Quickstart

Connect the Fabric MCP server without making the agent overpowered.

Last updated April 28, 2026 Read time 6 min Edit on GitHub →

This quickstart mirrors the public Equinix MCP setup model while adding product-level guardrails for a production customer account. Every step is reversible. None of them apply infrastructure.

1. Create a dedicated MCP user

  1. Create a user such as network-agent-mcp@company.com.
  2. Scope the user to the specific project, metro, and Fabric resources the agent needs.
  3. Use that identity for OAuth consent instead of a personal admin account.
  4. Enable the dedicated user in Security control F-014.

2. Add Fabric MCP to the client

All three of the supported clients use the same configuration shape. The endpoint stays remote; the client supplies the OAuth handshake. 

{
  "mcpServers": {
    "Equinix Fabric MCP Server": {
      "url": "https://mcp.equinix.com/fabric"
    }
  }
}

3. Require human confirmation

Read tools can run freely for discovery. Create and update tools must require confirmation from the MCP client and should surface the pricing, entitlement, and account-readiness summary before execution.

4. Run the preflight

The preflight is the gate. If any blocker is open, every mutating MCP tool will refuse — even if the agent is authenticated and authorized at the API level. This is the failure mode you want. 

$ fabric projects preflight
BLOCKED: No eligible ports or virtual devices found
BLOCKED: Observability streams permission missing
BLOCKED: No developer app configured
APPROVAL: 400G availability requires confirmation
QUOTE: Provider pricing is incomplete

5. Open a Terraform PR

The agent output should be a pull request by default. Provisioning starts only after the PR, pricing contract, account assets, and explicit approval all agree.

See the Components page for the TerraformIntent primitive that wraps this output, and the Security page for the audit log shape.