AI agents & MCP
Connect an AI coding agent — Claude Code or Codex — directly to your workspace and operate it in natural language: read and write records, manage the website, run app workflows. Your workspace ships a built-in MCP server (Model Context Protocol), so there's nothing to host and no separate integration to build.
Connect in one paste
- Mint an API key for the user the agent should act as: My Preferences → Account Security → New API Key (shown once). The agent inherits exactly that user's permissions.
- Add the server to your agent.
Claude Code
claude mcp add --transport http --scope user everjust \
https://<workspace>.everjust.app/mcp \
--header "Authorization: Bearer YOUR_API_KEY"
Codex (~/.codex/config.toml)
[mcp_servers.everjust]
url = "https://<workspace>.everjust.app/mcp"
bearer_token_env_var = "EVERJUST_API_KEY"
The agent loads the server's built-in instructions on connect. Ask it to
platform_info first — it reports your workspace's version, installed apps, and
the full tool list, so the agent always knows your current capabilities.
What the agent can do
A generic, permission-bounded surface over your data plus purpose-built website tools:
| Tool | Purpose |
|---|---|
search · get · count · find |
Read records and resolve names |
list_models · describe_model |
Discover models and your access to them |
create · update · delete |
Write records (delete needs confirm) |
call |
Call a model method (e.g. confirm an order, log a note) |
platform_info · list_installed_modules · whats_new |
Live workspace capabilities |
website_pages · website_new_page · website_edit_page · website_publish · website_menu · website_redirect |
Manage the website (see below) |
The full, always-current tool reference is generated from the server itself.
Security model
The agent acts as one user, and every call is bounded by that user's roles and record rules — an admin key can do what an admin can, a scoped key can't reach what its user can't. On top of that, the server hard-refuses a few things regardless of role, because a leaked key must not be able to take over a workspace:
- No self-escalation — it can't grant the Administrator role or edit access rules, record rules, or security models.
- No secret handling — integration secrets in configuration are never written or revealed.
- Safe writes —
deleteand non-read method calls require an explicit confirmation; destructive framework methods are blocked. - Full audit — every tool call is recorded in the workspace's audit trail.
Provision a dedicated, least-privilege integration user for agents rather than sharing an administrator login.
Editing the website
Website pages are edited only through the website_* tools, which apply changes
copy-on-write: your edit forks a workspace-specific copy of the page, so
platform updates never overwrite it and the shipped page stays intact. Read a
page's current markup with website_pages / website_edit_page before
rewriting, and keep the site's existing utility-class style. On-brand blocks are
available in the website builder so people can keep editing by hand too.
Operating knowledge (skills)
For deeper, task-specific guidance — how mail sending is gated, how the CRM and project models fit together, how to build a page well — install the EVERJUST agent skills into your coding agent. Each skill is a short, focused guide the agent loads only when relevant. Ask your workspace administrator for the current skills bundle.
Related
- External API — the underlying JSON / XML-RPC API the MCP server sits on.
- Security — access rights and record rules, which bound everything an agent can do.
- The ORM — the models and methods the tools operate on.
Last reviewed: 2026-07-05
Need a hand with this? company@everjust.co — a human answers.