Wire qlows into your AI in 30 seconds.

1. Mint a token

1. Sign in to qlows and open Settings → MCP (or navigate to /mcp).
2. Click New token. Name it after the tool you’re connecting — e.g. “Claude Desktop · MacBook”.
3. Copy the token. It starts with qlw_live_ and is shown only once. Treat it like a password.

By default new tokens have no scopes — assign at least one (typically mcp:read-deals + mcp:read-snapshot, or mcp:* for the full set). The token UI shows the scope checkboxes inline.

2. Pick your client

The same URL pattern works in every client — only the surrounding JSON shape differs. Replace <your-token> with the token you minted in step 1.

Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "qlows": {
      "url": "https://app.qlows.com/api/mcp/<your-token>/rpc"
    }
  }
}

Restart Claude Desktop. qlows appears in the MCP-servers list in the bottom-right slider menu.

Cursor

Open Settings → MCP → Add Server:

{
  "mcpServers": {
    "qlows": {
      "url": "https://app.qlows.com/api/mcp/<your-token>/rpc"
    }
  }
}

Windsurf

Edit ~/.codeium/windsurf/mcp_config.json. Note the key is serverUrl (Windsurf-specific), not url:

{
  "mcpServers": {
    "qlows": {
      "serverUrl": "https://app.qlows.com/api/mcp/<your-token>/rpc"
    }
  }
}

Cline (VS Code)

In VS Code: Cline panel → gear icon → MCP Servers → Add Server, then paste:

{
  "mcpServers": {
    "qlows": {
      "url": "https://app.qlows.com/api/mcp/<your-token>/rpc"
    }
  }
}

Zed

Zed doesn’t support remote-URL MCP servers natively — wrap the endpoint in a curl command via context_servers in settings.json:

{
  "context_servers": {
    "qlows": {
      "command": {
        "path": "curl",
        "args": [
          "-X", "POST",
          "https://app.qlows.com/api/mcp/<your-token>/rpc"
        ]
      }
    }
  }
}

3. Test the connection

The cleanest path: in Settings → MCP, click the Test connection button on the active client card. Green ✓ within ~1 second.

Or verify from a terminal:

curl -s -X POST https://app.qlows.com/api/mcp/<your-token>/rpc \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' | jq '.result.tools[].name'

You should see the 7 tool names printed. If you get an error block instead, see Troubleshooting below.

4. Try it

In your AI client, try these prompts:

• Use the qlows MCP server to list my open deals.
• Get the snapshot for deal abc-123 and summarize the top 3 risks.
• Search my compliance items for “CMMC L2” and group by deal.
• Show me only the unanswered questions for deal abc-123 that have already been assigned.

Available tools

The MCP server exposes 7 read-only tools. All inputs are validated server-side — bad arguments come back as a structured error the LLM can correct and retry.

Each deal is also exposed as a resource at qlows://deal/<id>. Clients that support resource-picking (Claude Desktop) can attach a deal as context to a message directly.

Scopes

Tokens carry scopes that restrict which tools the bearer can call. Set scopes when minting; you can also re-issue a token with different scopes at any time.

• mcp:read-deals — list_deals, search_compliance_items, get_q_routing_state, get_intelligence_summary, resources/list
• mcp:read-snapshot — get_deal_snapshot, resources/read
• mcp:* — wildcard, all current and future MCP scopes

Tokens minted before scope-enforcement landed are grandfathered as wildcard. New tokens default to no scopes — assign at least one or every call returns 403 insufficient_scope.

Read-only in V1. All seven tools are reads. Write tools (e.g. update_q_answer) need careful auth, idempotency, and audit trails — they’ll land in V1.5.

What about ChatGPT, Gemini, Perplexity, Copilot?

Those clients don’t support MCP today. Use Model Export instead: qlows generates a paste-ready prep pack (markdown or JSON) you drop into any chat session. Same grounding, different transport.

Troubleshooting

missing_token / invalid_token: did you paste the full token including the qlw_live_ prefix? Check Settings → MCP for the token’s expiry. If you revoked it, mint a new one.

insufficient_scope: the token doesn’t have the scope required for the tool you called. Either re-issue with the right scopes, or use mcp:*.

deal_not_found: the deal_id doesn’t belong to the user who owns the token, or the deal was deleted. Call list_deals first to get valid IDs.

Claude Desktop doesn’t see qlows. Restart after editing the config. Validate the JSON — a trailing comma kills the whole config silently. Check ~/Library/Logs/Claude/mcp.log for errors.

Security

• Token in URL path.MCP clients today don’t reliably set Authorizationheaders for remote URLs, so tokens travel in the path. Treat the full URL as secret — don’t paste it into screenshots, log dumps, or PR descriptions.
• HTTPS-only. The endpoint refuses plain HTTP. Vercel enforces TLS.
• Hashed at rest. Tokens are stored as SHA-256 hashes. Plaintext is shown exactly once at creation.
• Revoke instantly. The Revoke button in Settings → MCP takes effect within milliseconds — the next API call from that token fails with invalid_token.
• Cross-tenant safe. All tool handlers scope queries by user_id. Guessing another user’s deal_id returns deal_not_found.

Help

Email hello@qlows.com with: your token’s display_prefix (visible in Settings → MCP, NOT the full token), the exact JSON-RPC request you sent (redact any user data), and the full response (codes plus correlation_id from the error body).