/* global React, Button, Icon, useApiResource, apiFetch, useAuth, useToast */ // ============================================================ // /armature-mcp — the install + connect + manage hub for Armature's // own remote MCP server. Ported from the Connect-your-editor // design bundle (docs/superpowers/specs/2026-05-15-…). // ============================================================ const { useEffect: useEffectOMCP, useMemo: useMemoOMCP, useRef: useRefOMCP, useState: useStateOMCP, } = React; const MCP_URL = 'https://mcp.armature.tech/mcp'; // Inline Eyebrow component — the production repo uses .eyebrow as a class // rather than a component. The /armature-mcp page reads better with a component // wrapper because the eyebrow appears in many places. function Eyebrow({ children }) { return {children}; } // ---- Client matrix -------------------------------------------------------- // kind drives the install-snippet shape: // 'deep' — primary "Install in X" deep-link button + secondary CLI fallback // 'cli' — single shell command // 'json' — JSON config snippet (optionally with config-file paths) // 'web' — URL + Authorization header as separate copyable fields const CLIENTS = [ { id: 'claude-code', label: 'Claude Code', kind: 'cli', logo: '/frontend/assets/logos/claude-code.png' }, { id: 'cursor', label: 'Cursor', kind: 'deep', logo: '/frontend/assets/logos/cursor.png' }, { id: 'vscode', label: 'VS Code', kind: 'deep', logo: '/frontend/assets/logos/vscode.png' }, { id: 'claude-desktop', label: 'Claude Desktop', kind: 'json', logo: '/frontend/assets/logos/anthropic.svg.png' }, { id: 'codex', label: 'Codex', kind: 'cli', logo: '/frontend/assets/logos/codex.png' }, { id: 'chatgpt', label: 'ChatGPT', kind: 'web', logo: '/frontend/assets/logos/chatgpt.png' }, { id: 'opencode', label: 'opencode', kind: 'cli', logo: '/frontend/assets/logos/opencode.svg' }, { id: 'openclaw', label: 'openclaw', kind: 'cli', logo: '/frontend/assets/logos/openclaw.svg' }, { id: 'other', label: 'Other', kind: 'json', logo: null, monogram: '{ }', isOther: true }, ]; const HERO_CLIENT_LOGOS = CLIENTS.filter((client) => client.logo && !client.isOther); // ---- Sticky prefs --------------------------------------------------------- const LS_KEY = 'armature.ourmcp.prefs.v1'; function loadPrefs() { try { return JSON.parse(localStorage.getItem(LS_KEY)) || {}; } catch { return {}; } } function savePrefs(p) { try { localStorage.setItem(LS_KEY, JSON.stringify(p)); } catch { /* noop */ } } // ---- Use-case cards (capabilities tab #1) -------------------------------- const USE_CASES = [ { id: 'triage', eyebrow: 'Triage', title: 'Find out why a workflow is failing.', body: 'Pull the trace, isolate the failing span, and compare it to the last green run from your MCP client.', tools: ['search_runs', 'inspect_run', 'diagnose_run', 'compare_runs', 'get_org_health'], prompt: 'The insforge auth-redirect workflow started failing in the last hour. Pull the most recent failed run, diagnose it, and compare it to yesterday’s baseline.', }, { id: 'repair', eyebrow: 'Repair', title: 'Patch a workflow and ship the fix.', body: 'Stage a patch from a failing run, review the diff, apply with optimistic concurrency, and re-run — all approval-gated.', tools: ['propose_workflow_patch', 'draft_regression_workflow_from_run', 'apply_workflow_change', 'run_workflow_now'], prompt: 'Patch the workflow for that failing run so it refreshes the session before calling users.get, draft a regression for the failure mode, then re-run.', }, { id: 'design', eyebrow: 'Design', title: 'Add