AI agents & MCP

Connect an AI coding agent — Claude Code or Codex — directly to your workspace and operate it in natural language: read and write records, manage the website, run app workflows. Your workspace ships a built-in MCP server (Model Context Protocol), so there's nothing to host and no separate integration to build.

Connect in one paste

  1. Mint an API key for the user the agent should act as: My Preferences → Account Security → New API Key (shown once). The agent inherits exactly that user's permissions.
  2. Add the server to your agent.

Claude Code

claude mcp add --transport http --scope user everjust \
  https://<workspace>.everjust.app/mcp \
  --header "Authorization: Bearer YOUR_API_KEY"

Codex (~/.codex/config.toml)

[mcp_servers.everjust]
url = "https://<workspace>.everjust.app/mcp"
bearer_token_env_var = "EVERJUST_API_KEY"

The agent loads the server's built-in instructions on connect. Ask it to platform_info first — it reports your workspace's version, installed apps, and the full tool list, so the agent always knows your current capabilities.

What the agent can do

A generic, permission-bounded surface over your data plus purpose-built website tools:

Tool Purpose
search · get · count · find Read records and resolve names
list_models · describe_model Discover models and your access to them
create · update · delete Write records (delete needs confirm)
call Call a model method (e.g. confirm an order, log a note)
platform_info · list_installed_modules · whats_new Live workspace capabilities
website_pages · website_new_page · website_edit_page · website_publish · website_menu · website_redirect Manage the website (see below)

The full, always-current tool reference is generated from the server itself.

Security model

The agent acts as one user, and every call is bounded by that user's roles and record rules — an admin key can do what an admin can, a scoped key can't reach what its user can't. On top of that, the server hard-refuses a few things regardless of role, because a leaked key must not be able to take over a workspace:

  • No self-escalation — it can't grant the Administrator role or edit access rules, record rules, or security models.
  • No secret handling — integration secrets in configuration are never written or revealed.
  • Safe writesdelete and non-read method calls require an explicit confirmation; destructive framework methods are blocked.
  • Full audit — every tool call is recorded in the workspace's audit trail.

Provision a dedicated, least-privilege integration user for agents rather than sharing an administrator login.

Editing the website

Website pages are edited only through the website_* tools, which apply changes copy-on-write: your edit forks a workspace-specific copy of the page, so platform updates never overwrite it and the shipped page stays intact. Read a page's current markup with website_pages / website_edit_page before rewriting, and keep the site's existing utility-class style. On-brand blocks are available in the website builder so people can keep editing by hand too.

Operating knowledge (skills)

For deeper, task-specific guidance — how mail sending is gated, how the CRM and project models fit together, how to build a page well — install the EVERJUST agent skills into your coding agent. Each skill is a short, focused guide the agent loads only when relevant. Ask your workspace administrator for the current skills bundle.

  • External API — the underlying JSON / XML-RPC API the MCP server sits on.
  • Security — access rights and record rules, which bound everything an agent can do.
  • The ORM — the models and methods the tools operate on.

Last reviewed: 2026-07-05

Need a hand with this? company@everjust.co — a human answers.