Raziel
Overview
Raziel is the Tide MCP — the server that gives AI coding assistants deep knowledge of TideCloak: auth, threshold cryptography, end-to-end encryption, IGA governance, and Forseti smart contracts. It also performs a security gap analysis of your existing system and provides self-host vs managed-hosting guidance. Instead of guessing, your AI follows verified playbooks.
Quick Start
Pick the method that matches how you use AI tools.
Option 1: Remote (zero install)
Hosted MCP server. No Node.js, no installation. Add to your MCP client config:
{"mcpServers": {"tide": {"url": "https://mcp.tide.org/mcp"}}}
Works with any MCP client that supports remote servers.
Option 2: Claude Code
One command:
claude mcp add tide-pack -- npx -y @tideorg/mcp
Option 3: Project-level .mcp.json (any MCP client)
Add .mcp.json to your project root:
{"mcpServers": {"tide-pack": {"command": "npx","args": ["-y", "@tideorg/mcp"]}}}
Works with Claude Code, Cursor, Windsurf, Cline, and any MCP-compatible tool.
Option 4: Claude Desktop
Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{"mcpServers": {"tide-pack": {"command": "npx","args": ["-y", "@tideorg/mcp"]}}}
Option 5: Cursor
Settings → MCP Servers → Add Server:
- Name:
tide-pack - Command:
npx - Args:
-y @tideorg/mcp
Or add .cursor/mcp.json to your project root.
Option 6: Windsurf
Add to ~/.codeium/windsurf/mcp_config.json:
{"mcpServers": {"tide": {"url": "https://mcp.tide.org/mcp"}}}
Or use the local npx form: "command": "npx", "args": ["-y", "@tideorg/mcp"].
Option 7: Zed
Add to ~/.config/zed/settings.json:
{"context_servers": {"tide": {"command": {"path": "npx","args": ["-y", "@tideorg/mcp"]}}}}
Zed uses context_servers (not mcpServers) and doesn't yet support remote URL-based MCP servers — the npx command is required.
Option 8: OpenAI Codex CLI
Add to ~/.codex/config.json:
{"mcpServers": {"tide": {"command": "npx","args": ["-y", "@tideorg/mcp"]}}}
Codex CLI currently supports stdio-based MCP servers only — remote URLs are not supported.
Option 9: Docker (self-hosted)
docker run -p 3000:3000 tideorg/mcp
Then point your MCP client at http://localhost:3000/mcp.
Optional Bearer token auth via API_TOKEN:
docker run -p 3000:3000 -e API_TOKEN=your-secret tideorg/mcp
Or build from source:
docker build -t tideorg/mcp .docker run -p 3000:3000 tideorg/mcp
Requirements
- Remote server: none — just an MCP client that supports remote URLs
- npm/npx install: Node.js 18+
- Self-hosted Docker: Docker
No TideCloak instance needed to start — the agent walks you through setup.
What Your AI Can Do With It
Once connected, your AI assistant can:
- Analyze your existing system for security gaps and map each one to what Tide fixes — with an honest "what Tide does NOT fix" list
- Add Tide auth to a new or existing Next.js/React app
- Protect API routes with server-side JWT + DPoP verification
- Set up role-based access with Tide's IGA governance
- Deploy Forseti smart contracts for policy-governed encryption and signing
- Bootstrap TideCloak — self-hosted (Docker) or partner-hosted (Skycloak) — to a fully configured realm
- Diagnose issues like broken login, missing roles, CORS errors
- Follow security invariants that prevent common auth mistakes
What's Included
| Category | Count | Examples |
|---|---|---|
| Canon doctrine | 15 files | Security invariants, anti-patterns, security gap mapping, IGA change-request API, hosting options, framework matrix, troubleshooting |
| Playbooks | 18 step-by-step guides | Add auth, protect APIs, verify JWTs, deploy TideCloak, set up E2EE, provision hosted TideCloak |
| Skills | 11 composable roles | Setup, integration, security analysis, route/API protection, review, QA gate |
| Scenarios | 5 reference architectures | Password manager, signing service, encrypted chat, governance panel |
| Prompts | 5 starter prompts | Security gap analysis, secure existing app, migrate auth, admin approval, customer portal |
Example Prompts
After connecting, try these prompts in your AI tool:
- "Do a security analysis of my app and show what Tide would change"
- "Add Tide authentication to my Next.js app"
- "I have an existing app with auth — help me migrate to Tide"
- "Set up encrypted data sharing between users with Tide"
- "Help me create a Forseti contract for multi-admin approval"
- "Deploy TideCloak with Docker for development"
Privacy
The MCP server is read-only and collects no data — no accounts, no telemetry, no storage, no third-party sharing. Tool arguments are used transiently in memory to select bundled guidance.
Links
- npm: @tideorg/mcp
- Docker Hub: tideorg/mcp
- GitHub: tide-foundation/raziel-mcp