coverage for a new MCP server.', body: 'Read a target’s tool catalog, see what isn’t tested, and stage workflow proposals you can review in the dashboard.', tools: ['list_mcp_servers', 'list_cli_targets', 'get_workflows', 'sync_mcp_server_capabilities', 'propose_workflow_create'], prompt: 'We just added the Linear MCP server. Sync its capabilities, then propose three smoke workflows that cover its most-called tools.', }, { id: 'investigate', eyebrow: 'Investigate', title: 'See yesterday in one digest.', body: 'Pull today’s Insights digest — or any day’s — so your agent can summarise pass-rate, top regressions, and noisy tools.', tools: ['get_insight_digest', 'ensure_insight_digest'], prompt: 'Summarise yesterday’s Insights digest for our standup. Lead with anything that regressed by more than 5 points.', }, ]; // ============================================================ // Sub-components // ============================================================ function ConnectionStatus({ connected, count, loading }) { const statusText = loading ? 'Loading...' : connected ? `Connected · ${count} ${count === 1 ? 'credential' : 'credentials'}` : 'Not connected'; return (
Status {statusText}
); } function HeroLede({ status }) { return (

Connect Armature MCP - let your agent fix all your findings

Connect your MCP client to Armature so your agent can fix findings in place. {HERO_CLIENT_LOGOS.map((client) => ( {client.label} ))}
); } // ---- Auth mode segmented selector ---------------------------------------- function AuthModeToggle({ value, onChange, oauthEnabled }) { const opts = [ { id: 'oauth', label: 'OAuth', sublabel: oauthEnabled ? 'recommended' : 'rolling out', preview: !oauthEnabled }, { id: 'apikey', label: 'API key', sublabel: 'works today', preview: false }, ]; return (
{opts.map((o, i) => { const active = value === o.id; return ( ); })}
); } // ---- Client mosaic -------------------------------------------------------- function ClientMark({ c, active }) { return (
{c.logo ? ( ) : ( 2 ? 13 : 14, fontWeight: 500, letterSpacing: '-0.01em', color: active ? 'var(--on-ink)' : 'var(--text-2)', }}>{c.monogram} )}
); } function ClientPicker({ value, onChange }) { const rows = Math.ceil(CLIENTS.length / 3); return (
{CLIENTS.map((c, i) => { const active = value === c.id; const col = i % 3, row = Math.floor(i / 3); return ( ); })}
); } // ---- Install snippet builders -------------------------------------------- function buildSnippet({ client, authMode, oauthEnabled, apiKey }) { // When the org has OAuth enabled AND the user picked the OAuth tab, drop // the Authorization header from every snippet. MCP-capable clients negotiate // OAuth themselves against /api/mcp/oauth/authorize after their first call // to /api/mcp returns 401 with a WWW-Authenticate challenge. const useOauth = authMode === 'oauth' && oauthEnabled; const token = apiKey || ''; const concreteAuthHeaderObj = apiKey ? { Authorization: `Bearer ${apiKey}` } : {}; const authHeaderValue = useOauth ? null : `Bearer ${token}`; const authHeaderObj = useOauth ? {} : { Authorization: `Bearer ${token}` }; const authHeaderFlag = useOauth ? '' : ` --header "Authorization: Bearer ${token}"`; switch (client) { case 'claude-code': return { shape: 'cli', cmd: useOauth ? `claude mcp add \\ --transport http \\ armature ${MCP_URL}` : `claude mcp add \\ --transport http \\ --header "Authorization: Bearer ${token}" \\ armature ${MCP_URL}`, }; case 'cursor': { // Cursor's MCP install deep link expects a base64-encoded JSON config // matching the mcp.json server entry, NOT a bare ?url= parameter. // See https://docs.cursor.com/en/context/mcp#install-mcp-server const cursorConfig = { url: MCP_URL, // Deep-link installers do not expose an editable config surface before // launch. Never pass the placeholder token into the external app; omit // headers so the client can use OAuth discovery instead. ...