[{"data":1,"prerenderedAt":750},["ShallowReactive",2],{"/developer/model-context-protocol":3,"/developer/model-context-protocol-surround":741},{"id":4,"title":5,"body":6,"description":732,"extension":733,"links":734,"meta":735,"navigation":736,"path":737,"seo":738,"stem":739,"__hash__":740},"docs/4.developer/model-context-protocol.md","Model Context Protocol",{"type":7,"value":8,"toc":709},"minimark",[9,12,20,25,45,50,53,77,81,90,96,99,113,116,123,131,135,138,143,151,155,158,163,171,176,179,184,188,191,195,198,215,219,222,251,255,258,295,299,302,305,338,342,352,358,414,417,428,432,435,440,486,490,493,496,516,520,523,527,555,558,572,576,579,590,594,597,600,618,622,625,645,649,656,663,674,677,681,684,692,695,698,706],[10,11],"capacities-pro-label",{},[13,14,16],"tip",{"title":15},"MCP Beta",[17,18,19],"p",{},"The current version of our Model Context Protocol is experimental. It is in Beta and is subject to change. You can expect more functionality to be added over time.",[21,22,24],"h2",{"id":23},"overview","Overview",[17,26,27,28,32,33,40,41,44],{},"Build your own app, agent, or bot and integrate it with a Capacities space by implementing a ",[29,30,31],"strong",{},"custom MCP client"," using the ",[34,35,39],"a",{"href":36,"rel":37},"https://modelcontextprotocol.io/introduction",[38],"nofollow","Model Context Protocol (MCP)"," open standard.\nWe host a server that provides secure access to a selected Capacities space via ",[29,42,43],{},"OAuth 2.1"," (including PKCE, Dynamic Client Registration, and refresh tokens).",[46,47,49],"h3",{"id":48},"supported-tools","Supported tools",[17,51,52],{},"You can connect the Capacities MCP server to all AI tools that support the MCP protocol and connection via oAuth.",[54,55,56,71],"ul",{},[57,58,59,60,63,64,70],"li",{},"If you want to ",[29,61,62],{},"use an existing AI chat app"," (no custom development), see ",[29,65,66],{},[34,67,69],{"href":68},"/reference/ai-chat-connectors","AI Chat Connectors",".",[57,72,59,73,76],{},[29,74,75],{},"build your own integration",", continue below.",[21,78,80],{"id":79},"available-tools","Available tools",[82,83,84],"ol",{},[57,85,86],{},[87,88,89],"code",{},"search",[17,91,92,93],{},"Permissions access: ",[87,94,95],{},"read",[17,97,98],{},"Searches across your space via keywords. Results include:",[54,100,101,104,107,110],{},[57,102,103],{},"Object ID",[57,105,106],{},"Object title",[57,108,109],{},"Object Type",[57,111,112],{},"Properties and content snippet",[17,114,115],{},"Search uses both title search and semantic search to find and rank the best results.",[17,117,118,119],{},"Example prompt: ",[120,121,122],"em",{},"\"Find all Painting objects related to Claude Monet.\"",[82,124,126],{"start":125},2,[57,127,128],{},[87,129,130],{},"getObjectContent",[17,132,92,133],{},[87,134,95],{},[17,136,137],{},"Retrieves all content and properties from a specific object in markdown format.",[17,139,118,140],{},[120,141,142],{},"\"Read my highlights on The Happiness Hypothesis in Capacities and summarize the most important concepts.\"",[82,144,146],{"start":145},3,[57,147,148],{},[87,149,150],{},"createObjectLink",[17,152,92,153],{},[87,154,95],{},[17,156,157],{},"Generates a valid URL to access a specific object.",[17,159,118,160],{},[120,161,162],{},"\"Give me a link to my Cheesecake recipe in Capacities.\"",[82,164,166],{"start":165},4,[57,167,168],{},[87,169,170],{},"saveToDailyNote",[17,172,92,173],{},[87,174,175],{},"write",[17,177,178],{},"Stores text within today's daily note.",[17,180,118,181],{},[120,182,183],{},"\"Send your conclusions about why folder structures don't work to my Capacities daily note.