From 2a527d9af809f7f03bba7ef281a133d1d2f3086e Mon Sep 17 00:00:00 2001
From: TheTechromancer <thetechromancer@protonmail.com>
Date: Tue, 9 Dec 2025 11:34:34 -0500
Subject: [PATCH] update MCP docs

---
 README.md | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 5aec1add..8273efc6 100644
--- a/README.md
+++ b/README.md
@@ -350,21 +350,30 @@ bbctl asset stats --domain evilcorp.com | jq
 
 BBOT Server supports chat-based AI interaction via MCP (Model Context Protocol).
 
-The SSE server listens at `http://localhost:8807/v1/mcp/`
+The SSE server listens at `http://localhost:8807/v1/mcp/`.
 
-`mcp.json` (cursor / vs code):
+`mcp.json` (Cursor / VS Code):
 ```json
 {
-    "mcpServers": {
-        "bbot": {
-            "url": "http://localhost:8807/v1/mcp/"
-        }
+  "mcpServers": {
+    "bbot": {
+      "url": "http://localhost:8807/v1/mcp/",
+      "headers": {
+        "x-api-key": "deadbeef-9b4d-4208-890c-4ce9ad3b4710"
+      }
     }
+  }
 }
 ```
 
 After connecting your AI client to BBOT Server, you can ask it sensible questions like, "Use MCP to get all the bbot findings", "what are the top open ports?", "what else can you do with BBOT MCP?", etc.
 
+**NOTE**: Authentication is [currently broken](https://github.com/blacklanternsecurity/bbot-server/issues/52) in Cursor, Cline, and it seems most other VS Code forks. A workaround is to disable authentication with `--no-authentication` when starting the server. Obviously, be careful with this and don't be a dumbass.
+
+```bash
+bbctl server start --no-authentication
+```
+
 ## As a Python Library
 
 You can interact fully with BBOT Server as a Python library. It supports either local or remote connections, and the interface to both is identical: