Chariot runs your MCP server on your infrastructure. Discovers your internal APIs. Connects 1501 enterprise integrations exposing 24,069 tools. SSO through your existing identity provider. 469 tokens in your context window. Free for one user. Your team will want in.
Architecture
Your Machine (inside your perimeter) ┌─────────────────────────────────────────────────┐ │ Claude / ChatGPT / Cursor / Codex │ │ │ spawns via stdio │ │ ▼ │ │ Chariot MCP Server (npx @epicai/chariot) │ │ │ │ │ ├── REST Adapters (870) │ │ ├── Stdio MCPs (3,004) │ │ ├── HTTP/SSE MCPs (475) │ │ └── Your Internal APIs (discovered) │ │ │ │ ┌─ Rust IAM Binary (Elastic License 2.0) ──┐ │ │ │ SAML · OIDC · SCIM 2.0 · RBAC │ │ │ │ Credential Vault · Audit Trail │ │ │ └───────────────────────────────────────────┘ │ │ │ │ Credentials: ~/.epic-ai/.env (local only) │ │ License: ~/.epic-ai/license.json (offline) │ │ ✗ No outbound connections. No phone home. │ └─────────────────────────────────────────────────┘ Nothing crosses this line. Docker it. Kill the network. It still works.
Security
SAML 2.0 and OpenID Connect. Connects to Okta, Entra, Ping, Auth0, or any standards-compliant IdP. Tested and verified against Okta.
Automated user provisioning. Add or remove a user in your IdP and Chariot reflects it immediately. No manual user management.
Role-based access control. DevOps sees Datadog. Finance sees Stripe. Nobody sees what they shouldn't. Per-adapter, per-tool granularity.
API keys encrypted at rest. Key derivation via scrypt. Never stored in plaintext. Never transmitted.
Every action logged with timestamp, identity, and SHA-256 hash chain. Tamper-evident. Export as JSON, CSV, or syslog (RFC 5424).
No outbound connections. No license server. No telemetry. Offline license validation via Ed25519 signature. Docker it and verify.
Internal API Discovery
Chariot scans your codebase, discovers your internal REST and gRPC endpoints, and generates MCP adapters for each one. You review which APIs to connect. The AI learns your internal topology without you writing a single adapter by hand.
Pricing
One Chariot per company. One SSO connection. One RBAC policy. One audit trail. Packs add seat capacity. Adapters are unlimited at every tier. Maintenance is bundled.
| Pack | Seats | Monthly | Annual | Per Seat |
|---|---|---|---|---|
| Free | 1 | $0 | $0 | $0 |
| 10-Pack | 10 | $300 | $3,000 | $30 |
| 25-Pack | 25 | $600 | $6,000 | $24 |
| 50-Pack | 50 | $1,000 | $10,000 | $20 |
| 100-Pack | 100 | $1,800 | $18,000 | $18 |
Annual plans include 2 months free. Need more than 100 seats? Buy additional packs. Every pack includes: IAM, Internal API Discovery, adapter maintenance, core updates, and new integrations. Less than a single Datadog seat.
Contractual 24-hour fix guarantee on critical adapters. MSA language for procurement. Staging channel. Changelog. Status page.
| Pack | SLA Add-on | All-in Monthly |
|---|---|---|
| 10-Pack | +$250/mo | $550/mo |
| 25-Pack | +$350/mo | $950/mo |
| 50-Pack | +$450/mo | $1,450/mo |
| 100-Pack | +$650/mo | $2,450/mo |
What You Get
Vendor APIs change. MCP specs evolve. We maintain the adapter catalog with regular updates so your integrations keep working as upstream APIs change.
Routing improvements, security patches, new features. Included in every paid pack. No upgrade fees.
New adapters added on a rolling basis as we expand coverage across vendor APIs and MCP specs.
Contractual 24-hour fix guarantee on critical adapters. MSA language for procurement. Available as an add-on.
Quickstart