\"",[21,185,187],{"id":186},"build-a-custom-mcp-client","Build a custom MCP client",[17,189,190],{},"If you are building a custom implementation or a private tool and would like to integrate it with our MCP server, please follow this guide:",[46,192,194],{"id":193},"_1-start-from-the-mcp-url","1. Start from the MCP URL",[17,196,197],{},"This is the resource your token must be valid for.",[54,199,200,206,212],{},[57,201,202,203],{},"Canonical MCP resource URL: ",[87,204,205],{},"https://api.capacities.io/mcp",[57,207,208,209],{},"Transport: Streamable HTTP on ",[87,210,211],{},"/mcp",[57,213,214],{},"Do not configure Server-Sent Events (SSE) for Capacities MCP",[46,216,218],{"id":217},"_2-discover-protected-resource-metadata-rfc-9728","2. Discover protected resource metadata (RFC 9728)",[17,220,221],{},"It tells you which authorization server to use.",[54,223,224,230,236],{},[57,225,226,227],{},"Fetch: ",[87,228,229],{},"https://api.capacities.io/.well-known/oauth-protected-resource/mcp",[57,231,232,233],{},"Fallback: read ",[87,234,235],{},"WWW-Authenticate: Bearer resource_metadata=\"...\"",[57,237,238,239],{},"Store:\n",[54,240,241,246],{},[57,242,243],{},[87,244,245],{},"resource",[57,247,248],{},[87,249,250],{},"authorization_servers",[46,252,254],{"id":253},"_3-discover-authorization-server-metadata-rfc-8414","3. Discover authorization server metadata (RFC 8414)",[17,256,257],{},"You need endpoints and capabilities before auth starts.",[54,259,260,265],{},[57,261,226,262],{},[87,263,264],{},"https://api.capacities.io/.well-known/oauth-authorization-server",[57,266,267,268],{},"Confirm:\n",[54,269,270,275,280,285],{},[57,271,272],{},[87,273,274],{},"authorization_endpoint",[57,276,277],{},[87,278,279],{},"token_endpoint",[57,281,282],{},[87,283,284],{},"registration_endpoint",[57,286,287,290,291,294],{},[87,288,289],{},"code_challenge_methods_supported"," includes ",[87,292,293],{},"S256"," (SHA-256)",[46,296,298],{"id":297},"_4-generate-proof-key-for-code-exchange-pkce-parameters","4. Generate Proof Key for Code Exchange (PKCE) parameters",[17,300,301],{},"PKCE protects public clients from code interception.",[17,303,304],{},"Before redirect:",[82,306,307,313,323,329],{},[57,308,309,310],{},"Generate high-entropy ",[87,311,312],{},"code_verifier",[57,314,315,316,319,320,322],{},"Derive ",[87,317,318],{},"code_challenge"," using SHA-256 (",[87,321,293],{},")",[57,324,325,326],{},"Generate random ",[87,327,328],{},"state",[57,330,331,332,334,335,337],{},"Store ",[87,333,312],{}," and ",[87,336,328],{}," securely until callback",[46,339,341],{"id":340},"_5-register-the-client-dynamically-rfc-7591","5. Register the client dynamically (RFC 7591)",[17,343,344,345,348,349,70],{},"Dynamic Client Registration (DCR) gives your app a valid ",[87,346,347],{},"client_id","; web-based (non-native) clients also receive a ",[87,350,351],{},"client_secret",[17,353,354,355,357],{},"POST to ",[87,356,284],{}," with:",[82,359,360,365,370,383,390],{},[57,361,362],{},[87,363,364],{},"client_name",[57,366,367],{},[87,368,369],{},"redirect_uris",[57,371,372,375,376,379,380],{},[87,373,374],{},"grant_types",": ",[87,377,378],{},"authorization_code",", ",[87,381,382],{},"refresh_token",[57,384,385,375,388],{},[87,386,387],{},"response_types",[87,389,87],{},[57,391,392,395,396],{},[87,393,394],{},"token_endpoint_auth_method",":\n",[54,397,398,404],{},[57,399,400,401],{},"native desktop (custom URI