(useOauth || !apiKey ? {} : { headers: concreteAuthHeaderObj }), }; const cursorConfigB64 = btoa(JSON.stringify(cursorConfig)); return { shape: 'deep', deepLabel: 'Install in Cursor', deepHref: `cursor://anysphere.cursor-deeplink/mcp/install?name=armature&config=${encodeURIComponent(cursorConfigB64)}`, cmd: `cursor mcp add armature ${MCP_URL}${authHeaderFlag}`, }; } case 'vscode': { // VS Code's MCP install handler does `JSON.parse(decodeURIComponent(uri.query))` // on the entire query string — there is no named param. See // microsoft/vscode src/vs/workbench/contrib/mcp/browser/mcpWorkbenchService.ts // (handleMcpInstallUri). The encoded JSON IS the query string; using a // named param like `?config=...` would make the handler's JSON.parse // fail. Reviewers occasionally flag this; keep the inline reference. const vscodeConfig = { name: 'armature', type: 'http', url: MCP_URL, ...(useOauth || !apiKey ? {} : { headers: concreteAuthHeaderObj }), }; return { shape: 'deep', deepLabel: 'Install in VS Code', deepHref: `vscode:mcp/install?${encodeURIComponent(JSON.stringify(vscodeConfig))}`, cmd: `code --add-mcp '${JSON.stringify(vscodeConfig)}'`, note: useOauth ? 'This adds the server config. VS Code starts OAuth when it starts the Armature MCP server.' : null, }; } case 'codex': return { shape: 'cli', cmd: useOauth ? `codex mcp add armature --url ${MCP_URL} codex mcp login armature` : `export ARMATURE_MCP_TOKEN=${token} codex mcp add armature \\ --url ${MCP_URL} \\ --bearer-token-env-var ARMATURE_MCP_TOKEN`, note: useOauth ? 'The first command adds the server. The second command opens the OAuth browser flow. If Armature was already added with an older command, remove it first with codex mcp remove armature.' : 'Codex stores the environment variable name, not the token value. Keep ARMATURE_MCP_TOKEN available when Codex starts. If Armature was already added with an older command, remove it first with codex mcp remove armature.', }; case 'opencode': return { shape: 'cli', cmd: useOauth ? `opencode mcp add armature ${MCP_URL}` : `opencode mcp add armature ${MCP_URL} \\ --auth "Bearer ${token}"`, }; case 'openclaw': return { shape: 'cli', cmd: useOauth ? `openclaw connect armature \\ --url ${MCP_URL}` : `openclaw connect armature \\ --url ${MCP_URL} \\ --bearer ${token}`, }; case 'claude-desktop': return { shape: 'json', configPaths: { macos: '~/Library/Application Support/Claude/claude_desktop_config.json', windows: '%APPDATA%\\Claude\\claude_desktop_config.json', }, restart: 'Quit and reopen Claude Desktop after saving.', json: JSON.stringify({ mcpServers: { armature: { transport: 'http', url: MCP_URL, ...(useOauth ? {} : { headers: authHeaderObj }), }, }, }, null, 2), }; case 'chatgpt': return { shape: 'web', url: MCP_URL, header: authHeaderValue, steps: [ 'Open ChatGPT → Settings → Connectors → Advanced settings.', 'Turn on Developer mode.', 'Click Create app.', useOauth ? 'Set MCP Server URL to the Armature MCP URL, set Authentication to OAuth, then choose I understand and want to continue.' : 'Paste the URL and the Authorization header into the matching fields.', 'Create the app, connect it, then start a new chat with the Armature connector enabled.', ], }; case 'other': default: return { shape: 'json', json: JSON.stringify({ name: 'armature', transport: 'http', url: MCP_URL, ...