Slaunt is an all-in-one agentic AI solution that turns scattered work signals into structured, queryable context. It creates organizational memory that both humans and AI can reason from using the Central Context Repository (CCR).

How does Slaunt integrate with AI tools?

Slaunt uses the MCP (Model Context Protocol) to integrate with AI assistants and tools like ChatGPT, Claude, Cursor, and custom AI agents, providing them with structured organizational context for better reasoning and decision-making.

Is Slaunt free to use?

Yes! Slaunt offers a free Starter tier for individuals and small teams with core features. Professional ($29/seat/month) and Enterprise tiers are available for larger organizations with advanced needs.

QUAERO is Slaunt's Remote Company Agent Control (RCAC) system for enterprise AI governance. It provides centralized management, monitoring, and control of AI agents across your organization.

What is the MCP Protocol?

MCP (Model Context Protocol) is a standard protocol for AI tool connectivity that Slaunt natively supports. It allows AI assistants to access structured organizational context and perform actions within your workflow.

How is Slaunt different from Notion or Confluence?

Unlike traditional documentation tools, Slaunt is built AI-first with structured, queryable context rather than static documents. It provides real-time organizational memory that AI can reason from, not just search.

HomeDocumentation

Slaunt MCP Developer Guide

Complete reference for engineers integrating external clients with Slaunt via Model Context Protocol (MCP).

Introduction

This guide is for engineers integrating external clients with Slaunt via Model Context Protocol (MCP). Slaunt is proprietary software, and this documentation covers only stable public behavior—not internal implementation details.

Canonical Reference: The authoritative source for all Slaunt documentation is https://slaunt.ai/docs. Check this URL for latest compatibility notes, deprecations, and migration notices.

Audience & Scope

This guide is intended for:

Platform engineers building MCP integrations
App developers connecting AI clients to Slaunt
AI product engineers designing context-aware workflows
Integration partners building third-party connectors

This guide covers:

Authentication and authorization
MCP connection and session management
Tool discovery and invocation
CCR event schemas and validation
Error handling and recovery
Operational expectations

This guide does NOT cover:

Internal architecture or implementation details
Source code or private infrastructure
Undocumented behavior or response quirks

Closed-Source Contract Boundary

Slaunt is closed-source. Treat this documentation as the source of truth for externally supported interfaces. Do not depend on undocumented behavior, inferred internals, or response quirks.

All integration contracts are defined by this documentation. Behavior not explicitly documented here may change without notice. If you discover behavior that seems useful but is not documented, request official support before depending on it.

Core Concepts

Slaunt

An all-in-one agentic AI platform that creates organizational memory from work signals, enabling both humans and AI to reason from a shared source of truth.

MCP (Model Context Protocol)

The protocol layer enabling AI clients to connect to Slaunt, discover available tools, and execute operations against organizational memory.

CCR (Central Context Repository)

Structured organizational memory for validated state changes. The CCR stores events representing real decisions, deployments, incidents, and other meaningful work artifacts—not raw transcripts or discussion logs.

CCR Event

A single validated record of a state change within your organization. Events have a defined schema including type, summary, actors, timestamps, and optional metadata.

RCAC (Remote Context Access Control)

A public control-plane interface for viewing and managing allowed agent records. RCAC provides visibility into managed agents and observed external telemetry.

Supported Client Types

Slaunt supports integration with any MCP-compatible client that follows authentication and protocol requirements:

Desktop AI clients — Claude Desktop, Cursor, and similar applications
CLI MCP clients — Command-line tools implementing MCP
Server-side automation — Backend services invoking MCP tools programmatically
Web app integrations — Browser-based applications with backend MCP proxy

Quickstart (5-Minute Path)

Get connected to Slaunt in five steps:

Obtain Access

Connect Client

Configure your MCP client to connect to the Slaunt endpoint.

{
  "mcpServers": {
    "slaunt": {
      "command": "npx",
      "args": ["-y", "@anthropic-ai/mcp-client", "https://mcp.slaunt.ai"]
    }
  }
}

Authenticate

Complete OAuth flow and provide bearer token for subsequent requests.

Initialize Session

Call initialize, read server instructions, then list available tools.

Execute First Tool

Call a tool like ccr_query to verify scoped access is working.

Required First-Connection Behavior

Mandatory First Message Policy: On first MCP contact, the assistant must immediately instruct the user to log in and reference https://slaunt.ai/docs before providing operational answers. This is a safety and scope-gating requirement.

