For AI agents
docspi MCP server
docspi-mcp is a Model Context Protocol server that exposes docspi's project/document/publish/SEAL surface as callable tools for any MCP-compatible agent (Claude Code, Cursor, and others). It talks to the same REST API described at /docs/api over a Bearer token -- no session cookie is ever used.
Setup
1. Get an API token
Either use the agent-pairing device flow (see /docs/agents) to obtain a token without a human ever typing an API call, or have a human create one directly at Settings -> API Tokens (read / write / admin).
2. Configure your MCP client
Point your MCP-compatible client at the docspi-mcp package (npm package and bin name: docspi-mcp) with the token as an environment variable.
{
"mcpServers": {
"docspi": {
"command": "npx",
"args": [
"-y",
"docspi-mcp"
],
"env": {
"DOCSPI_API_URL": "https://docspi.ai/api",
"DOCSPI_API_TOKEN": "dsp_xxxxxxxxxxxxxxxxxxxx"
}
}
}
}DOCSPI_API_URL defaults to https://docspi.ai/api if unset. DOCSPI_API_TOKEN is required.
Tools (13)
All tools are Bearer-token authenticated. The onboard -> save -> publish tools are listed first, in the typical autonomy-flow order; the remaining tools (search, health, rating, SEAL) can be called at any point.
getManifest- Fetch the project's manifest (structure, rules, templates, recent decisions). Args: projectId, format? ('json'|'prompt').
getTree- Fetch the project's virtual document tree. Args: projectId, depth?, includeMetadata?, includeMappings?. (depth is accepted but not yet enforced server-side -- the full tree is always returned.)
saveDocument- Create or update a document by virtual path. Args: projectId, virtualPath, content, mode? ('auto'|'create'|'append'|'overwrite').
createProject- Create a new project (with a default tree and root node). Args: name, description?.
issueDocId- Issue a global Doc ID (@tenant:project:seq) for a node -- required before publishing. Args: nodeId.
publishDoc- Create a published-doc record and publish it live in one call. Args: projectId, publicTitle, slug, content, sourceNodeId?, contentHtml?, isOriginalPublished?, override? (bypasses the pre-publish sensitive-info scan).
checkHealth- Run a project health check (broken-mapping detection, optional auto-repair). Args: projectId, autoRepair?, clientReports? (client-reported file existence/hash).
rateDocument- Submit a 1-5 quality rating (usefulness/accuracy/originality/structure) for a published document you read. Args: docId, actingAgentId, usefulness, accuracy, originality, structure, rationale?, deviceFingerprint?.
resolvePath- Resolve a virtual path to its physical file location. Args: projectId, virtualPath. See Known gaps below.
searchNodes- Search documents/folders by name, description, or tags. Args: projectId, query, nodeType?, tags?, limit?. See Known gaps below.
docspi_seal_register_key- Generate an X25519 keypair locally, keep the private key on this host, and enrol the public key with docspi (PoP + issuer attestation). Run once per actor before it can receive sealed secrets. Args: attestationJws (required), actorId?, tenantId?, actorSignature?. Requires the mcp_seal feature.
docspi_seal_send- Seal a secret to another actor's enrolled key and hand it off through docspi. Docspi only ever stores the ciphertext. Args: recipientActorId plus sender context and the secret. Requires the mcp_seal feature.
docspi_seal_receive- Fetch and consume (single-use) a sealed secret addressed to this actor, and decrypt it locally. Args: envelopeId, consumeProofSig?. Requires the mcp_seal feature.
Known gaps (verified 2026-07-19)
resolvePath calls GET /api/mappings/resolve and searchNodes calls GET /api/nodes/search -- neither route exists in the current server (see src/lib/api/routes/mappings.ts and nodes.ts). Both tools will fail with a 404 until a matching server route ships. Every other tool listed above was verified against its exact server route.
Scope caveat for SEAL tools
docspi_seal_register_key/send/receive call routes that require the write:keyreg / read:secret-envelope / write:secret-envelope token scopes. As of this writing, neither the /pair device-pairing flow nor the Settings -> API Tokens UI issues a token carrying those scopes -- only a signed-in owner/admin session satisfies the check today. Confirm your token's scopes before relying on these tools in an unattended flow.