scheme or loopback): ",[87,402,403],{},"none",[57,405,406,407,410,411],{},"web-based (non-native): ",[87,408,409],{},"client_secret_basic"," or ",[87,412,413],{},"client_secret_post",[17,415,416],{},"Persist:",[54,418,419,423],{},[57,420,421],{},[87,422,347],{},[57,424,425,427],{},[87,426,351],{}," (web-based clients only, if returned)",[46,429,431],{"id":430},"_6-start-authorization-code-flow","6. Start authorization code flow",[17,433,434],{},"This is the user consent and authorization step.",[17,436,437,438,357],{},"Redirect users to ",[87,439,274],{},[82,441,442,447,451,456,468,472,476,481],{},[57,443,444],{},[87,445,446],{},"response_type=code",[57,448,449],{},[87,450,347],{},[57,452,453],{},[87,454,455],{},"redirect_uri",[57,457,458,461,462,379,465,322],{},[87,459,460],{},"scope"," (request only needed scopes: ",[87,463,464],{},"mcp:read",[87,466,467],{},"mcp:write",[57,469,470],{},[87,471,328],{},[57,473,474],{},[87,475,318],{},[57,477,478],{},[87,479,480],{},"code_challenge_method=S256",[57,482,483],{},[87,484,485],{},"resource=https://api.capacities.io/mcp",[46,487,489],{"id":488},"_7-handle-oauth-callback-safely","7. Handle OAuth callback safely",[17,491,492],{},"Callback validation prevents Cross-Site Request Forgery (CSRF) and flow confusion.",[17,494,495],{},"On callback:",[82,497,498,504,509],{},[57,499,500,501,503],{},"Validate ",[87,502,328],{}," exactly",[57,505,506,507],{},"Read ",[87,508,87],{},[57,510,511,512,515],{},"If ",[87,513,514],{},"error"," exists, stop and surface provider error",[46,517,519],{"id":518},"_8-exchange-code-for-tokens","8. Exchange code for tokens",[17,521,522],{},"This returns the access token used for MCP calls.",[17,524,354,525,357],{},[87,526,279],{},[82,528,529,534,538,542,546,550],{},[57,530,531],{},[87,532,533],{},"grant_type=authorization_code",[57,535,536],{},[87,537,87],{},[57,539,540],{},[87,541,455],{},[57,543,544],{},[87,545,312],{},[57,547,548],{},[87,549,347],{},[57,551,552,554],{},[87,553,351],{}," (non-native/web-based clients only)",[17,556,557],{},"Persist securely:",[54,559,560,565,569],{},[57,561,562],{},[87,563,564],{},"access_token",[57,566,567],{},[87,568,382],{},[57,570,571],{},"expiry metadata",[46,573,575],{"id":574},"_9-call-mcp-with-bearer-auth","9. Call MCP with bearer auth",[17,577,578],{},"Tokens are sent as standard OAuth bearer credentials.",[54,580,581,587],{},[57,582,583,584],{},"Header: ",[87,585,586],{},"Authorization: Bearer \u003Caccess_token>",[57,588,589],{},"Use Streamable HTTP transport",[46,591,593],{"id":592},"_10-implement-refresh-token-handling","10. Implement refresh token handling",[17,595,596],{},"Refresh keeps sessions working without constant re-login.",[17,598,599],{},"Before token expiry:",[82,601,602,608,611],{},[57,603,604,605],{},"Call token endpoint with ",[87,606,607],{},"grant_type=refresh_token",[57,609,610],{},"Save new refresh token if rotation returns one",[57,612,613,614,617],{},"On ",[87,615,616],{},"invalid_grant",", require full re-auth",[46,619,621],{"id":620},"_11-follow-security-baseline","11. Follow security baseline",[17,623,624],{},"OAuth integrations fail safely only when these baseline controls are in place.",[82,626,627,630,636,639,642],{},[57,628,629],{},"Use Hypertext Transfer Protocol Secure (HTTPS) in production",[57,631,632,633,635],{},"Validate callback ",[87,634,328],{}," on every auth response",[57,637,638],{},"Store tokens in secure backend storage or OS keystore",[57,640,641],{},"Request minimum scopes needed",[57,643,644],{},"Treat refresh tokens as