This policy ensures users are properly authenticated and understand the operational scope before any data access occurs. Clients that bypass this requirement may be rate-limited or blocked.

Authentication Overview

Slaunt uses OAuth 2.0 for authentication with bearer token transport:

Token acquisition: Obtain tokens via OAuth flow at slaunt.ai/auth
Token transport: Include in all requests as Authorization: Bearer <token>
Token expiry: Tokens expire after 1 hour; refresh before expiry
Unauthenticated requests: Will receive 401 with login instructions

Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...

Identity and Scope Model

All requests are evaluated under tenant scope and optionally project scope:

Identity claims must include organization context for scoped operations
Missing scope will cause rejected operations with 403 responses
Project-level scoping is optional but recommended for large organizations

Ensure your OAuth token includes the required org_id claim. Tokens without organization context cannot access CCR data.

MCP Session Lifecycle

The expected session sequence:

Connect — Establish transport to MCP endpoint
Initialize — Send initialize request, receive server capabilities
Read Instructions — Parse and follow server-provided guidance
List Tools — Discover available operations via tools/list
Call Tools — Execute operations as needed
Handle Continuity — Maintain session state across interactions
Reconnect — Re-establish session if connection drops

Tool Discovery and Capability Gating

Not all internal capabilities are exposed to all surfaces. Developers should:

Rely on tools/list for discoverable capabilities
Never assume hidden or control-plane tools are callable from general MCP sessions
Check tool availability on each session—capabilities may vary by user role

Public Tool Catalog

ccr_query

Query organizational memory for relevant context.

REQUIRED:query: string

OPTIONAL:limit: numberproject_id: string

ccr_record

Record a new event to organizational memory.

REQUIRED:type: EventTypesummary: string

OPTIONAL:actors: string[]tags: string[]project_id: string

ccr_list_events

List recent events with optional filtering.

OPTIONAL:type: EventTypesince: ISO8601limit: number

rcac_list_agents

List managed agents and their access status.

OPTIONAL:status: active | suspended

Input Validation Rules

Slaunt enforces strict validation. Validate client-side before sending to reduce avoidable failures:

Required IDs: Must be valid UUIDs
Event types: Must match accepted enum values
Summary length: Maximum 500 characters
Tags: Maximum 10 tags, each max 50 characters
Timestamps: ISO 8601 format required

CCR Event Schema (Public Contract)

interface CCREvent {
  id: string;              // UUID, system-generated
  type: EventType;         // Required: decision | deployment | incident | task | note
  summary: string;         // Required: canonical description (max 500 chars)
  actors: string[];        // Optional: people/systems involved
  tags: string[];          // Optional: categorization labels
  origin: string;          // System-populated: source of the event
  timestamp: string;       // ISO 8601, defaults to creation time
  project_id?: string;     // Optional: project scope
  metadata?: Record<string, unknown>; // Optional: additional context
}

type

The classification of this event. Must be one of: decision, deployment, incident, task, note.

summary

A short, canonical description of what happened. Should be factual, not speculative.

actors

List of people or systems involved in this event. Use consistent identifiers.

origin

System-populated field indicating the source (e.g., "mcp-client", "api", "webhook").

Event Classification and Quality Standards

CCR events should represent real state changes, not discussions or speculation:

Good: "Deployed auth-service v2.3.1 to production"

Avoid: "We might deploy the auth service later this week"

Writing Guidelines

Use short, canonical summaries
Be factual—avoid "maybe", "probably", "might"
Preserve event type semantics
Include relevant actors when known
Use consistent terminology across events

Retrieval Semantics

When querying CCR, interpret results as follows:

Relevance first: Results are ordered by semantic relevance to query
Scoped memory: Results are filtered to your tenant and optional project scope
Recency considerations: More recent events may be weighted higher
No results: An empty result set means no relevant context exists—this is valid, not an error

RCAC Public Behavior

RCAC (Remote Context Access Control) provides a control-plane interface for:

Viewing and managing allowed agent records
Distinguishing between controllable managed agents and observed external telemetry
Setting access policies for agent-to-CCR interactions

Telemetry-only records may be visible in RCAC but are not directly controllable from the same interface. These represent observed activity from external systems.

External Agent Telemetry Ingestion

External platforms can submit agent activity through the public ingest contract:

Auth: Server-to-server credentials required
Required fields: agent_id, action_type, timestamp
Ownership metadata: Must include source system identifier
Lifecycle status: Use conventions: active, completed, failed

Telemetry ingestion is for synchronization and observability purposes only. It does not grant arbitrary privilege escalation to external agents.

