Chariot runs your MCP server on your infrastructure. Discovers your internal APIs. Connects 4135 enterprise integrations exposing 35,835 tools. SSO through your existing identity provider. 469 tokens in your context window. Free for one user. Buy seats when the team wants in.
Architecture
Your Machine (inside your perimeter) ┌─────────────────────────────────────────────────┐ │ Claude / ChatGPT / Cursor / Codex │ │ │ spawns via stdio │ │ ▼ │ │ Chariot MCP Server (npx @epicai/chariot) │ │ │ │ │ ├── REST Adapters (870) │ │ ├── Stdio MCPs (3,004) │ │ ├── HTTP/SSE MCPs (475) │ │ └── Your Internal APIs (discovered) │ │ │ │ ┌─ Rust IAM Binary (Elastic License 2.0) ──┐ │ │ │ SAML · OIDC · SCIM 2.0 · RBAC │ │ │ │ Credential Vault · Audit Trail │ │ │ └───────────────────────────────────────────┘ │ │ │ │ Credentials: ~/.epic-ai/.env (local only) │ │ License: ~/.epic-ai/license.json (offline) │ │ ✗ No outbound connections. No phone home. │ └─────────────────────────────────────────────────┘ Nothing crosses this line. Docker it. Kill the network. It still works.
Security
SAML 2.0 and OpenID Connect. Connects to Okta, Entra, Ping, Auth0, or any standards-compliant IdP. Tested and verified against Okta.
Automated user provisioning. Add or remove a user in your IdP and Chariot reflects it immediately. No manual user management.
Role-based access control. DevOps sees Datadog. Finance sees Stripe. Nobody sees what they shouldn't. Per-adapter, per-tool granularity.
API keys encrypted at rest. Key derivation via scrypt. Never stored in plaintext. Never transmitted.
Every action logged with timestamp, identity, and SHA-256 hash chain. Tamper-evident. Export as JSON, CSV, or syslog (RFC 5424).
No outbound connections. No license server. No telemetry. Offline license validation via Ed25519 signature. Docker it and verify.
Internal API Discovery
Chariot scans your codebase, discovers your internal REST and gRPC endpoints, and generates MCP adapters for each one. You review which APIs to connect. The AI learns your internal topology without you writing a single adapter by hand.
Pricing
One Chariot per company. One SSO connection. One RBAC policy. One audit trail. Packs add seat capacity. Adapters are unlimited at every tier. Maintenance is bundled.
| Pack | Seats | Monthly | Annual | Per Seat |
|---|---|---|---|---|
| Free | 1 | $0 | $0 | $0 |
| 10-Pack | 10 | $300 | $3,000 | $30 |
| 25-Pack | 25 | $600 | $6,000 | $24 |
| 50-Pack | 50 | $1,000 | $10,000 | $20 |
| 100-Pack | 100 | $1,800 | $18,000 | $18 |
Annual plans include 2 months free. Need more than 100 seats? Buy additional packs. Every pack includes: IAM, Internal API Discovery, adapter maintenance, core updates, and new integrations. Less than a single Datadog seat.
Contractual 24-hour fix guarantee on critical adapters. MSA language for procurement. Staging channel. Changelog. Status page.
| Pack | SLA Add-on | All-in Monthly |
|---|---|---|
| 10-Pack | +$250/mo | $550/mo |
| 25-Pack | +$350/mo | $950/mo |
| 50-Pack | +$450/mo | $1,450/mo |
| 100-Pack | +$650/mo | $2,450/mo |
What You Get
Vendor APIs change. MCP specs evolve. We keep all 4,135 adapters current so you never wake up to a broken integration.
Routing improvements, security patches, new features. Included in every paid pack. No upgrade fees.
4,135 today, growing continuously. New adapters ship automatically. Your Chariot gets better every month.
Contractual 24-hour fix guarantee on critical adapters. MSA language for procurement. Available as an add-on.
Quickstart