Remote Agent
Connect Konrado.AI to private MCP servers through a routed remote proxy agent
Remote Agent installs an MCP-aware proxy on a server you control. Konrado.AI connects to the proxy with the Remote Agent API key, and each proxied request can include the target host and target token for the private MCP server behind it.
Use it when the real MCP endpoint is inside a private network, behind a firewall, reachable only from a jump host, or should be exposed through one stable Remote Agent URL.
What Is It?
Remote Agent is a network bridge for MCP servers that Konrado.AI cannot reach directly. It runs on a server you control, authenticates inbound MCP traffic, validates the requested target host when an allowlist is configured, optionally translates that target to an internal host:port, and forwards the request to the target server.
When a request does not include target headers, Remote Agent answers as its own local MCP service for basic agent status and maintenance context. When target headers are present, it acts as a pass-through proxy and does not reshape or merge the target server's data.
What It Can Do
| Capability | How it helps support |
|---|---|
| Reach private MCP servers | Connect Konrado.AI to internal MCP endpoints without exposing each target directly |
| Route target hosts | Accept a public target name from Konrado.AI and optionally translate it to an internal host:port |
| Enforce target allowlisting | Use HOSTS to restrict which target hosts can be reached through the proxy |
| Preserve MCP sessions | Forward target authentication, cookies, MCP session headers, and JSON or event-stream responses |
| Inspect proxy activity | Review recent request status, blocked requests, durations, target hosts, and blocked reasons in the dashboard |
| Support custom data sources | Use Remote Agent together with private or generic MCP servers for internal APIs and systems |
Data Available To AI And Operators
| Data area | What can be used |
|---|---|
| Target MCP data | The capabilities, context, and responses returned by the selected private MCP server |
| Routing context | Requested target host, optional internal host mapping, operator label, and whether the target is allowed |
| Request diagnostics | Recent request timestamp, client IP, method, path, target host, status code, duration, pass/block state, and blocked reason |
| Proxy health | Basic service health, Remote Agent version context, and maintenance log context |
| Session behavior | Forwarded target token, MCP session header, cookies, and response type so stateful MCP sessions keep working |
What It Cannot Do
| Not supported by default | Why this matters |
|---|---|
| Make an unsafe MCP server read-only | Your target MCP server controls its own permissions |
| Bypass target authentication | Requests still need valid target host and token details |
| Store target credentials for every request | The target host and target token are sent with the request instead of being configured as static target secrets in Remote Agent |
| Automatically discover internal MCP servers | Targets must be provided by Konrado.AI and, in production, explicitly listed in HOSTS |
| Proxy arbitrary HTTP applications or paths | Remote Agent is built for MCP traffic on its MCP endpoints and forwards target traffic to the target MCP endpoint |
| Replace firewall or reverse-proxy design | You still control which networks can reach the Remote Agent dashboard and proxy |
| Guarantee or normalize data shape | Data depends on the MCP server behind the proxy |
Security Model
Use HOSTS as an allowlist whenever possible. Empty HOSTS=[] accepts any requested target host, which is useful for testing but too broad for most production setups. Treat API_KEY and target MCP tokens as secrets, expose the dashboard only to trusted networks or behind your own access control, and keep target MCP servers scoped to the data support actually needs.
Ticket Examples
- "Konrado can reach Remote Agent, but the private MCP target is blocked. Is the requested target host allowed?"
- "We moved an internal MCP server to a new private IP. Can we update the route without changing the public Remote Agent URL?"
- "Requests to the private hosting MCP server are slow. Do proxy durations show whether the delay is at the target?"
- "The integration is returning Remote Agent context instead of the private server data. Are the target host and target token being sent?"
- "A request fails before it reaches the target. Is the issue authentication, missing target headers, or the host allowlist?"
- "Can we route multiple private MCP servers through one Remote Agent using labels and internal host mappings?"
Prerequisites
- Access to Konrado.AI Integrations.
- Root SSH access to the server where Konrado AI Remote Agent will run.
- The target MCP server host and token that Konrado.AI will send in request headers.
- Outbound network access from the remote server to the target MCP server.
- An available TCP port on the remote server. The default dashboard and proxy port is
8001.
Installation
In Konrado.AI, open Integrations > Applications, click Add Integration, and choose Remote Agent.

