Public MCP quickstart

Connect your AI assistant safely

Use Hermes, Claude Code, or any MCP-compatible client to inspect, draft, QA, and operate Site Studio through scoped connector presets — without handing an agent a platform-admin session.

Agency partners issue from their agency workspace Integrations page; platform support issues tenant-limited support connectors from the agency cockpit.

MCP endpoint

Use your actual site or platform domain.

https://YOUR-DOMAIN.example/mcp

OAuth-first when your client supports it

OAuth clients discover metadata, open browser consent, use PKCE, and receive rotating OAuth tokens. Static bearer keys remain available for CLI/server clients that do not support OAuth yet.

Choose a preset

Start with Draft editor for everyday site work. Publisher is explicit because it changes what visitors see.

Issue a scoped key

Paste env-var config

Store the bearer value outside config files, then point your MCP client at the /mcp endpoint.

Presets

Use presets instead of hand-picking dangerous checkboxes

The authenticated screens still show advanced capability details, but the normal path is preset-first. Draft editor is the safe default; Publisher is a deliberate, visitor-visible escalation.

Read + QA

Read the selected sites, schemas, and QA findings without editing drafts.

Safest posture for audits, support triage, and tool discovery.

Draft editor

Create and repair Site Studio drafts while keeping visitor-visible publishing off.

Draft-only is recommended. Humans still review and publish live changes.

Designer

Draft content plus theme, media, and navigation changes for selected sites.

Navigation/theme changes can reshape the visitor journey. Review before publish.

Publisher

Draft editing plus explicit permission to publish public Site Studio changes.

Publishing changes what visitors see. Use short TTLs and audit every key.

Agency operator

Agency workspace operations such as client/app/readiness management.

Agency operations can affect client onboarding and readiness workflows.

Publisher rule: Publishing changes what visitors see. Do not grant Publisher unless the operator explicitly owns public launch responsibility for that site.

Client setup

Copy safe placeholders publicly; get real secrets after login

Public examples use placeholders only. After issuance, the authenticated page fills in the exact token once and gives you the same snippet shape with the real one-time key.

OAuth discovery

For clients with browser-based auth.

https://YOUR-DOMAIN.example/mcphttps://YOUR-DOMAIN.example/.well-known/oauth-protected-resource/mcphttps://YOUR-DOMAIN.example/oauth/authorize

Hermes — store token in ~/.hermes/.env

placeholder-safe

Stores the one-time key as an environment variable; the config block below references it instead of embedding the secret.

# MCP endpoint: https://YOUR-DOMAIN.example/mcp
mkdir -p ~/.hermes
printf '\n%s=%s\n' AGENCY_CONNECTOR_MCP_BEARER 'YOUR_MCP_BEARER_TOKEN' >> ~/.hermes/.env

Hermes — add to config.yaml

placeholder-safe

Paste under the existing mcp_servers: block (or create it), then verify with: hermes mcp test agency_connector

  agency_connector:
    url: https://YOUR-DOMAIN.example/mcp
    headers:
      Authorization: "Bearer ${AGENCY_CONNECTOR_MCP_BEARER}"
    timeout: 180
    connect_timeout: 30
    enabled: true

Claude Code — one command

placeholder-safe

Run after exporting the env var above; the connector appears in the next Claude Code session.

claude mcp add --transport http agency_connector https://YOUR-DOMAIN.example/mcp --header 'Authorization: Bearer ${AGENCY_CONNECTOR_MCP_BEARER}'

Verify from any shell

placeholder-safe

Expects a JSON-RPC result naming protocolVersion and serverInfo.

curl -s -X POST https://YOUR-DOMAIN.example/mcp -H "Authorization: Bearer $AGENCY_CONNECTOR_MCP_BEARER" -H "content-type: application/json" -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-06-18"}}'

Security model

No keys are issued on this public page — it only explains the flow.
Raw bearer keys are shown only once on authenticated issuance screens.
Capabilities are scoped by preset, stored with the credential, and re-checked against the live role on each call.
Draft writes stay private until someone with explicit publish power publishes them.
Every tool call is rate-limited, audited, and tied to the credential that made it.

Where to issue keys

Tenant owner/operator

Create a connector for exactly one site.

Agency partner or platform support

Troubleshooting

Common connector failures are intentional guardrails

401

Invalid, missing, revoked, or expired token

Re-copy the env var from your secret store, rotate the connector if the raw key was lost, and make sure the Authorization header is exactly Bearer <token>.

403

Capability or tenant scope denied

Use a higher preset only if the operator truly needs it, or add the exact tenant site to the credential allowlist.

405

Wrong transport method

The MCP endpoint is Streamable HTTP over POST. GET is intentionally not a server-sent event stream.

Ready to connect an agent?

Start with the Draft editor preset, verify tools/list, and only escalate to Publisher when the person requesting it owns public launch authority.