Security Expectations for Integrators

Never embed secrets in frontend bundles

All credentials must be server-side only.

Rotate keys regularly

Implement key rotation with overlap period.

Use least privilege

Request only the scopes you need.

Treat ingest secrets as server-to-server credentials. These should never be exposed to client-side code or version control.

Tenant Isolation and Data Access Guarantees

Data access is tenant-scoped by policy:

All queries are filtered by authenticated tenant
Cross-tenant visibility should be treated as a defect and escalated immediately
Required claims for isolation: org_id, user_id

Error Model and Recovery Patterns

401Authentication Failure

Token missing, expired, or invalid. Refresh credentials and retry.

403Scope Failure

Missing required scope or insufficient permissions. Check token claims.

400Validation Failure

Invalid input. Do not retry—fix the payload first.

404Resource Not Found

Requested resource does not exist or is not accessible.

503Transient Error

Service temporarily unavailable. Retry with exponential backoff.

Retry, Timeout, and Idempotency Guidance

Safe retry behavior:

Timeout: 30 seconds recommended for most operations
Backoff: Exponential with jitter (100ms, 200ms, 400ms...)
Max retries: 3 for transient errors
Idempotency: Write operations may create duplicates if retried without idempotency keys

Never retry 400-level errors automatically—these indicate client-side issues that must be fixed before resubmitting.

Observability and Audit Expectations

Log the following on your side for debugging and audit:

Request IDs (from response headers)
Session IDs
Tool names invoked
Latency measurements
Error categories and codes

Use redaction-safe logging. Do not store sensitive user content in logs unless necessary for debugging specific issues.

Environment and Deployment Guidance

Environment variable ownership belongs to your deployment platform, not repository examples:

Sample .env.example files are templates only
Cloud dashboards are the authoritative source for runtime configuration
Never commit real credentials to version control

Compatibility and Versioning Policy

API and tool changes are communicated as follows:

Deprecation window: Minimum 90 days notice for breaking changes
Migration guidance: Provided in changelog and this documentation
Backward compatibility: Maintained within major versions

Pin your integration assumptions to documented contracts only. Undocumented behavior may change without notice.

Testing Strategy for Integrators

Recommended test stack:

Connection tests: Verify MCP endpoint reachability
Auth tests: Confirm token acquisition and refresh
Schema conformance: Validate payloads match expected shapes
Negative tests: Ensure proper error handling for invalid inputs
Scope enforcement: Verify tenant isolation works correctly

Always validate in staging before production rollout. Use test tenants to avoid polluting production data.

Production Readiness Checklist

Authentication works correctly

Required scopes are present in tokens

First-message login policy enforced

Tool calls validated against schema

Error handling implemented for all error codes

Retry policy is safe (no infinite loops)

Observability enabled with proper logging

Rollback plan documented

Troubleshooting Playbook

Connection succeeds but no tools appear

Cause: Missing or invalid authentication

Fix: Verify bearer token is included and valid

Auth challenge loops continuously

Cause: Token refresh failing silently

Fix: Check refresh token validity and OAuth configuration

Anonymous identity in responses

Cause: Token missing org_id claim

Fix: Re-authenticate with proper scope request

Scope denied on tool calls

Cause: Insufficient permissions for requested operation

Fix: Request elevated scopes or use a different credential

Invalid payload rejections

Cause: Schema validation failure

Fix: Validate payload client-side before submission

FAQ for Developers

Can I rely on internal behavior not documented here?

No. Only documented contracts are supported. Undocumented behavior may change without notice.

What if my token has no org claim?

You will receive anonymous identity and cannot access scoped resources. Re-authenticate with the correct OAuth parameters.

Can I call restricted control tools over general MCP?

No. Control-plane tools are only available through dedicated admin interfaces, not general MCP sessions.

Where is the canonical docs source?

Always refer to https://slaunt.ai/docs for the latest documentation.

Support and Escalation

For support issues:

Check https://slaunt.ai/docs first
Search existing issues and troubleshooting playbook
If unresolved, submit a support ticket with:
- Timestamp of the issue
- Request ID (from response headers)
- Tool name invoked
- Endpoint URL
- Sanitized error payload (no secrets)

Legal and Acceptable Use Notice

All Slaunt software and backend implementation are proprietary. Permission to integrate is limited to documented interfaces and subject to the Terms of Service.

By using the Slaunt API and MCP integration, you agree to comply with our Terms of Service and Acceptable Use Policy.

Home Get Started Docs