Claude Desktop, Claude Code, Cursor, Zed, or your own agent — any client that speaks the Model Context Protocol can read, manage, and trigger your agents, workflows, runs, schedules, and integrations directly from inside the conversation. Mutations require explicit human approval; every call is audit-logged.
Two headers: your bearer token and your organisation UUID. One token works across every org you belong to.
From zero to “your AI client can talk to your tenant” in about a minute.
In the Brahmalabs dashboard, open Profile → API Keys and click New key. Name it after the client you’re connecting (claude-desktop, cursor) so you can revoke it individually later.
Copy the token immediately. The full value is shown once at creation. If you lose it, revoke and create a new one.
On the same API Keys page, open the … menu next to any key and choose Copy MCP config. The snippet you get has your current organisation’s UUID pre-filled as X-Tenant-ID.
One token works for every organisation you belong to — target a different org by changing that header alone.
Any HTTP MCP client works. A couple of examples:
{
"mcpServers": {
"brahmalabs": {
"url": "https://api.brahmalabs.io/mcp",
"transport": "http",
"headers": {
"Authorization": "Bearer bk_<paste-your-token>",
"X-Tenant-ID": "<your-organisation-uuid>"
}
}
}
}claude mcp add brahmalabs https://api.brahmalabs.io/mcp \
--transport http --scope user \
--header "Authorization: Bearer bk_<paste-your-token>" \
--header "X-Tenant-ID: <your-organisation-uuid>"Cursor, Zed, and custom clients take the same two headers with their own config path. Restart the client; the tools appear.
Eleven tool categories exposing the same operations the dashboard uses. Read tools return immediately; write tools are gated by an explicit human-approval step.
* Write tools (create_*, update_*, delete_*, trigger_*) require a three-stage approval flow: preview → explicit human approval via the built-in askHuman tool → execute. The LLM cannot self-approve a mutation.
The MCP surface inherits the platform’s tenant isolation, audit trail, and role enforcement. Nothing is relaxed because the caller is a language model.
Every mutation is a three-step flow: the LLM sees a preview and a confirmation token, must call askHuman to record approval, and only then executes.
Actor, tenant, IP, request id, tool name, sanitized arguments, and result summary — written to the tenant’s append-only log.
The token carries no role of its own. On each request the caller’s current role in the target organisation is re-read. Demote someone; their MCP session loses the permission on the next call.
Each MCP session has its own server instance. Tenant context is bound per request via isolated execution contexts — one session cannot read another’s data, even briefly.
The MCP server is on every plan — free and paid. Pick up your personal access token from the dashboard and paste the snippet into your client.