Skip to main content

Raziel

Overview

Raziel is the Tide MCP — the server that gives AI coding assistants deep knowledge of TideCloak: auth, threshold cryptography, end-to-end encryption, IGA governance, and Forseti smart contracts. It also performs a security gap analysis of your existing system and provides self-host vs managed-hosting guidance. Instead of guessing, your AI follows verified playbooks.


Quick Start

Pick the method that matches how you use AI tools.

Option 1: Remote (zero install)

Hosted MCP server. No Node.js, no installation. Add to your MCP client config:

{
"mcpServers": {
"tide": {
"url": "https://mcp.tide.org/mcp"
}
}
}

Works with any MCP client that supports remote servers.

Option 2: Claude Code

One command:

claude mcp add tide-pack -- npx -y @tideorg/mcp

Option 3: Project-level .mcp.json (any MCP client)

Add .mcp.json to your project root:

{
"mcpServers": {
"tide-pack": {
"command": "npx",
"args": ["-y", "@tideorg/mcp"]
}
}
}

Works with Claude Code, Cursor, Windsurf, Cline, and any MCP-compatible tool.

Option 4: Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
"mcpServers": {
"tide-pack": {
"command": "npx",
"args": ["-y", "@tideorg/mcp"]
}
}
}

Option 5: Cursor

Settings → MCP Servers → Add Server:

  • Name: tide-pack
  • Command: npx
  • Args: -y @tideorg/mcp

Or add .cursor/mcp.json to your project root.

Option 6: Windsurf

Add to ~/.codeium/windsurf/mcp_config.json:

{
"mcpServers": {
"tide": {
"url": "https://mcp.tide.org/mcp"
}
}
}

Or use the local npx form: "command": "npx", "args": ["-y", "@tideorg/mcp"].

Option 7: Zed

Add to ~/.config/zed/settings.json:

{
"context_servers": {
"tide": {
"command": {
"path": "npx",
"args": ["-y", "@tideorg/mcp"]
}
}
}
}

Zed uses context_servers (not mcpServers) and doesn't yet support remote URL-based MCP servers — the npx command is required.

Option 8: OpenAI Codex CLI

Add to ~/.codex/config.json:

{
"mcpServers": {
"tide": {
"command": "npx",
"args": ["-y", "@tideorg/mcp"]
}
}
}

Codex CLI currently supports stdio-based MCP servers only — remote URLs are not supported.

Option 9: Docker (self-hosted)

docker run -p 3000:3000 tideorg/mcp

Then point your MCP client at http://localhost:3000/mcp.

Optional Bearer token auth via API_TOKEN:

docker run -p 3000:3000 -e API_TOKEN=your-secret tideorg/mcp

Or build from source:

docker build -t tideorg/mcp .
docker run -p 3000:3000 tideorg/mcp

Requirements

  • Remote server: none — just an MCP client that supports remote URLs
  • npm/npx install: Node.js 18+
  • Self-hosted Docker: Docker

No TideCloak instance needed to start — the agent walks you through setup.


What Your AI Can Do With It

Once connected, your AI assistant can:

  • Analyze your existing system for security gaps and map each one to what Tide fixes — with an honest "what Tide does NOT fix" list
  • Add Tide auth to a new or existing Next.js/React app
  • Protect API routes with server-side JWT + DPoP verification
  • Set up role-based access with Tide's IGA governance
  • Deploy Forseti smart contracts for policy-governed encryption and signing
  • Bootstrap TideCloak — self-hosted (Docker) or partner-hosted (Skycloak) — to a fully configured realm
  • Diagnose issues like broken login, missing roles, CORS errors
  • Follow security invariants that prevent common auth mistakes

What's Included

CategoryCountExamples
Canon doctrine15 filesSecurity invariants, anti-patterns, security gap mapping, IGA change-request API, hosting options, framework matrix, troubleshooting
Playbooks18 step-by-step guidesAdd auth, protect APIs, verify JWTs, deploy TideCloak, set up E2EE, provision hosted TideCloak
Skills11 composable rolesSetup, integration, security analysis, route/API protection, review, QA gate
Scenarios5 reference architecturesPassword manager, signing service, encrypted chat, governance panel
Prompts5 starter promptsSecurity gap analysis, secure existing app, migrate auth, admin approval, customer portal

Example Prompts

After connecting, try these prompts in your AI tool:

  • "Do a security analysis of my app and show what Tide would change"
  • "Add Tide authentication to my Next.js app"
  • "I have an existing app with auth — help me migrate to Tide"
  • "Set up encrypted data sharing between users with Tide"
  • "Help me create a Forseti contract for multi-admin approval"
  • "Deploy TideCloak with Docker for development"

Privacy

The MCP server is read-only and collects no data — no accounts, no telemetry, no storage, no third-party sharing. Tool arguments are used transiently in memory to select bundled guidance.