Tessera MCP Server

Máy chủ MCP cho lớp tối ưu hóa chi phí LLM của Tessera. Chi tiêu được neo, phát hiện độ lệch, đề xuất dưới dạng công cụ đã được phân loại.

Tài liệu

tessera-mcp-server

The MCP server that returns money, not data.

npm version Apache-2.0 License

Status: v0.1.3 — published 2026-05-27 on npm with sigstore SLSA provenance v1, listed on registry.modelcontextprotocol.io.

Tessera is an LLM proxy that optimizes API spend through multi-provider routing, prompt compression, audit-immutable logging, output-length prediction, and batch arbitrage. This package exposes Tessera as an MCP server for tool-using agents — Claude Desktop, Claude Code, Cursor, Cline, Continue, Goose, Zed.

Where other LLM-infrastructure MCP servers return logs, traces, or prompt metadata, this one returns savings decisions: what's drifting, what to switch, what to approve, what to audit.

See it in action

Tessera launch demo — 41-second walkthrough

▶ 41-second walkthrough: live counter ticks · baseline $74,800 → actual $30,000 ($44,800 saved, 60% reduction) · audit-immutable savings ledger. Click to play.

Install

npx @tessera-llm/mcp-server

Or add to your client config:

Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json on macOS, %APPDATA%\Claude\claude_desktop_config.json on Windows):

{
  "mcpServers": {
    "tessera": {
      "command": "npx",
      "args": ["-y", "@tessera-llm/mcp-server"],
      "env": {
        "TESSERA_API_KEY": "tk_..."
      }
    }
  }
}

Claude Code (.mcp.json in project root):

{
  "mcpServers": {
    "tessera": {
      "command": "npx",
      "args": ["-y", "@tessera-llm/mcp-server"],
      "env": {
        "TESSERA_API_KEY": "tk_..."
      }
    }
  }
}

Cursor (~/.cursor/mcp.json):

{
  "mcpServers": {
    "tessera": {
      "command": "npx",
      "args": ["-y", "@tessera-llm/mcp-server"],
      "env": { "TESSERA_API_KEY": "tk_..." }
    }
  }
}

Get a TESSERA_API_KEY at tesseraai.io/dev — Free Sandbox is 60M tokens/month with no card.

Tools

v0.1 exposes 6 tools (5 read + 1 mutate). Hard cap — no tool sprawl.

ToolRead/WritePurpose
tessera_list_workloadsreadList your mapped workloads with anchor cost + current m-stack.
tessera_get_savings_reportreadAnchored spend + measured savings for a window.
tessera_get_recommendation_queuereadPending Optimize-tab recommendations with expected lift + confidence.
tessera_get_ledger_entriesreadAudit-immutable Monthly Reading rows (provider call, mechanic stack applied, savings).
tessera_get_quality_snapshotreadSLA floor + p50/p95 quality scores + drift events.
tessera_approve_recommendationmutateMove a queued mechanic from "suggested" to "active" with audit-trail entry.

Provider config writes, API-key management, composition cap changes, and Stripe operations are deliberately NOT in this surface — they live in the dashboard, where blast-radius requires explicit modal confirmation.

Transport

  • stdio (default) — local clients (Claude Desktop, Cursor, Cline, Continue, Claude Code)
  • Streamable HTTP (optional) — set TESSERA_MCP_TRANSPORT=http to bind on localhost:8788 for remote / Goose / Zed-via-mcp-remote

SSE (deprecated in MCP spec 2025-11-25) is not supported.

Auth

TESSERA_API_KEY env var or Authorization: Bearer <key> header (HTTP transport). Same API key as the SDK — tk_* format. Future v0.2: OAuth 2.1 (aligned with MCP spec RC 2026-07-28).

Security posture

  • Tools receiving user-controlled content (ledger notes, recommendation rationale strings, workload names) are labelled __untrusted__ to prevent prompt-injection cascade per the Supabase/Cursor 2025 pattern.
  • mcp-scan (Invariant Labs) runs in CI to catch tool-poisoning attacks in tool descriptions.
  • No execute_code escape hatch. Typed verbs only.
  • No session-based auth. Every request authenticates independently per MCP spec 2026 requirement.

License

Apache-2.0. Tessera is a product of Fintechagency OÜ (Estonia, Tallinn).

Links