mcp-bearer-token-must-live-in-claude-json-headers-not-url
MCP server Bearer authentication belongs in ~/.claude.json under mcpServers.<name>.headers.Authorization = "Bearer <token>". Embedding tokens in the server URL fails silently — the transport layer reads authorization headers but not URL-embedded credentials. This location is the only one that persists across sessions and is accessible to the MCP transport layer. Tokens must be added to both /home/claude/.claude.json and /root/.claude.json simultaneously.