(useOauth ? {} : { headers: authHeaderObj }), }, null, 2), }; } } // ---- Snippet renderers ---------------------------------------------------- function CodeBlock({ children, label }) { const ref = useRefOMCP(null); const [copied, setCopied] = useStateOMCP(false); const copy = () => { const t = ref.current?.textContent || ''; if (navigator.clipboard?.writeText) navigator.clipboard.writeText(t).catch(() => {}); setCopied(true); setTimeout(() => setCopied(false), 1200); }; return (
{label && (
{label}
)} 
{children}
); } function FieldCopy({ label, value }) { const [copied, setCopied] = useStateOMCP(false); return (
{label}
{value}
); } function InstallContent({ client, authMode, apiKey, hasKey, oauthEnabled, onGenerateKey, toast }) { const s = buildSnippet({ client, authMode, oauthEnabled, apiKey }); const [deepLinkAttempted, setDeepLinkAttempted] = useStateOMCP(false); // API-key tab always needs a token. OAuth tab also needs one until the org // flag flips ON, because snippets fall back to API-key shape in that case. const oauthIsLive = authMode === 'oauth' && oauthEnabled; const showTokenHelp = !hasKey && !oauthIsLive; useEffectOMCP(() => { setDeepLinkAttempted(false); }, [s.deepHref]); function handleDeepLinkClick() { if (s.shape !== 'deep') return; setDeepLinkAttempted(true); if (toast) { toast.show({ tone: 'ok', title: `Opening ${s.deepLabel.replace(/^Install in\s+/i, '')}`, description: 'If nothing opens, the app may not be installed. Use the terminal command below.', }); } } return (
{/* OAuth → API-key fallback note, only when the org doesn't have OAuth yet */} {authMode === 'oauth' && !oauthEnabled && (
OAuth is in preview. Snippets fall back to API-key shape while we finish provider review. Switch to API key to dismiss this.
)} {/* Deep-link */} {s.shape === 'deep' && ( <>
{s.deepLabel} {deepLinkAttempted ? 'If nothing opened, use the terminal command below.' : 'Opens your MCP client via deep link.'}
{s.cmd} {s.note && (
{s.note}
)} )} {/* CLI */} {s.shape === 'cli' && ( <> {s.cmd} {s.note && (
{s.note}
)} )} {/* JSON config */} {s.shape === 'json' && ( <> {s.json} {s.configPaths && (
macOS {s.configPaths.macos} Windows {s.configPaths.windows}
{s.restart && (
↻ {s.restart}
)}
)} )} {/* Web (ChatGPT) */} {s.shape === 'web' && ( <>
{s.header && ( )}
    {s.steps.map((step, i) =>
  1. {step}
    2. )}
Open ChatGPT connectors
)} {/* Token help — only when there's no API key */} {showTokenHelp && (
You need an Armature API key to finish this install. The snippet shows <YOUR_TOKEN> until one exists.
)}
); } // ---- Install panel — the offset double-border window from the design ----- function InstallPanel({ children, client }) { const clientLabel = (CLIENTS.find(c => c.id === client) || {}).label || client; const url = `armature.tech / armature-mcp · ${clientLabel.toLowerCase()}`; return (
{url} INSTALL
{children}
); } // ---- Connections list ----------------------------------------------------- // `items` is a merged list of API keys and OAuth grants, each row carrying: // { id, kind: 'api_key' | 'oauth', name, tokenPrefix, createdAt, lastUsedAt } function ConnectionsList({ items, loading, onRevokeGrant, revokingId, navigate }) { // Distinguish loading from empty so the user doesn't get a misleading // "No active credentials" message while the first fetch is still in flight. if (loading) { return (
Loading credentials…
); } if (!items.length) { return (
No active credentials.
Follow the install above — your first key is created in the same flow.
