The Codex plugin remains the default local stdio deployment. The enterprise gateway is for MCP clients that need a remote Streamable HTTP endpoint while still running close to customer Qlik resources.

Deploy the gateway inside the customer network, on a VPN-connected server, or near QSEoW, QlikView, QMS, and QV2QS resources. Hosted Raptor cloud should not be assumed to reach on-prem Qlik systems.

Build the MCP server and start the HTTP entrypoint separately from the Codex plugin. The recommended enterprise mode is gateway-managed auth: the gateway validates a licensed gateway token at startup, provisions Qlik-side access markers, and users generate a one-header MCP bearer token from /extensions/raptor/index.html.

• node mcp-server/dist/http-server.js starts the gateway after npm --prefix mcp-server run build.
• Set RAPTOR_MCP_HTTP_AUTH_MODE=gateway-managed and RAPTOR_MCP_GATEWAY_LICENSE_TOKEN for enterprise streaming deployments.
• For QSEoW, gateway setup can create Raptor custom property values: Raptor for base access, RaptorAdmin for admin-page access, and RaptorNP, RaptorQVMigration, and RaptorPBIMigration for add-on runtime access. Qlik admins assign values to users, and /extensions/raptor/index.html verifies the Qlik-authenticated user before minting a token.
• For Qlik Cloud, gateway setup can create matching roles and the OAuth client from a TenantAdmin setup key. Qlik admins assign roles to users.
• Runtime module access is the intersection of the purchased gateway license and the Qlik-side user custom property or role.
• The Qlik-hosted token page is /extensions/raptor/index.html. The Qlik-hosted admin console is /extensions/raptor-admin/index.html and requires Raptor=RaptorAdmin plus RaptorRole=RaptorRoot or RaptorRole=RaptorAdmin.
• The Qlik-hosted sheet assistant imports as qlik/raptor-assistant.zip. Add the Raptor MCP Assistant visualization to a sheet, then hide the transparent host object if you only want the floating/dockable assistant bubble visible.
• The sheet assistant runtime is served by the gateway from /gateway-api/raptor/assistant/runtime/ so most assistant UI updates ship with the gateway and do not require re-importing the Qlik visualization extension.
• Admins configure embedded assistant LLM providers from the LLM providers tab. The gateway supports OpenAI, Azure OpenAI, Anthropic, Gemini, Mistral, Bedrock, Ollama, Hugging Face, OpenRouter, and generic OpenAI-compatible providers, with encrypted provider secrets in the gateway state file.
• Multiple assistant providers can be stored. Admins choose the default, decide which providers users can select in the chat window, and can disable MCP tool use for slower or lightweight providers.
• For Qlik Cloud, the gateway OAuth flow checks the Raptor role, stores the returned user OAuth token locally, and mints the gateway user token.
• Copilot Studio can run in per-user token mode, where each end user creates a Power Platform connection with Authorization: Bearer <gateway-user-token>, or in Entra OBO mode, where the gateway validates the signed-in Microsoft user and maps them to an assigned Raptor/Qlik seat.
• user-token mode remains available for flexible clients that can send hosted Raptor tokens and extra Qlik headers.
• RAPTOR_MCP_SERVER_NAME should be set to a unique value such as raptor-mcp-docker when the gateway runs beside a stdio Raptor MCP server in the same client.
• RAPTOR_MCP_HTTP_HOST defaults to 127.0.0.1 and RAPTOR_MCP_HTTP_PORT defaults to 7331.
• RAPTOR_MCP_HTTP_ALLOWED_HOSTS can restrict Host headers when binding beyond localhost.

Bind to localhost by default. If the gateway is exposed on 0.0.0.0, put it behind TLS, a reverse proxy, firewall rules, and customer logging or audit controls.

Keep Qlik Cloud, QSEoW, QlikView, QMS, and QV2QS secrets in the customer-network runtime environment. Do not move those secrets into the hosted Raptor web portal.

Use the scoped HTTP Dockerfile when container packaging is useful for an enterprise gateway deployment.

• docker build -f mcp-server/Dockerfile.http -t raptor-mcp-http ./mcp-server
• The dashboard download named Enterprise Streamable HTTP Gateway packages the same HTTP entrypoint with a Dockerfile, compose example, gateway env template, Qlik-hosted /extensions/raptor, /extensions/raptor-admin, and Raptor MCP Assistant sheet-extension assets, and macOS/Linux/Windows helper scripts.
• Run with shared customer-network Qlik connection settings, mounted certificate or QlikView paths as needed, and gateway-managed user tokens supplied from each MCP client.