long-lived credentials",[46,646,648],{"id":647},"redirect-uri-allowlisting-required","Redirect URI allowlisting (required)",[650,651,653],"warning",{"title":652},"Authorizing Your Redirect URI",[17,654,655],{},"To maintain a secure environment for all users, we do not allow arbitrary redirect URIs. If you are developing a custom client, your application's Redirect URI must be manually verified by a member of our team before the OAuth flow will function.",[17,657,658,659,357],{},"To register your client, email ",[34,660,662],{"href":661},"mailto:team@capacities.io","team@capacities.io",[82,664,665,668,671],{},[57,666,667],{},"A brief description of your project/client (include your public repository, if available).",[57,669,670],{},"The specific Redirect URI(s) you want us to authorize.",[57,672,673],{},"Whether your integration is web-based or native desktop (custom URI scheme or loopback redirect).",[17,675,676],{},"Once our team has reviewed your request and updated our settings, we will notify you so you can complete your integration.",[21,678,680],{"id":679},"roadmap-for-the-capacities-mcp-server","Roadmap for the Capacities MCP Server",[17,682,683],{},"The current version of the Capacities MCP Server only includes a small set of tools. We think this makes the MCP already very powerful:",[54,685,686,689],{},[57,687,688],{},"It can retrieve all content and give you answers based on your knowledge base.",[57,690,691],{},"You can capture insights from an AI conversation and save them to your daily note.",[17,693,694],{},"Nevertheless, we see great potential in extending the MCP server capabilities.",[17,696,697],{},"We do not envision the MCP to be a tool to \"automate knowledge work\", but rather a tool to help you to be more productive and creative.",[17,699,700,701,705],{},"The Capacities MCP server will be developed in conjunction with our ",[34,702,704],{"href":703},"/developer/api","Public API",". But we'll fine-tune API routes for AI usage so the Capacities MCP server a powerful companion when working with AI so it simply works.",[17,707,708],{},"If the official MCP is not enough for your needs, you'll be able to derive your own MCP server from our Public API.",{"title":710,"searchDepth":711,"depth":125,"links":712},"",1,[713,716,717,731],{"id":23,"depth":125,"text":24,"children":714},[715],{"id":48,"depth":145,"text":49},{"id":79,"depth":125,"text":80},{"id":186,"depth":125,"text":187,"children":718},[719,720,721,722,723,724,725,726,727,728,729,730],{"id":193,"depth":145,"text":194},{"id":217,"depth":145,"text":218},{"id":253,"depth":145,"text":254},{"id":297,"depth":145,"text":298},{"id":340,"depth":145,"text":341},{"id":430,"depth":145,"text":431},{"id":488,"depth":145,"text":489},{"id":518,"depth":145,"text":519},{"id":574,"depth":145,"text":575},{"id":592,"depth":145,"text":593},{"id":620,"depth":145,"text":621},{"id":647,"depth":145,"text":648},{"id":679,"depth":125,"text":680},"Developer guide to build and integrate a custom MCP client with Capacities (OAuth 2.1, PKCE, Dynamic Client Registration, token refresh).","md",null,{},true,"/developer/model-context-protocol",{"title":5,"description":732},"4.developer/model-context-protocol","zjbKVFl92I-G3Tu5VFRVQPzjsCZeo6njNDdIGtyNH18",[742,746],{"title":743,"path":744,"stem":745,"children":-1},"Contribute","/developer/contribute","4.developer/contribute",{"title":747,"path":748,"stem":749,"children":-1},"Responsible Disclosure Program","/developer/responsible-disclosure","4.developer/responsible-disclosure",1780666687162]