Per-user bearer tokens for the cockpit Model Context Protocol endpoint at https://cockpit.boco.agency/api/internal/mcp. Created tokens display once; revoke anytime. Mint one per Claude session, CLI script, or agent so the audit log can attribute calls.
No tokens yet. Create one to start attributing MCP calls.
Format:mcp_{prefix:8}_{secret:64hex} · Auth header:Authorization: Bearer mcp_... See ~/boco/os/cockpit/MCP.md for protocol + tool surface. The legacy INTERNAL_SHARED_SECRET bearer continues to work; both auth modes coexist in v1.