-
-
Notifications
You must be signed in to change notification settings - Fork 39
Connect to AI Clients
🚨 Existing users: you'll need to redeploy and update your client configs to include the token. Existing connections without auth will now return 401.
If you use Claude Code and/or Codex CLI, skip the manual steps below — paste your worker URL into one command and you're done:
# macOS / Linux / WSL / Git Bash
curl -fsSL https://raw.githubusercontent.com/rahilp/second-brain-cloudflare/main/scripts/connect-ai-clients.sh | bash -s -- https://YOUR-WORKER-URL# Windows (PowerShell)
iex "& { $(irm https://raw.githubusercontent.com/rahilp/second-brain-cloudflare/main/scripts/connect-ai-clients.ps1) } -WorkerUrl https://YOUR-WORKER-URL"This appends the global system instructions to ~/.claude/CLAUDE.md and ~/.codex/AGENTS.md, and registers the /mcp endpoint with whichever of the two CLIs you have installed — using OAuth, so your AUTH_TOKEN never touches the script, your shell history, or a config file. The only thing you need on hand is your worker URL.
On first use, each client opens your browser to the worker's hosted login page; enter your AUTH_TOKEN there to complete the one-time OAuth handshake. (If you connect both clients in the same browser session, you may only be asked once.)
The script is safe to re-run — it detects existing instruction blocks (including ones you pasted manually following the steps below) and existing MCP registrations, and skips them rather than duplicating.
Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"second-brain": {
"command": "npx",
"args": [
"mcp-remote",
"https://<your-worker-url>/mcp",
"--header",
"Authorization: Bearer <your-token>"
]
}
}
}Replace <your-worker-url> with your Cloudflare Worker URL and <your-token> with your AUTH_TOKEN.
Restart Claude Desktop, then add the custom instructions from the CLAUDE_INSTRUCTIONS.md file to Settings → Custom Instructions.
💡 The one-line setup above does this for you, including OAuth — no token to copy or paste. The steps below are the manual equivalent.
claude mcp add --transport http second-brain https://<your-worker-url>/mcpNo --header or token needed — Claude Code detects that the endpoint requires OAuth, registers itself, and opens your browser to the worker's hosted login page on first use. Enter your AUTH_TOKEN there to authorize.
Create ~/.claude/CLAUDE.md with the instructions from CLAUDE_INSTRUCTIONS.md.
💡 The one-line setup above does this for you, including OAuth — no token to copy or paste. The steps below are the manual equivalent.
codex mcp add second-brain --url https://<your-worker-url>/mcpCodex CLI detects that the endpoint requires OAuth and starts the login flow itself — no separate login command, header, or token needed. Follow the printed URL to authorize in your browser.
Create ~/.codex/AGENTS.md with the instructions from CODEX_INSTRUCTIONS.md.
Go to claude.ai/customize/connectors, click + next to Connectors, then select Add custom connector:
| Field | Value |
|---|---|
| Name | Second Brain |
| Remote MCP server URL | https://<your-worker-url>/mcp?token=<your-token> |
⚠️ Security note: This embeds your token in the URL. URLs can appear in browser history, server logs, and referrer headers. Use only if you accept that risk.
This makes your second brain available in the claude.ai web app and the Claude iOS and Android apps automatically.
Go to chatgpt.com → Settings → Apps → Create App:
| Field | Value |
|---|---|
| Name | Second Brain |
| Connection | https://<your-worker-url>/mcp?token=<your-token> |
| Authentication | No Auth |
⚠️ Security note: This embeds your token in the URL. URLs can appear in browser history, server logs, and referrer headers. Use only if you accept that risk. Claude Desktop and Claude Code use header-based auth which is safer.
For ChatGPT custom instructions, see CHATGPT_INSTRUCTIONS.md.
If the client supports custom HTTP headers, use:
{
"mcpServers": {
"second-brain": {
"url": "https://<your-worker-url>/mcp",
"headers": { "Authorization": "Bearer <your-token>" }
}
}
}If the client does not support custom headers, embed the token in the URL:
https://<your-worker-url>/mcp?token=<your-token>
⚠️ Security note: Embedding your token in the URL is less secure than header-based auth. URLs can appear in browser history, server logs, and referrer headers. Use only if you accept that risk.