MCP reference
Connect your agent to Codexroom over MCP.
Codexroom runs a Model Context Protocol server at /api/mcp with OAuth 2.0 and PKCE. Below are the tools, the resources, the scopes, and the worked OAuth flow.
The transport
JSON-RPC over HTTP with Server-Sent Events.
JSON-RPC over HTTP with Server-Sent Events for server-initiated messages. The official @modelcontextprotocol/sdk Node package handles the protocol mechanics. Codexroom implements the rest.
The OAuth flow
Six steps from client launch to authenticated tool call.
- The MCP client opens GET /api/mcp/oauth/authorize with client_id, scope, and code_challenge.
- Codexroom routes the user through Clerk sign-in if needed, then the consent screen.
- The user approves the scopes and the workspace.
- Codexroom redirects back to the client with an authorisation code.
- The client exchanges the code at POST /api/mcp/oauth/token for an access token (and a refresh token).
- Subsequent MCP requests include the access token in the Authorization header.
Tokens scope to a single workspace, a single user, and a single client. Revoke any of them and the agent goes dark.
The scopes
Twelve scopes. Compose any subset.
A typical agent grant: tokens:read assets:read templates:read decks:write shares:write. The agent reads brand and composes decks. The brand stays locked.
tokens:readtokens:writeslot-types:readslot-types:writetemplates:readtemplates:writeassets:readassets:writedecks:readdecks:writeshares:readshares:writeThe tools
Typed tools mapped to the API surface.
Token tools
Slot type and template tools
Asset tools
Deck tools
Share tools
Each tool returns a typed result. Errors return the structured envelope from the foundation API surface.
The resources
Read-once context at the start of a conversation.
brand://current The workspace's full brand system (tokens, fonts, colours).
templates://slides The indexed list of slide templates.
data-room://summary Data room contents grouped by kind, with counts.
Read-once context an agent can load at the start of a conversation and reference throughout.
Worked example
From prompt to watermarked link in seven calls.
A sales lead in Claude Desktop says: "Pull together a pitch for Memorial Health, lead with the healthcare case study, password the share with the deal codename."
The agent's tool calls, in order
// 1. list_deck_templates()
// → returns "sales-pitch-deck"
// 2. get_template("sales-pitch-deck")
// → returns the slot contract
// 3. search_assets("logo", { subject: "Memorial Health" })
// → returns the logo asset
// 4. search_assets("case_study", { industry: "healthcare" })
// → returns the case study
// 5. search_assets("metric", { label: "active enterprise customers" })
// → returns the metric
// 6. create_deck({ name, deck_template_id, slide_instances })
// → returns the validated deck
// 7. create_share({
// deck_id,
// recipient_name: "Memorial Health",
// scope: "password",
// password: "..."
// })
// → returns the share URLThe agent returns the URL to the user. End to end, the workflow runs in under 30 seconds.
Tested clients
Five tested clients on day one.
Claude Desktop. Cursor. OpenAI Agents SDK. LangChain MCP adapter. Cline.
Known quirks land in the changelog as they appear.
See it work