Documentation Index
Fetch the complete documentation index at: https://mintlify.com/davidbuenov/dbv-mcp-server/llms.txt
Use this file to discover all available pages before exploring further.
The Unreal Engine 5.8 MCP server uses the Streamable HTTP transport variant of the MCP specification, exposing a single POST /mcp endpoint that handles every JSON-RPC method — from session initialization through tool execution — and streams results back as Server-Sent Events on the same connection.
HTTPS will fail. The Unreal Engine 5.8 MCP server uses plain HTTP only.
Attempting to connect over https://localhost:8000/mcp will cause an SSL/TLS handshake
failure. The FastAPI proxy at http://localhost:5000 adds the CORS headers required for
browser requests — always target the proxy, not the Unreal server directly from a browser.
Endpoint
| Property | Value |
|---|
| URL | http://localhost:8000/mcp |
| Protocol | HTTP (unencrypted) |
| Methods accepted | POST, GET, DELETE, OPTIONS |
| Primary method | POST — all JSON-RPC requests use POST |
| MCP protocol version | 2024-11-05 |
Transport: Streamable HTTP
The UE 5.8 MCP server implements the Streamable HTTP transport variant of the MCP
specification. This is not the legacy two-endpoint pattern (GET /sse + POST /message).
Key characteristics:
- All requests are
POST to the single /mcp endpoint — initialization, notifications,
tool listing, and tool calls all share the same URL.
- Streaming is per-request: a
tools/call response opens an SSE stream on the same
connection rather than routing events to a persistent listener.
- Session state is tracked server-side via an opaque ID returned in a response header.
Session Management
The server issues a session token on the first successful initialize response:
Mcp-Session-Id: a9cfa12a4424071de4b2709bfaff390e
Every subsequent request must carry this header. Failing to include it produces an error
response with no Mcp-Session-Id to re-use:
| Condition | HTTP Status |
|---|
| Header present and session is valid | 200 OK (or 202 Accepted for notifications) |
| Header missing | 400 Bad Request |
| Header present but session is unknown or expired | 404 Not Found — client must re-initialize |
When the method is tools/call, the server responds with Server-Sent Events (SSE):
- The server returns
200 OK immediately with an empty body and streaming headers:
Content-Type: text/event-stream
Connection: keep-alive
Cache-Control: no-cache
- The tool executes on the Unreal game thread.
- Once the result is ready, the server writes a raw SSE event to the open stream:
event: message
data: {"jsonrpc":"2.0","id":1,"result":{...}}
- The TCP connection terminates after the final result is dispatched (
MultipleWriteStream
is active during execution).
Clients must read the response body line by line and parse every line that starts with
data: as a compact JSON-RPC object.
CORS and Origin Validation
The Unreal server validates the Origin header to prevent DNS rebinding attacks:
| Request origin | Server response |
|---|
No Origin header (CLI, curl, bridge.py) | ✅ Accepted |
localhost (any port) | ✅ Accepted |
127.0.0.1 (any port) | ✅ Accepted |
[::1] (IPv6 loopback) | ✅ Accepted |
| Any other origin | ❌ 403 Forbidden |
Because browsers always inject an Origin header that reflects the page’s host, direct
browser-to-Unreal calls from a page served at a non-localhost domain are blocked.
The FastAPI proxy at http://localhost:5000 sits in front of the Unreal server and adds
Access-Control-Allow-Origin: * to all responses, making browser requests work correctly.
Full Request/Response Reference
Initialize
POST http://localhost:8000/mcp HTTP/1.1
Content-Type: application/json
{
"jsonrpc": "2.0",
"id": 1,
"method": "initialize",
"params": {
"protocolVersion": "2024-11-05",
"capabilities": {},
"clientInfo": { "name": "MyMCPClient", "version": "1.0" }
}
}
HTTP/1.1 200 OK
Content-Type: application/json
Mcp-Session-Id: a9cfa12a4424071de4b2709bfaff390e
{
"jsonrpc": "2.0",
"id": 1,
"result": {
"protocolVersion": "2024-11-05",
"capabilities": {
"resources": {},
"tools": { "listChanged": true }
},
"serverInfo": { "name": "", "title": "", "version": "" }
}
}
Notification (fire-and-forget)
POST http://localhost:8000/mcp HTTP/1.1
Content-Type: application/json
Mcp-Session-Id: a9cfa12a4424071de4b2709bfaff390e
{
"jsonrpc": "2.0",
"method": "notifications/initialized"
}
POST http://localhost:8000/mcp HTTP/1.1
Content-Type: application/json
Accept: application/json, text/event-stream
Mcp-Session-Id: a9cfa12a4424071de4b2709bfaff390e
{
"jsonrpc": "2.0",
"id": 2,
"method": "tools/call",
"params": {
"name": "list_toolsets",
"arguments": {}
}
}
HTTP/1.1 200 OK
Content-Type: text/event-stream
Connection: keep-alive
Cache-Control: no-cache
event: message
data: {"jsonrpc":"2.0","id":2,"result":{"content":[{"type":"text","text":"..."}]}}
Error Codes
Standard JSON-RPC 2.0 error codes are used in error responses:
| Code | Meaning |
|---|
-32600 | Invalid request |
-32601 | Method not found |
-32602 | Invalid params |
-32603 | Internal error (also used by the bridge for network failures) |