); } return (
{items.map(k => ( ))}
Name Type Token Created Last used
{k.name || (k.kind === 'oauth' ? 'OAuth client' : 'Unnamed key')} {k.kind === 'oauth' ? 'OAuth' : 'API key'} {k.tokenPrefix || '—'} {k.createdAt ? formatShortDate(k.createdAt) : '—'} {k.lastUsedAt ? formatRelative(k.lastUsedAt) : 'Never'} {k.kind === 'oauth' ? ( // Inline revoke for OAuth grants — calls DELETE /api/mcp/oauth/grants/:id ) : ( // API keys aren't revocable from this page — the action // lives in Settings → API keys. Label the link as a // navigation, not a destructive verb. { e.preventDefault(); if (navigate) navigate('/settings/api-keys'); }} style={{ fontFamily: 'var(--font-mono)', fontSize: 10.5, color: 'var(--text-3)', textTransform: 'uppercase', letterSpacing: '0.06em', fontWeight: 500, }}> Manage → )}
); } function formatShortDate(iso) { if (!iso) return '—'; const d = new Date(iso); if (Number.isNaN(d.getTime())) return '—'; try { return d.toLocaleDateString(undefined, { month: 'short', day: 'numeric' }); } catch { return '—'; } } function formatRelative(iso) { if (!iso) return '—'; const t = new Date(iso).getTime(); if (!Number.isFinite(t)) return '—'; const diff = Date.now() - t; if (diff < 0) return 'just now'; if (diff < 60_000) return 'just now'; if (diff < 3_600_000) return `${Math.round(diff / 60_000)}m ago`; if (diff < 86_400_000) return `${Math.round(diff / 3_600_000)}h ago`; return `${Math.round(diff / 86_400_000)}d ago`; } // ---- Capabilities tabs ---------------------------------------------------- function MiniCopy({ value }) { const [copied, setCopied] = useStateOMCP(false); return ( ); } function UseCaseCard({ uc }) { return (
{uc.eyebrow}

{uc.title}

{uc.body}

“{uc.prompt}”
); } function RegistryRow({ name, desc, last }) { return (
{ e.currentTarget.style.background = 'var(--surface-2)'; }} onMouseLeave={(e) => { e.currentTarget.style.background = 'transparent'; }}> {name} {desc}
); } function CapabilitiesTabs({ manifest }) { const [tab, setTab] = useStateOMCP('use-cases'); const tools = manifest?.tools || []; const prompts = manifest?.prompts || []; const tabs = [ { id: 'use-cases', label: 'Use cases', count: USE_CASES.length, blurb: 'Four examples once Armature is connected. Copy a starter prompt to try it.', source: 'examples', }, { id: 'tools', label: 'Tools', count: tools.length, blurb: 'Functions your MCP client can call to investigate runs, repair workflows, and dispatch validations.', source: '/api/mcp/manifest', }, { id: 'prompts', label: 'Prompts', count: prompts.length, blurb: 'Pre-written templates that combine tools into a complete agent loop — invokable as “/prompt-name” in your client.', source: '/api/mcp/manifest', }, ]; const active = tabs.find(t => t.id === tab); const rows = tab === 'tools' ? tools : tab === 'prompts' ? prompts : []; return (
{/* Tab strip */}
{tabs.map(t => { const isActive = t.id === tab; return ( ); })}
{/* Sub-header */}
{active.blurb} {active.source}
{/* Content */} {tab === 'use-cases' ? (
{USE_CASES.map(uc => )}
) : (
{rows.length === 0 ? (
Loading…
) : rows.map((it, i) => ( ))}
)}
); } // ============================================================ // Main page // ============================================================ function OurMcpPage({ navigate, queryString: _queryString = '' }) { const auth = useAuth(); const oauthEnabled = Boolean(auth?.me?.featureFlags?.mcpOauthEnabled); const prefs = useMemoOMCP(() => loadPrefs(), []); // Default to OAuth when the org has it enabled; fall back to API key // otherwise so the user lands on a working install path. const [authMode, setAuthMode] = useStateOMCP( prefs.authMode || (oauthEnabled ? 