Token, audit, and privacy boundaries

Endpoint

https://mcpoauthscopegate.clauxel.com/mcp

Authentication

Production calls require a paid bearer token. The checkout and token-claim endpoints return machine-readable instructions for agents.

Available tools

• inspect_oauth_scope_risk returns structured JSON with verdict, reason, receipt_id, usage_units, and next_action.
• request_scope_approval returns structured JSON with verdict, reason, receipt_id, usage_units, and next_action.
• issue_consent_receipt returns structured JSON with verdict, reason, receipt_id, usage_units, and next_action.
• validate_server_scope_policy returns structured JSON with verdict, reason, receipt_id, usage_units, and next_action.
• export_scope_audit returns structured JSON with verdict, reason, receipt_id, usage_units, and next_action.

Example call

{"jsonrpc":"2.0","id":"call-1","method":"tools/call","params":{"name":"inspect_oauth_scope_risk","arguments":{"sample":"Remote MCP server requests read:files, write:issues, admin:repo, and offline_access for a deployment agent in a customer tenant."}}}

Setup pages

• Claude Desktop setup
• Cursor setup
• VS Code setup
• ChatGPT agent setup
• Tool call examples
• Security notes