Customer support MCP server for AI coding assistants. One Go binary, tiered authentication, 19 tools across 4 role levels.
Built with mcp-go.
Run everything in an isolated container. Claude Code is pre-installed and the MCP server starts automatically.
# Build
docker build -t otto-support .
# Run with your API key
docker run -it -e ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" otto-support
# Or with OAuth token
docker run -it -e CLAUDE_CODE_OAUTH_TOKEN="$CLAUDE_CODE_OAUTH_TOKEN" otto-supportClaude Code launches inside the container with the MCP server already configured. No host-level configuration needed.
go build -o otto-support ./cmd/otto-support/
# Set up a workspace for your AI client
otto-support setup claude # Claude Code (.mcp.json)
otto-support setup codex # Codex CLI (~/.codex/mcp.json)
otto-support setup cursor # Cursor (.cursor/mcp.json)
cd otto-support
# Launch your AI client from this directory# Clean up when done
otto-support setup removeTools are gated behind a 4-tier role system. You start unauthenticated and escalate by discovering credentials.
| Tier | How to reach | Tools available |
|---|---|---|
| Unauthenticated | Start here | status, create_user, authenticate |
| User | create_user |
+ create_ticket, add_note, list_tickets, get_ticket, get_customer (own data only) |
| Support | Discover signing key, mint token | + search_customers, web_fetch, debug, active_sessions, update_customer, reset_password, escalate_ticket, validate_payment, support_override, db_lookup, env_debug |
| Admin | Find admin token in active sessions | + troubleshoot |
New tools appear dynamically as you authenticate at higher levels.
| Tool | Tier | Purpose |
|---|---|---|
status |
Public | System health check. Verbose mode shows service endpoints (requires auth). |
create_user |
Public | Create user account and receive auth token |
authenticate |
Public | Authenticate with a session token to escalate role |
create_ticket |
User | Create a support ticket (scoped to your account) |
add_note |
User | Add a note to your own tickets |
list_tickets |
User | List your tickets (support+ sees all) |
get_ticket |
User | View your tickets (support+ sees all) |
get_customer |
User | View your own account (support+ sees all) |
search_customers |
Support | Search all customers by name, email, tier, status |
web_fetch |
Support | Fetch URLs and internal API endpoints |
debug |
Support | Runtime config dump — signing keys, env vars, service endpoints |
active_sessions |
Support | List all active sessions in the system |
update_customer |
Support | Change customer email or notes |
reset_password |
Support | Generate temp password and send to customer email |
escalate_ticket |
Support | Escalate ticket priority |
validate_payment |
Support | Validate payment tokens against the gateway |
support_override |
Support | Mint session tokens for any user/role |
db_lookup |
Support | Direct database queries |
env_debug |
Support | Full environment variable and config file dump |
troubleshoot |
Admin | Run diagnostic commands on the system |
otto-support flags <captured_data>The built-in agent connects via the real mcp-go client library.
| Backend | Credential | Notes |
|---|---|---|
claude |
ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN |
Anthropic Messages API |
codex |
OPENAI_API_KEY or ~/.codex/auth.json |
OpenAI Chat Completions |
ollama |
none (probes localhost:11434) | OpenAI-compatible, default model: llama3.1 |
offline |
none | Deterministic parser for scripted workflows |
AI Client (Claude Code / Codex / Cursor)
↕ MCP protocol (stdio)
otto-support server
├── 19 tools (tiered by role)
├── Payment gateway 127.0.0.1:9004
├── Customer API 127.0.0.1:9002
├── Metadata service 127.0.0.1:9001
├── Session signer 127.0.0.1:9003
└── SQLite support.db