- Log in to the Remote Agent server via SSH as the root user.
- Copy the installation command from the Remote Agent modal.
- Run the command in the SSH session.
- Wait for automatic connection detection in Konrado.AI.
The generated command will look like this:
bash <(curl -s https://raw.githubusercontent.com/konradoai/proxy-downloader/main/init.sh) --api-key=YOUR_API_KEY --callback-url=https://app.konrado.ai/api/integrations/servers/installRemote Agent uses the proxy-downloader installer and does not include a --platform argument.
The installer creates /opt/KonradoAiRemoteAgent, installs the KonradoAiRemoteAgent Python package, starts konrado-mcp-remote-agent.service, generates API_KEY, and registers the server callback with Konrado.AI.
Configure host routing after installation in the Remote Agent dashboard.
Open the Dashboard
The dashboard is available at:
http://<SERVER_IP>:8001/dashboardIf port 8001 is already in use, change SERVER_PORT in the Remote Agent configuration and restart the service. Make sure your firewall allows the selected port from the networks that need dashboard or proxy access.
The Logs tab shows recent requests, status codes, durations, whether requests passed or were blocked, target hosts, and the reason for blocked requests.

The Configuration tab edits the HOSTS runtime configuration saved in .env.

Configuration Fields
Remote Agent uses these .env fields:
| Field | Description |
|---|---|
API_KEY | Bearer token used by Konrado.AI to authenticate to the Remote Agent |
SERVER_BIND_IP_ADDRESS | Address the Remote Agent listens on, usually 0.0.0.0 |
SERVER_PORT | Port the Remote Agent listens on, usually 8001 |
HOSTS | JSON array managed from the dashboard. Empty HOSTS=[] allows any Target-Host; non-empty HOSTS acts as an allowlist and optional routing map |
Remote Agent no longer uses static target host or target token fields in .env. The target host and token must come from request headers when Konrado.AI wants to reach a private MCP server.
Each HOSTS entry can contain:
| Field | Description |
|---|---|
host | Required host value accepted from the Target-Host request header |
internalHost | Optional internal host:port that Remote Agent connects to when Target-Host matches host |
label | Optional operator label, for example DirectAdminResellers or cPanel EU clients |
Example:
HOSTS='[
{"host":"65.21.54.1:8000","label":"Direct target"},
{"host":"konrado-test:8000","internalHost":"65.21.54.1:8000","label":"Alias through internalHost"}
]'Request Headers
Konrado.AI authenticates to Remote Agent with:
Authorization: Bearer <API_KEY>If a request does not include target headers, Remote Agent handles it locally. To proxy a request to a private MCP server, send both target headers:
Target-Host: <target-host>
Target-Token: <target-token>Remote Agent forwards the request to:
http://<translated-target-host>/mcpIf the matching HOSTS entry has internalHost, Remote Agent connects to internalHost. Otherwise it connects directly to Target-Host. Sending only one target header is treated as an invalid proxied request.
Verify Success / Failure
The Konrado.AI dashboard will update from Waiting for connection... to Connected after the agent reports back.
You can also open the Remote Agent dashboard on the server and check that Konrado AI Remote Agent is running.

You can also verify the proxy directly:
curl -i -X POST http://<SERVER_IP>:8001/mcp \
-H "Authorization: Bearer <API_KEY>" \
-H "Target-Host: <target-host>" \
-H "Target-Token: <target-token>" \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"curl","version":"1.0"}}}'Troubleshooting
| Issue | What to check |
|---|---|
| Dashboard does not open | Confirm konrado-mcp-remote-agent.service is running and the selected port is reachable from your network |
Proxy returns 400 | Confirm proxied requests include both Target-Host and Target-Token headers |
Proxy returns 403 before reaching a target | Confirm the Authorization header uses the Remote Agent API key |
Target request returns 403 | Review HOSTS in the dashboard. If HOSTS is non-empty, the requested Target-Host must be listed exactly |
| Proxy returns local Remote Agent context | Confirm the request includes both target headers when you expect private target data |
| Private target is not reached | Verify the matching HOSTS entry uses the correct internalHost and that the target is reachable from the Remote Agent server |
Target returns 502 or connection errors | Confirm the target MCP server is online and reachable at its MCP endpoint from the Remote Agent host |
MCP client tries /register | Disable OAuth in the MCP client or use custom headers/manual auth. Remote Agent expects direct MCP requests to /mcp or /sse |
Installation Failure Commands
If Konrado.AI shows the integration as failed, first confirm the Remote Agent service is running and listening on the configured port.

systemctl status konrado-mcp-remote-agent.service
journalctl -u konrado-mcp-remote-agent.service --since "15 minutes ago" --no-pager
systemctl restart konrado-mcp-remote-agent.service
ss -ltnp | grep ':8001'After the service restarts, open the Remote Agent dashboard and run Test Connection again in Konrado.AI.
Remove
Delete the Remote Agent integration in Konrado.AI, then uninstall the service from the remote server if it is no longer used.