Skip to main content

Connect an LLM

emisar exposes your runners and their action catalog as a Model Context Protocol server. Two ways to plug an LLM in:

  • Remote MCP (Claude.ai, ChatGPT Apps, recent IDE clients) — paste one URL. emisar signs you in over OAuth; there is no API key or header to manage. This is the only way the cloud connectors work — their setup form has a URL field and nothing else.
  • Stdio bridge or static key (Claude Desktop, Claude Code, Cursor, Codex CLI, Gemini CLI, plain HTTP) — a tiny binary on your machine, or a raw bearer token, authenticated with an emk- API key.
The Connect-an-agent client picker: cloud clients (Claude.ai, ChatGPT Apps) and local/IDE clients (Claude Code, Claude Desktop, Cursor, Gemini CLI, Codex CLI). Cloud setup shows the OAuth MCP server URL; local setup mints a bearer key and shows per-client setup steps.
1

Connect a cloud LLM (recommended)

Claude.ai and ChatGPT Apps only need a URL — no header, no token field. emisar is a full OAuth 2.1 authorization server, so the connector discovers it from that URL, registers itself automatically, and sends you through a one-time emisar sign-in. The single value to enter:

remote MCP server URL
https://emisar.dev/api/mcp/rpc

Claude (claude.ai)

  1. Open Settings → Connectors (on Pro/Max it's Customize → Connectors).
  2. Click +Add custom connector.
  3. Paste the Remote MCP server URL above into the URL field.
  4. Leave Advanced settings (OAuth Client ID / Client Secret) empty — emisar registers your client for you via Dynamic Client Registration. Click Add.
  5. Claude opens an emisar tab. Sign in, review what the connector is asking for, and click Authorize. The connector flips on.
  6. Turn it on for a chat: the + button (lower-left of the composer) → Connectors → toggle emisar.

Team / Enterprise: only an Owner can add the connector, under Settings → Organization settings → Connectors → Add → Custom → Web. Members then open Customize → Connectors and click Connect to run the same sign-in.

ChatGPT

ChatGPT now calls custom MCP connectors apps. Developer mode exposes the app-creation flow for your own MCP server. Available on Plus, Pro, Business, Enterprise, and Education.

  1. Enable it once: Settings → Apps & Connectors → Advanced settings → turn on Developer mode.
  2. Open Settings → Connectors and click Create.
  3. Fill the form:
    • Connector nameemisar
    • Description — e.g. "Run approved infrastructure actions on my fleet."
    • Connector URL https://emisar.dev/api/mcp/rpc
    • Authentication — choose OAuth
  4. Click Create. ChatGPT sends you to an emisar sign-in → Authorize. If ChatGPT shows a token or header field, switch the authentication type back to OAuth.
  5. Use it from a new chat: click the + button near the composer, choose More, then select emisar. Seeing actions in settings only proves ChatGPT fetched metadata; this step adds the app to the conversation context so the model can call it.
  6. After changing emisar's tool metadata, open the connector in settings and choose Refresh before testing again.

ChatGPT connects to remote HTTPS MCP servers only — there is no stdio option. The emisar endpoint is already remote, so nothing extra to host.

What the sign-in grants

The consent screen mints a key bound to your membership. The connector can only run actions your policy already permits, every call is attributed to you in the audit log, and anything needing approval still waits for a human. Revoke access any time from LLM agents in the dashboard, or from the connector settings in Claude / ChatGPT.

2

Mint an API key (desktop, CLI & HTTP)

The clients in steps 3 and 4 authenticate with a raw key instead of OAuth. In the dashboard sidebar, click LLM agents. Pick your LLM client from the tab strip — we mint a key named after it and drop a prefilled snippet you can paste into the client's config.

The key itself carries no permissions to tune — what it may run is your account policy (risky actions pause for approval), and which runners it can reach is the runner scope of the member who mints it (set on the Team page). To hand one agent a tighter blast radius, mint it under a member whose runner scope is already narrow. A separate read-only audit-export token — minted on the audit page — ships the audit log to a SIEM and can never execute an action. The dashboard reveals the raw key once; copy and store it.

The cloud connectors in step 1 do not need an API key — they authenticate with OAuth. Mint a key only for the stdio bridge or plain-HTTP clients below.

