MCP Server Rollout Checklist for Rocky

MCP servers extend Rocky with new tools. A good rollout makes those tools discoverable, scoped, tested, and reversible.

Official MCP guide: https://hermes-agent.nousresearch.com/docs/user-guide/features/mcp

Rollout stages

  • Inventory the server. Identify whether it is stdio or HTTP, what credentials it needs, and which tools it exposes.
  • Add configuration. Use Hermes MCP commands or config files rather than ad-hoc shell wrappers.
  • Limit exposure. Enable only tools that match the workflow and risk level.
  • Test connection. Run the documented MCP test command and a harmless tool call.
  • Document rollback. Note how to disable or remove the server if it fails.

Safety checklist

  • Do not paste tokens into chat.
  • Keep local filesystem access narrow.
  • Treat write-capable MCP tools like any other mutation surface.
  • Avoid enabling duplicate tools that confuse routing.
  • Re-test after Hermes profile changes.

Pitfalls

  • Assuming the server is safe because it is local.
  • Enabling every discovered tool by default.
  • Forgetting that HTTP MCP servers may have network authentication and availability risks.
  • Debugging an agent failure without first testing the MCP server itself.

Verification steps

  • Confirm hermes mcp list shows the expected server.
  • Run hermes mcp test <name> when available.
  • Start a fresh Hermes session after tool configuration changes.
  • Make one low-risk call and confirm the output shape is what Rocky expects.