Kodori speaks the Model Context Protocol natively. Any conformant MCP client can connect to your workspace and call the same tool catalog Kodori's own agent uses — no custom integration code required.
**Endpoint**
POST https://kodori.ai/api/mcp
Auth: Bearer header with a Kodori API key (`k_…`). Mint one at /api-keys with the scopes you want exposed.
**Scope mapping**
The catalog is filtered by your API key's scopes. The defaults:
- `search:read` (always granted) — every read tool: hybridSearch, listMembers, recentActivity, listLegalHolds, listRetentionClasses, listRetentionReviewQueue, listDocumentVersions, listDocumentEvents, getDocumentExtraction, listAnomalies, listDlpFindings, listSavedSearches, runSavedSearch, listApiKeys, listWebhooks, getTenantSettings, verifyAuditChain, tenantUsageSummary, helpKnowledge. - `documents:write` — createDocument, renameDocument, sensitivity / metadata / version writes, restoreDocument, AEC metadata, check-in/check-out, annotation create/delete. - `collections:write` — collection lifecycle, permissions, legal hold lifecycle, retention class lifecycle, governance triage (acknowledge/dismiss anomalies, decide DLP findings, archive retention class). - `documents:delete` — tombstoneDocument.
A read-only key sees a smaller `tools/list` response. A higher-scope key sees more tools light up.
**Audit**
Every tool call emits an audit event with `actorKind='agent'` and `actorId` set to the user who issued the API key. Filter `/audit?actor=apikey:<prefix>` to see exactly what an external MCP client did via this surface.
**Connecting Claude Desktop**
Add this to `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) or the equivalent on Windows:
{ "mcpServers": { "kodori": { "url": "https://kodori.ai/api/mcp", "transport": "streamable-http", "headers": { "Authorization": "Bearer k_yourprefix_yoursecret" } } } }
Restart Claude Desktop and the Kodori tools appear in the tool drawer.
**Connecting Cursor**
In Cursor settings → MCP, add a new server:
Name: kodori URL: https://kodori.ai/api/mcp Auth: Bearer k_yourprefix_yoursecret
**Connecting Kodokyo's agent**
Kodokyo (the sister product, kodokyo.ai) ships an MCP-compatible agent. Drop your Kodori API key into Kodokyo's project secrets as `KODORI_API_KEY` and add a workspace-level MCP server pointing at `https://kodori.ai/api/mcp`. Kodokyo's agent then has access to the entire Kodori tool catalog inside Kodokyo conversations — your project manager can ask "find every NDA from this client and add it to the active matter" without leaving Kodokyo.
**Connecting custom integrations**
Any HTTP client that speaks JSON-RPC 2.0 can call the endpoint. The shape:
POST /api/mcp Authorization: Bearer k_… Content-Type: application/json Accept: application/json, text/event-stream
{ "jsonrpc": "2.0", "id": 1, "method": "tools/list" }
Response is either a single JSON-RPC payload or an SSE stream depending on the method. Tool calls return a single JSON response by default (`enableJsonResponse` is on for stateless mode).
**Stateless transport**
We run the MCP transport in stateless mode (no `Mcp-Session-Id` issued). Each request is independent — there's no session state held server-side, so Vercel-style serverless deployment doesn't fragment sessions. Resumability via event store is not enabled in this mode.
**Spec compliance**
Implements the 2025-11-25 MCP specification (Streamable HTTP transport). For new MCP capabilities (resources, prompts, sampling) — file a request via security@kumokodo.ai and we'll prioritize against pilot demand.