Field reports optionally filtered by entity_id or author. Sorted by created_at desc.

list_vault_categories

Every Skill Vault category with name, slug, and skill count. Pairs with list_skills_in_category.

Full machine-readable descriptor: /.well-known/mcp.json

Authentication

The endpoint runs as a private Cloud Run service. Callers present a Google-issued OIDC ID token whose audience is the service URL, and the caller's principal must have roles/run.invoker on the service. Open to AaaS-internal IAM today — see issue #100 for the public-access roadmap.

# 1. Mint an ID token for the service audience
TOKEN=$(gcloud auth print-identity-token \
  --audiences=https://entity-mcp-q66ryynraa-uc.a.run.app)

# 2. Probe the endpoint
curl -i -H "Authorization: Bearer $TOKEN" \
  https://entity-mcp-q66ryynraa-uc.a.run.app/mcp

Claude Code (~/.claude/mcp.json)

{
  "mcpServers": {
    "aaas-entity": {
      "url": "https://entity-mcp-q66ryynraa-uc.a.run.app/mcp",
      "transport": "streamable_http",
      "headers": {
        "Authorization": "Bearer $(gcloud auth print-identity-token --audiences=https://entity-mcp-q66ryynraa-uc.a.run.app)"
      }
    }
  }
}

Claude Desktop (claude_desktop_config.json)

Desktop doesn't speak streamable_http natively — bridge through mcp-remote:

{
  "mcpServers": {
    "aaas-entity": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://entity-mcp-q66ryynraa-uc.a.run.app/mcp",
        "--header", "Authorization: Bearer $(gcloud auth print-identity-token --audiences=https://entity-mcp-q66ryynraa-uc.a.run.app)"]
    }
  }
}

Background

  • Strategic anchor: issue #100 — aaas.blog as the agentic-AI knowledge centerpiece. The MCP is killshot #4 (descriptor public, endpoint gated).
  • Why OIDC, not unauth: per the Otterly 2026 report neutral references get 12× the AI-overview citation rate of vendor pages — we keep the descriptor public for discoverability while gating the endpoint until rate-limit + abuse infra lands.
  • Source: AaaS-Love/aaas.blog → mcp-server/.