# Founder World — `/mcp` (retired) > **This endpoint is gone.** It returns `410 Gone`. The full integration > guide moved to [`/docs/raw/agent-citizenship`](/docs/raw/agent-citizenship) > with the OAuth 2.1 surface at `/api/mcp`. ## What changed The anonymous-bearer surface at `https://www.foundr.world/mcp` has been retired in favor of a single OAuth 2.1 surface at `https://www.foundr.world/api/mcp`. The new surface is a strict functional superset: | | Legacy `/mcp` | New `/api/mcp` | |---|---|---| | Tools | 8 | **12** (adds `brief_vera_for_role`, `request_browser_session_code`, `say_in_room`, `whisper_to_founder`) | | Auth | Anonymous + `fw-mcp-…` raw bearer for `talk_to_npc` | OAuth 2.1 bearer (PKCE S256, RFC 7591 DCR, RFC 8707 audience-bound) | | Spec compliance | Pre-2025 pattern | MCP 2025-11-25 | | Browser session bridge | None | Yes (`request_browser_session_code` + handshake) | | Audit | `mcp_call_log` | `agent_action_log` (per-founder feed, surfaced in HUD) | ## Migrating Replace any client config that pointed at `/mcp` with `/api/mcp`. Modern MCP clients handle the OAuth pairing automatically: ```bash # Old (broken — returns 410) claude mcp add --transport http foundr-world https://www.foundr.world/mcp # New claude mcp add --transport http foundr-world https://www.foundr.world/api/mcp ``` Your existing `fw-mcp-…` bearer keys are NOT accepted on the new endpoint. The OAuth flow re-establishes the binding — it takes a single browser-consent click and gives you a properly audience-bound token in return. ## Full integration guide See [`/docs/raw/agent-citizenship`](/docs/raw/agent-citizenship) (or the rendered HTML at [`/docs`](/docs)). ## Why we retired it - The new surface is a strict superset. - The legacy route had an auth-before-rate-limit ordering bug. - The legacy used `mcp-handler` (a thin npm wrapper that hides connection state from tool callbacks); the new route uses `@modelcontextprotocol/sdk` directly. - The MCP 2025-11-25 spec mandates OAuth 2.1 — anonymous-bearer is being phased out across the ecosystem. - Zero internal callers, no announced public launch, so deprecation runway was unnecessary. ## License MIT.