Security and Access

LyftData MCP does not introduce a second auth or RBAC system. The session inherits identity and permissions from the LyftData client process that hosts it.

Authentication sources

Auth source	Flags	Best fit	Notes
Cached login	none	Desktop or operator-driven sessions	Reuses the token from lyftdata login for the selected --url and --profile
Explicit JWT	--jwt "$JWT"	Managed runs where another system owns token issuance	The MCP process uses the bearer token directly
API-key-minted JWT	--api-key "$API_KEY" and optional --ttl	Long-running headless sessions	The process mints short-lived JWTs from the API key and refreshes them before expiry

Authorization boundary

• Server-side permissions remain authoritative. If the underlying identity cannot read or mutate a resource through LyftData, the MCP session cannot do it either.
• Admin-scoped tools and endpoints still require admin credentials. This includes MCP notification transport discovery for /api/mcp/notifications/*.
• Changing --url or --profile changes the trust boundary because cached logins are keyed to the selected environment and profile.

Write gating

• --allow-write is a local session switch that exposes mutating tools for that process.
• The flag does not elevate the underlying server identity.
• Without the flag, write-capable tools fail fast instead of silently mutating state.

Note

Keep read-only and write-capable sessions as separate processes. That gives you a clean process boundary, cleaner audit context, and less risk of using the wrong session for a live change.

Operator visibility

Activity forwarding

• --activity-forward publishes metadata-only tool activity to the LyftData server for operator review.
• --activity-session-label adds a human-readable label such as dev-laptop, ci, or prod-watch.
• Forwarding is best-effort and non-blocking. Tool execution continues even if activity publishing fails.
• Full request and response bodies are not forwarded.

Notifications and live state

• job_notifications_recent is the polling-friendly path for assistants that cannot hold a websocket side channel.
• mcp_notifications_transport_get returns the MCP notification endpoints, including /api/mcp/notifications/recent and /api/mcp/notifications/subscribe.
• The /api/mcp/notifications/* endpoints are admin-scoped.

Process telemetry

• --otel-tracing enables OpenTelemetry export for the MCP process.
• --otel-service-name overrides the default service name, lyftdata-mcp.
• mcp_server_metrics is the quickest in-band check for process health, write mode, error counts, and timeout counts.

Practical posture

• Use cached login for normal operator desktop sessions.
• Use --jwt or --api-key when token ownership and rotation need to be explicit.
• Keep routine monitoring and diagnostics read-only.
• Enable --allow-write only for tightly scoped operational sessions.
• Enable activity forwarding deliberately and document the session-label convention in your runbook.