3

Desktop & CLI clients (stdio bridge)

For clients that only speak stdio MCP — Claude Desktop, Claude Code, Cursor (local mode), Gemini CLI, Codex CLI — install the tiny emisar-mcp binary. It's a thin shim that forwards stdio JSON-RPC frames to the same /api/mcp/rpc endpoint. Every MCP semantic — tool descriptors, content blocks, wait_for_run — is implemented in the portal, so the bridge stays version-locked to the spec without you redownloading it.

Install

One-liner — auto-resolves the latest mcp-v* release, verifies sha256, drops emisar-mcp into /usr/local/bin:

terminal
$ curl -sSL https://emisar.dev/install-mcp.sh | sudo bash

Rather verify first? The bridge release carries SLSA provenance + a SHA256SUMS-MCP checksum file — see Release integrity.

Or go install (Go 1.26+):

terminal
# go install drops the binary at ~/go/bin/mcp; symlink it as emisar-mcp:
$ go install github.com/andrewdryga/emisar/mcp@latest
$ sudo ln -sf ~/go/bin/mcp /usr/local/bin/emisar-mcp

Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "emisar": {
      "command": "/usr/local/bin/emisar-mcp",
      "env": {
        "EMISAR_URL": "https://emisar.dev",
        "EMISAR_API_KEY": "emk-..."
      }
    }
  }
}

Restart Claude Desktop. Tools appear under the tool icon as "emisar".

Cursor

Same bridge. Cursor reads ~/.cursor/mcp.json:

{
  "mcpServers": {
    "emisar": {
      "command": "emisar-mcp",
      "env": {
        "EMISAR_URL": "https://emisar.dev",
        "EMISAR_API_KEY": "emk-..."
      }
    }
  }
}

Recent Cursor builds also speak remote MCP — point them at /api/mcp/rpc directly (step 1) if you'd rather skip the bridge.

Claude Code

One-line register, user scope (every project):

terminal
$ claude mcp add emisar /usr/local/bin/emisar-mcp \
    --scope user \
    -e EMISAR_URL=https://emisar.dev \
    -e EMISAR_API_KEY=emk-...

Verify with claude mcp list.

Gemini CLI

Add to ~/.gemini/settings.json:

{
  "mcpServers": {
    "emisar": {
      "command": "/usr/local/bin/emisar-mcp",
      "env": {
        "EMISAR_URL": "https://emisar.dev",
        "EMISAR_API_KEY": "emk-..."
      }
    }
  }
}

ChatGPT Codex CLI

Add to ~/.codex/config.toml:

[mcp_servers.emisar]
command = "/usr/local/bin/emisar-mcp"
env = { EMISAR_URL = "https://emisar.dev", EMISAR_API_KEY = "emk-..." }

Targeting a signed-dispatch runner? If a runner enforces signed dispatch, add EMISAR_SIGNING_KEY and EMISAR_SIGNING_CERT (printed by emisar signing init) to the same env block — the bridge signs every call so an enforcing runner will run it. Keep both secret, never on the portal. The cloud connectors in step 1 sign nothing, so they can't reach an enforcing runner.

4

Plain HTTP / your own agent

Same auth, same data, REST-shaped. Use these when wiring a custom agent (OpenAI tool calling, internal automation, generic curl) with an emk- key from step 2.

terminal
# Try it from a shell — should return the tool list.
$ curl -X POST https://emisar.dev/api/mcp/rpc \
    -H "Authorization: Bearer $EMISAR_API_KEY" \
    -H "Content-Type: application/json" \
    -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'
  • GET /api/mcp/runners — runners + the actions each advertises.
  • GET /api/mcp/tools — one entry per distinct action with full JSON Schema input descriptor.
  • POST /api/mcp/tools/:action_id?wait=15s — fire-and-forget or long-poll dispatch.
  • GET /api/mcp/runs/:id?wait=60s — fetch result; long-poll for pending approvals.

For OpenAI tool calling: pull /api/mcp/tools, forward each entry's inputSchema as a function parameter schema, and POST the model's chosen arguments back to /api/mcp/tools/:name?wait=30s. Every dispatch must include a reason — it's logged to the audit trail and shown to approvers — and an Idempotency-Key header makes a retry at-most-once.

Point your agent at real infrastructure — safely.

Set up a runner first, then connect Claude, ChatGPT, or Cursor to your account's MCP endpoint and let policy decide what runs.

Three runners. Seven-day audit. No credit card.