'oauth' : 'apikey'), ); const [client, setClient] = useStateOMCP(prefs.client || 'claude-code'); const [revokingGrantId, setRevokingGrantId] = useStateOMCP(null); const toast = (typeof useToast === 'function') ? useToast() : null; useEffectOMCP(() => { savePrefs({ authMode, client }); }, [authMode, client]); // If the org flag flips off mid-session, snap back to API key so we never // show an OAuth install snippet the org can't actually complete. useEffectOMCP(() => { if (!oauthEnabled && authMode === 'oauth') setAuthMode('apikey'); }, [oauthEnabled, authMode]); const apiKeys = useApiResource('/api/settings/api-keys'); const manifest = useApiResource('/api/mcp/manifest'); // OAuth grants endpoint exists once main's MCP-OAuth PR is merged in. // The endpoint 403s for non-editor roles — useApiResource degrades to // an empty rows array, which is fine for the read-only connection list. const oauthGrants = useApiResource(oauthEnabled ? '/api/mcp/oauth/grants' : null); const activeKeys = apiKeys.data?.rows || []; const activeGrants = (oauthGrants.data?.rows || []).filter((g) => !g.revokedAt); const hasKey = activeKeys.length > 0; // Hero pill counts what the user can SEE in the connections table below. // /api/me/our-mcp-status applies the same user-scoping but we don't fetch // it here — the table data is already in flight via /api/settings/api-keys, // and reading both would just duplicate the SQL. const visibleCount = activeKeys.length + activeGrants.length; const connected = visibleCount > 0; const toolCount = manifest.data?.tools?.length || 16; // For snippet rendering we never inject the real secret — tokens are only // shown once at creation in /settings/api-keys. The snippet shows the // placeholder until the user pastes their token in. const apiKey = null; function handleGenerateKey() { if (typeof navigate === 'function') navigate('/settings/api-keys'); } // Merge API keys + OAuth grants into a single connection list, newest first. const connectionItems = useMemoOMCP(() => { const keys = activeKeys.map((k) => ({ kind: 'api_key', id: k.id, name: k.name, tokenPrefix: k.tokenPrefix, createdAt: k.createdAt, lastUsedAt: k.lastUsedAt, })); const grants = activeGrants.map((g) => ({ kind: 'oauth', id: g.id, name: g.clientName, // OAuth grants don't have a safe-to-display token prefix; the spec only // emits the bound client_id. The human-readable client name lives in // the Name column — surface the client_id as the token prefix here. tokenPrefix: g.clientId, createdAt: g.createdAt, lastUsedAt: g.lastUsedAt, })); return [...keys, ...grants].sort((a, b) => { const ta = a.createdAt ? new Date(a.createdAt).getTime() : 0; const tb = b.createdAt ? new Date(b.createdAt).getTime() : 0; return tb - ta; }); }, [activeKeys, activeGrants]); async function handleRevokeGrant(grantId) { if (!grantId) return; if (typeof window !== 'undefined' && !window.confirm('Revoke this OAuth grant?')) return; setRevokingGrantId(grantId); let revokeError = null; try { await apiFetch(`/api/mcp/oauth/grants/${grantId}`, { method: 'DELETE' }); } catch (error) { revokeError = error; } setRevokingGrantId(null); // ALWAYS reload — on success the grant disappears; on failure the table // re-syncs with the server so we don't leave a stale "deleted but still // visible" row behind. if (oauthGrants.reload) oauthGrants.reload(); if (revokeError) { console.error('Failed to revoke OAuth grant', revokeError); if (toast) { toast.show({ tone: 'bad', title: 'Revoke failed', description: revokeError.message || 'The OAuth grant could not be revoked. Try again.', }); } else if (typeof window !== 'undefined' && typeof window.alert === 'function') { window.alert(`Revoke failed: ${revokeError.message || revokeError}`); } } else if (toast) { toast.show({ tone: 'ok', title: 'OAuth grant revoked' }); } } return (
{/* Picker row — auth mode + client mosaic */}
1 · Auth mode
2 · AI client
{/* Install */}
3 · Install
{/* Connections — merge API keys and OAuth grants into one table */}
Active credentials · {connectionItems.length}

What’s connected

{ e.preventDefault(); if (navigate) navigate('/settings/api-keys'); }}> Manage in settings →
{/* Capabilities */}
What your agent can do now on Armature
); } window.OurMcpPage = OurMcpPage;