Secani

Secani MCP

Connect AI clients to Secani's authenticated Model Context Protocol server.

Secani MCP lets an approved AI client work with Secani through the Model Context Protocol. The server is designed for authenticated compliance workflows, with explicit human approval for changes.

What Secani MCP Provides

Secani MCP is a remote MCP server for Secani users. It uses Streamable HTTP and OAuth 2.0 bearer authentication through WorkOS.

The production endpoint is:

https://mcp.secani.com/mcp

The server currently exposes two focused tools:

  • connection_check verifies that the client authenticated successfully and can invoke a tool.
  • human_approval_number_test proposes an integer, asks for human approval, and stores the approved value in the Settings dialog test field.

Connection Details

SettingValue
TransportStreamable HTTP
MCP server URLhttps://mcp.secani.com/mcp
Protected-resource metadatahttps://mcp.secani.com/.well-known/oauth-protected-resource/mcp
AuthenticationOAuth 2.0 bearer token
Required scopeopenid
Bearer transportAuthorization header

The protected-resource metadata endpoint tells your MCP client which WorkOS authorization server to use. Configure the server URL in your client, then complete the OAuth flow in the client when prompted.

Connect an MCP Client

Generic remote MCP configuration

For clients that accept a remote MCP server definition, add:

{
  "mcpServers": {
    "secani": {
      "url": "https://mcp.secani.com/mcp"
    }
  }
}

The exact configuration file and OAuth UI depend on your client. Use the name Secani or secani, make sure the URL is exactly https://mcp.secani.com/mcp, and approve the WorkOS sign-in request.

Claude Code

Add Secani as a remote HTTP MCP server:

claude mcp add --transport http secani https://mcp.secani.com/mcp

Start Claude Code and open its MCP management flow to authorize the connection. The browser sign-in is part of OAuth; do not paste a bearer token into your project configuration.

Codex CLI

Add the server with the HTTP URL:

codex mcp add secani --url https://mcp.secani.com/mcp

When Codex detects OAuth support, follow the browser authorization flow and return to the CLI.

Cursor

Add the server to your MCP configuration:

{
  "mcpServers": {
    "secani": {
      "url": "https://mcp.secani.com/mcp"
    }
  }
}

Start the server from Cursor's MCP panel. Cursor should ask you to authenticate before protected tools are available.

ChatGPT custom connector

If your ChatGPT workspace supports custom remote MCP connectors:

  1. Enable Developer mode in the connector settings.
  2. Create a custom connector named Secani.
  3. Set the MCP server URL to https://mcp.secani.com/mcp.
  4. Select OAuth authentication.
  5. Complete the WorkOS authorization flow.

Availability and menu names depend on your ChatGPT plan and workspace configuration.

Available Tools

connection_check

Use this read-only tool to verify the connection after OAuth authorization.

Input:

{
  "echo": "optional diagnostic text"
}

The response confirms the authenticated Secani user and MCP client identity. It is useful as the first call after connecting a new client.

human_approval_number_test

Use this tool to test a complete human-in-the-loop workflow. It proposes an integer and asks the user to accept, decline, or cancel the change.

Input:

{
  "value": 42,
  "fieldLabel": "MCP-Testwert"
}

After approval, Secani stores the value in the Settings dialog test field. If the client cannot display MCP form elicitation, the requested value is treated as approved by the server's compatibility fallback. The tool still requires an authenticated Secani user and a configured test secret.

  1. Add https://mcp.secani.com/mcp to your client.
  2. Complete OAuth authorization with the WorkOS account that should access Secani.
  3. Run connection_check with a short echo value.
  4. Review the available tools and their descriptions.
  5. For human_approval_number_test, review the proposed value and approve it only when the change is intentional.

Troubleshooting

The client reports 401 Unauthorized

The server requires a valid OAuth bearer token for MCP requests. Re-open the client's MCP authorization flow and confirm that the account has completed WorkOS sign-in. Do not replace the MCP URL with the OAuth issuer URL.

OAuth discovery fails

Verify that the client is using the production endpoint and can reach:

https://mcp.secani.com/.well-known/oauth-protected-resource/mcp

The metadata response points the client to the correct authorization server and declares the required openid scope.

The approval prompt does not appear

The client may not support MCP form elicitation. Update the client if possible. Secani has a compatibility fallback for this test tool, but you should still review the proposed value before allowing the call to continue.

The endpoint opens as a web page

The MCP endpoint is a machine-to-machine transport, not a human-facing dashboard. Use an MCP client and the OAuth flow rather than a normal browser session. Human-readable MCP information is available at secani.com/docs/mcp.

Security Guidance

  • Verify the hostname before authorizing: mcp.secani.com is the official Secani MCP host.
  • Use OAuth through your MCP client; never commit or paste bearer tokens into source files, prompts, or issue trackers.
  • Review the client name, requested account, and scope before approving access.
  • Treat human_approval_number_test as a mutating tool even though it only changes the dedicated Settings dialog test field.
  • Keep human confirmation enabled for workflows that can make changes.
  • Only connect MCP clients and extensions you trust. An authorized client can send requests as the connected Secani user.