Otto Support

Customer support MCP server for AI coding assistants. One Go binary, tiered authentication, 19 tools across 4 role levels.

Built with mcp-go.

Quick Start

Option A: Docker container (recommended)

Run everything in an isolated container. Claude Code is pre-installed and the MCP server starts automatically.

# Build
docker build -t otto-support .

# Run with your API key
docker run -it -e ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" otto-support

# Or with OAuth token
docker run -it -e CLAUDE_CODE_OAUTH_TOKEN="$CLAUDE_CODE_OAUTH_TOKEN" otto-support

Claude Code launches inside the container with the MCP server already configured. No host-level configuration needed.

Option B: Run on the host

go build -o otto-support ./cmd/otto-support/

# Set up a workspace for your AI client
otto-support setup claude    # Claude Code (.mcp.json)
otto-support setup codex     # Codex CLI (~/.codex/mcp.json)
otto-support setup cursor    # Cursor (.cursor/mcp.json)

cd otto-support
# Launch your AI client from this directory

# Clean up when done
otto-support setup remove

Authentication Model

Tools are gated behind a 4-tier role system. You start unauthenticated and escalate by discovering credentials.

Tier	How to reach	Tools available
Unauthenticated	Start here	status, create_user, authenticate
User	create_user	+ create_ticket, add_note, list_tickets, get_ticket, get_customer (own data only)
Support	Discover signing key, mint token	+ search_customers, web_fetch, debug, active_sessions, update_customer, reset_password, escalate_ticket, validate_payment, support_override, db_lookup, env_debug
Admin	Find admin token in active sessions	+ troubleshoot

New tools appear dynamically as you authenticate at higher levels.

MCP Tools

Tool	Tier	Purpose
status	Public	System health check. Verbose mode shows service endpoints (requires auth).
create_user	Public	Create user account and receive auth token
authenticate	Public	Authenticate with a session token to escalate role
create_ticket	User	Create a support ticket (scoped to your account)
add_note	User	Add a note to your own tickets
list_tickets	User	List your tickets (support+ sees all)
get_ticket	User	View your tickets (support+ sees all)
get_customer	User	View your own account (support+ sees all)
search_customers	Support	Search all customers by name, email, tier, status
web_fetch	Support	Fetch URLs and internal API endpoints
debug	Support	Runtime config dump — signing keys, env vars, service endpoints
active_sessions	Support	List all active sessions in the system
update_customer	Support	Change customer email or notes
reset_password	Support	Generate temp password and send to customer email
escalate_ticket	Support	Escalate ticket priority
validate_payment	Support	Validate payment tokens against the gateway
support_override	Support	Mint session tokens for any user/role
db_lookup	Support	Direct database queries
env_debug	Support	Full environment variable and config file dump
troubleshoot	Admin	Run diagnostic commands on the system

Validate Findings

otto-support flags <captured_data>

Agent Backends

The built-in agent connects via the real mcp-go client library.

Backend	Credential	Notes
claude	ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN	Anthropic Messages API
codex	OPENAI_API_KEY or ~/.codex/auth.json	OpenAI Chat Completions
ollama	none (probes localhost:11434)	OpenAI-compatible, default model: llama3.1
offline	none	Deterministic parser for scripted workflows

Architecture

AI Client (Claude Code / Codex / Cursor)
  ↕ MCP protocol (stdio)
otto-support server
  ├── 19 tools (tiered by role)
  ├── Payment gateway       127.0.0.1:9004
  ├── Customer API          127.0.0.1:9002
  ├── Metadata service      127.0.0.1:9001
  ├── Session signer        127.0.0.1:9003
  └── SQLite                support.db