Hubity MCP Server
Connect any MCP-compatible AI assistant to your Hubity company data. Works for solo founders through enterprise teams.
Overview
Hubity exposes a public Model Context Protocol (MCP) server at https://hubity.io/api/mcp. Any MCP-compatible client (Claude Desktop, MCP Inspector, Cursor, Continue.dev, Cline) can connect to the server to search a company knowledge base, inspect connector observations, and drive projects, tasks, staff, invoicing, CRM, meetings, and PTO data under the authenticated user's role.
The server implements MCP protocol version 2025-11-25 with HTTP transport and Server-Sent Events streaming. OAuth 2.1 with PKCE is the primary authentication method; personal bearer tokens (generated in The Hub → Integrations) are accepted for CLI-style clients.
Connecting
Endpoint
POST https://hubity.io/api/mcp
Content-Type: application/json
Authorization: Bearer <token>Discovery
/api/mcp/server.json: complete MCP Registry metadata./.well-known/mcp-client.json: Client Identity Metadata Document (CIMD) for auto-registration./.well-known/oauth-authorization-server: OAuth 2.1 authorization server metadata./.well-known/oauth-protected-resource: resource server metadata./.well-known/jwks.json: JSON Web Key Set for token verification./.well-known/trust-bundle.json: signed trust evidence bundle./api/mcp/conformance: live conformance report.
Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or the equivalent on Windows:
{
"mcpServers": {
"hubity": {
"url": "https://hubity.io/api/mcp",
"transport": "http"
}
}
}Claude Desktop will trigger the OAuth flow on first connection and present the Hubity consent screen. Tokens are cached locally.
Claude Code
Claude Code (the CLI) registers servers with a single command. To connect with browser-based OAuth (no token to manage):
claude mcp add --transport http hubity https://hubity.io/api/mcpThen run /mcp inside Claude Code and approve the Hubity sign-in. To use a personal bearer token instead (handy for scripts and CI), pass it as a header:
claude mcp add --transport http hubity https://hubity.io/api/mcp \
--header "Authorization: Bearer <token>"Add --scope user to make the connection available across all your projects, or commit a project .mcp.json to share it with your team. Verify with claude mcp list.
Authentication
OAuth 2.1 (recommended)
- Authorization endpoint:
https://hubity.io/api/mcp/oauth/authorize - Token endpoint:
https://hubity.io/api/mcp/token - Registration endpoint:
https://hubity.io/api/mcp/clients(RFC 7591 Dynamic Client Registration) - PKCE is required;
code_challenge_methodmust beS256 - Refresh tokens rotate on every use
- DPoP sender-constrained tokens supported (RFC 9449) via
DPoPrequest header
Personal bearer tokens
For scripts and CLI use, generate a company-scoped token at The Hub → Integrations → Connect an MCP client. Tokens can be scoped and given an expiry at creation time. Every token is audit-logged.
Scopes
knowledge:read: search and read company knowledge documentsobservations:read: read connector observation feedmcp:read: full read access across projects, tasks, staff, invoicing, CRM, meetings, PTOmcp:write: writes (time entries, invoice creation from accepted proposals)
Tools
The authoritative tool list is tools/list over the live MCP protocol, or the tools array in /api/mcp/server.json. Categories:
Knowledge & observations
search_knowledge,get_knowledgelist_observations,get_observation
Projects & tasks
list_projects,get_project,get_project_profitabilitylist_tasks,get_task
Staff & organization
list_staff,get_staff_member,get_org_chartlist_pto_requests
Finance & CRM
list_invoices,get_invoice,get_billing_statuslist_proposals,get_proposal,create_invoice_from_proposallist_deals,get_dealforecast_cash_flow,get_utilization_report,get_dashboard
Meetings, feeds, polls
list_meetings,get_meeting_minuteslist_feeds,get_feed_itemslist_polls,get_poll_results
Time & workflow
log_time_entry(write)run_workflow: server-side multi-step DAG execution (up to 10 steps)route_intent: natural-language intent routing
Prompts and resources
Hubity is a full MCP surface, not tools alone. Beyond the tools above, the server exposes ready-made prompts and live resources so an assistant can pull structured context directly instead of inferring it. The authoritative lists are prompts/list and resources/list over the live MCP protocol.
Prompts
summarize_observations: a structured briefing from recent connector observations.search_and_summarize: search the knowledge base and return a formatted summary.
Resources
hubity://dashboard,hubity://company/metrics: real-time KPI snapshots.hubity://company/team,hubity://staff/{id}: org roster and member detail.hubity://invoices,hubity://calendar: open invoices and today's meetings.
Security and provenance
- Every response carries a
MCP-Protocol-Version: 2025-11-25header. - Writes are audit-logged with user identity, tool arguments, and provenance hash.
- Tenant isolation: tokens are scoped to a single company; cross-tenant reads are rejected at the permission layer.
- Encryption: AES-256-GCM for credentials at rest, Ed25519 signatures on provenance envelopes, TLS 1.2+ in transit.
- Sensitive content (archived, personal-visibility, encrypted-at-field-level) is never returned over MCP.
- Rate limits: 1,000 requests per hour per token by default, with higher negotiated budgets for enterprise tenants. Anonymous discovery and OAuth endpoints carry their own lower per-IP limits to deter abuse.
Support and disclosure
- General support: [email protected]
- Security issues: [email protected] (90-day coordinated disclosure)
- Abuse: [email protected]
- Status: hubity.io/status
- Privacy policy: /privacy
- Terms: /terms