Connect an agent

Slab5 launches with MCP as the agent interface, but the durable contract is the workspace-scoped operational backend. Tokens are scoped to one workspace and every tool declares required scopes.

Connection model

MCP endpoint target: https://mcp.slab5.com/v1
Auth: Authorization: Bearer <workspace MCP token>
Hosted OAuth setup URL: https://mcp.slab5.com/v1?workspace_id=...
Scope model: crm:read, crm:write, tasks:read, tasks:write, activity:read, activity:write, cms:read, cms:write, analytics:read, analytics:write, audit:read, settings:admin
Every write creates an audit event and usage event.
Every response includes a request_id.

Choose a path

Use the client that matches where your agent work happens:

Claude: use Slab5 from an MCP-capable Claude setup.
Cursor: use Slab5 while building or operating from your editor.
ChatGPT/custom MCP: custom MCP connector setup and contract.
LangGraph: adapter plan for graph-based agent workflows.

Minimal config

Use this workspace shape for clients that support remote MCP servers:

MCP configjson

{
  : var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"mcpServers": {
    : var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"slab5": {
      : var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"url": : var(--shiki-token-string)">"https://mcp.slab5.com/v1",
      : var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"headers": {
        : var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"Authorization": : var(--shiki-token-string)">"Bearer YOUR_SLAB5_WORKSPACE_MCP_TOKEN"
      }
    }
  }
}

Start with the smallest useful scopes:

Token scopes

crm:read
crm:write
tasks:read
tasks:write
activity:read
activity:write

Add broader scopes only when a workflow needs them.

Add cms:read, cms:write, analytics:read, and analytics:write for content operations or analytics governance workflows.

Hosted OAuth config

For OAuth-capable hosted clients, use the workspace-scoped server URL copied from the MCP Clients page:

OAuth MCP server URL

https://mcp.slab5.com/v1?workspace_id=wrk_...

The /v1 path is part of the production MCP base URL. Keep it in both the server URL and the protected-resource metadata URL. The workspace query parameter only selects the Slab5 workspace; secrets must stay in the OAuth flow or bearer token, not in the URL.

Workspace owners and admins can add explicit OAuth workspace grants on the MCP Clients page when the connected client should have narrower scopes than the signed-in user has in the workspace.

JSON-RPC check

Before configuring a full client, confirm the MCP route can list tools:

List toolsbash

curl -X POST "$SLAB5_MCP_URL" \
  -H "Authorization: Bearer $SLAB5_WORKSPACE_MCP_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": "tools-1",
    "method": "tools/list"
  }'

For another environment, replace the URL and token with the environment-specific MCP endpoint and credential.

First prompt

After connecting, ask the client:

First prompt

Using Slab5, create a contact named Jane Doe at Acme Corp with email jane@acme.com. Then create a follow-up task for next Friday and log the activity.

Expected tool calls:

create_contact
create_task
log_activity

Troubleshooting

If the client cannot list tools, check the endpoint and bearer token.
If a write fails with missing_required_scope, create a token with the required scope.
If the same write may be retried, send an idempotency key through the tool input when supported.
Use the response request_id to inspect audit logs and usage events.