How do I install Tesseraai?

Tesseraai is a local plugin. Install it using npm package: @tessera-llm/mcp-server and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Tesseraai need?

Tesseraai requires the following credentials or environment variables: TESSERA_API_KEY, TESSERA_UPSTREAM_API_BASE_URL. You can find setup instructions on the server detail page.

What AI apps work with Tesseraai?

Tesseraai uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Tesseraai MCP Server

by Tessera Llm

Developer ToolsModerate5.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

MCP server for Tessera's LLM cost-optimization layer: anchored spend, drift, recommendations.

About

MCP server for Tessera's LLM cost-optimization layer: anchored spend, drift, recommendations.

Security Report

5.2

Moderate5.2Moderate Risk

This is a well-structured MCP server for LLM cost optimization with proper authentication, thoughtful security design, and minimal vulnerabilities. Auth is required on all sensitive operations, API keys are handled via environment variables, and the codebase includes deliberate mitigations for prompt injection and tool poisoning. Permissions align appropriately with the server's purpose of querying cost data and approving recommendations. Minor code quality observations do not materially impact security. Supply chain analysis found 4 known vulnerabilities in dependencies (1 critical, 2 high severity). Package verification found 1 issue.

7 files analyzed · 9 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

process_spawn

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

API key in tk_* format. Get one free at https://tesseraai.io/dev.Required

Environment variable: TESSERA_API_KEY

Override only for staging or local-dev testing.Optional

Environment variable: TESSERA_UPSTREAM_API_BASE_URL

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-tesseraai-mcp-server": {
      "env": {
        "TESSERA_API_KEY": "your-tessera-api-key-here",
        "TESSERA_UPSTREAM_API_BASE_URL": "your-tessera-upstream-api-base-url-here"
      },
      "args": [
        "-y",
        "@tessera-llm/mcp-server"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

tessera-mcp-server

The MCP server that returns money, not data.

Status: v0.1.0-alpha — scaffolding in progress. Not yet published. Spec: D:/Skin/plans/tessera-mcp-server-spec-2026-05-26.md.

Tessera is an LLM proxy that optimizes API spend through multi-provider routing, prompt compression, audit-immutable logging, output-length prediction, and batch arbitrage. This package exposes Tessera as an MCP server for tool-using agents — Claude Desktop, Claude Code, Cursor, Cline, Continue, Goose, Zed.

Where other LLM-infrastructure MCP servers return logs, traces, or prompt metadata, this one returns savings decisions: what's drifting, what to switch, what to approve, what to audit.

Install

npx @tessera-llm/mcp-server

Or add to your client config:

Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json on macOS, %APPDATA%\Claude\claude_desktop_config.json on Windows):

{
  "mcpServers": {
    "tessera": {
      "command": "npx",
      "args": ["-y", "@tessera-llm/mcp-server"],
      "env": {
        "TESSERA_API_KEY": "tk_live_..."
      }
    }
  }
}

Claude Code (.mcp.json in project root):

{
  "mcpServers": {
    "tessera": {
      "command": "npx",
      "args": ["-y", "@tessera-llm/mcp-server"],
      "env": {
        "TESSERA_API_KEY": "tk_live_..."
      }
    }
  }
}

Cursor (~/.cursor/mcp.json):

{
  "mcpServers": {
    "tessera": {
      "command": "npx",
      "args": ["-y", "@tessera-llm/mcp-server"],
      "env": { "TESSERA_API_KEY": "tk_live_..." }
    }
  }
}

Get a TESSERA_API_KEY at tesseraai.io/dev — Free Sandbox is 60M tokens/month with no card.

Tools

v0.1 exposes 6 tools (5 read + 1 mutate). Hard cap — no tool sprawl.

Tool	Read/Write	Purpose
`tessera_list_workloads`	read	List your mapped workloads with anchor cost + current m-stack.
`tessera_get_savings_report`	read	Anchored spend + measured savings + performance-fee accrual for a window.
`tessera_get_recommendation_queue`	read	Pending Optimize-tab recommendations with expected lift + confidence.
`tessera_get_ledger_entries`	read	Audit-immutable Monthly Reading rows (provider call, mechanic stack applied, savings).
`tessera_get_quality_snapshot`	read	SLA floor + p50/p95 quality scores + drift events.
`tessera_approve_recommendation`	mutate	Move a queued mechanic from "suggested" to "active" with audit-trail entry.

Provider config writes, API-key management, composition cap changes, and Stripe operations are deliberately NOT in this surface — they live in the dashboard, where blast-radius requires explicit modal confirmation.

Transport

stdio (default) — local clients (Claude Desktop, Cursor, Cline, Continue, Claude Code)
Streamable HTTP (optional) — set TESSERA_MCP_TRANSPORT=http to bind on localhost:8788 for remote / Goose / Zed-via-mcp-remote

SSE (deprecated in MCP spec 2025-11-25) is not supported.

Auth

TESSERA_API_KEY env var or Authorization: Bearer <key> header (HTTP transport). Same API key as the SDK — tk_live_* format. Future v0.2: OAuth 2.1 (aligned with MCP spec RC 2026-07-28).

Security posture

Tools receiving user-controlled content (ledger notes, recommendation rationale strings, workload names) are labelled __untrusted__ to prevent prompt-injection cascade per the Supabase/Cursor 2025 pattern.
mcp-scan (Invariant Labs) runs in CI to catch tool-poisoning attacks in tool descriptions.
No execute_code escape hatch. Typed verbs only.
No session-based auth. Every request authenticates independently per MCP spec 2026 requirement.

License

Apache-2.0. Tessera is a product of Fintechagency OÜ (Estonia, Tallinn).

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Tesseraai MCP Server

About

Security Report

Findings (9)Action required

Permissions Required

What You'll Need

How to Install

Documentation

tessera-mcp-server

Install

Tools

Transport

Auth

Security posture

License

Links

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

FinAgent