Setup

Getting Started

neuroflash offers an MCP server that connects AI assistants to the neuroflash API. It runs as a remote HTTP Streaming Transport server — there is nothing to download or install locally. You just point your MCP client to the server URL and authenticate with your neuroflash account.

Available at https://app.neuroflash.com/api/mcp-server/v1/mcp.

Claude Desktop

Claude Desktop has built-in support for remote MCP servers. To connect:

Open Settings (gear icon) and go to Connectors
Scroll down and click Add custom connector
Enter the server URL: https://app.neuroflash.com/api/mcp-server/v1/mcp and click Add
A browser window opens — log in with your neuroflash account to authorize the connection
Once connected, configure tool permissions (see below)

Need a visual walkthrough? Anthropic's Connect to remote MCP Servers guide has step-by-step screenshots of the connector setup flow.

⚠️ Important: Enable all tools after connecting

By default, claude.ai asks for your approval before each tool call. To allow the neuroflash MCP server to work without interruptions, you need to set all tools to auto-approve once after connecting:

Open Settings → Connectors → neuroflash → Tool Permissions

Next to Read-only Tools, click Custom and select Allow All

Next to Write/Delete Tools, click Custom and select Allow All

Without this step, most tool calls will silently fail with a "No approval received" error because the approval dialog is not visible during automated use.

Cursor

Cursor uses a custom URL scheme (cursor://) for OAuth callbacks, which the neuroflash MCP server does not accept for security reasons (the MCP authorization spec requires HTTPS or localhost). To connect Cursor, use the mcp-remote bridge — a small npx-runnable proxy that handles OAuth on a localhost callback and forwards requests to the remote server.

Configuration

Add the following to .cursor/mcp.json in your project root (or global Cursor MCP config at ~/.cursor/mcp.json):

json
{
  "mcpServers": {
    "neuroflash": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://app.neuroflash.com/api/mcp-server/v1/mcp"
      ]
    }
  }
}

The first time you use the server, mcp-remote opens a browser window for you to log in with your neuroflash account. The OAuth callback lands on a temporary http://127.0.0.1:PORT/callback URL that mcp-remote runs locally — this is the loopback redirect pattern recommended for native apps by RFC 8252. Tokens are cached in ~/.mcp-auth/ so you only authenticate once.

Why not connect directly?

Earlier versions of the docs suggested the simpler form:

json
{ "mcpServers": { "neuroflash": { "url": "https://app.neuroflash.com/api/mcp-server/v1/mcp" } } }

This stops working as of the 2026-04-21 OAuth hardening release — Cursor's hardcoded cursor://anysphere.cursor-mcp/oauth/callback redirect URI is not in the allowlist. Allowing it would re-open the open-redirect class of attack we just closed. Other OAuth providers (Qlik, Posit Connect, etc.) hit the same issue and the mcp-remote bridge is the standard workaround.

Tip: Run npx -p mcp-remote@latest mcp-remote-client https://app.neuroflash.com/api/mcp-server/v1/mcp from the terminal first to walk through the auth flow and verify everything works before configuring Cursor.

Note: Cursor auto-approves tool calls by default. No additional permission step is required.

Other MCP Clients

Any MCP client that supports HTTP Streaming Transport can connect to the neuroflash MCP server. Just provide the server URL:

text

https://app.neuroflash.com/api/mcp-server/v1/mcp

The server implements standard OAuth 2.0 with PKCE for authentication. Your client will handle the login flow automatically — provided its OAuth redirect_uri is one of:

An HTTPS URL on claude.ai or any *.anthropic.com subdomain
A loopback URL on localhost or 127.0.0.1 (any port) — the recommended pattern for native apps per RFC 8252

Most clients (Cline, Continue.dev, VS Code-based clients, custom mcp-go/mcp-typescript SDK clients) use loopback by default and just work. Clients that hardcode a custom URL scheme (Cursor's cursor://, some mobile apps) need to go through the mcp-remote bridge — see the Cursor section above for the exact config.

Note: Check your MCP client's settings for tool approval policies. If the client requires per-call approval, look for a way to set all neuroflash tools to auto-approve, or your tool calls may silently fail.

MCP_MODE Options

The MCP_MODE setting controls which interaction styles are available to the LLM. This is configured by the server administrator, not by end users.

`MCP_MODE`	Mode Name	Tools
`tools`	Traditional	88 + `execute_plan` + `search_api`
`plan`	Plan	`execute_plan` + `search_api`
`layered`	Exploratory	`discover` + `query` + `compare` + `execute_plan` + `search_api`
`all`	All Modes (default)	everything

plan is the most efficient option for any workflow that needs more than one API call — the LLM submits a typed JSON plan and the server orchestrates the steps.

See the Modes page for what each interaction style does.

Usage & Limits

API usage counts against your plan

All operations performed via the MCP server — text generation, image generation, brand voice imports — consume the same workspace quotas as usage through the neuroflash UI. There is no separate MCP allowance. If your workspace runs out of tokens or image credits, MCP tool calls will fail in the same way they would in the app.

Checking your current quota

Use the get_workspace_quotas direct tool, or fetch all quota types in a single round-trip with execute_plan:

json
{
  "version": "1",
  "steps": [
    {"id":"all","call":{"method":"GET",
      "path":"/api/usage-service/v1/workspaces/{workspace_id}/quotas"},
     "args":{"workspace_id":"$ctx.workspace_id"}},
    {"id":"tokens","call":{"method":"GET",
      "path":"/api/usage-service/v1/workspaces/{workspace_id}/quotas/{usage_type_key}"},
     "args":{"workspace_id":"$ctx.workspace_id","usage_type_key":"tokens"}},
    {"id":"images","call":{"method":"GET",
      "path":"/api/usage-service/v1/workspaces/{workspace_id}/quotas/{usage_type_key}"},
     "args":{"workspace_id":"$ctx.workspace_id","usage_type_key":"images"}}
  ],
  "return": {"all":"$all","tokens":"$tokens","images":"$images"}
}

The plan resolves $ctx.workspace_id automatically from the authenticated session. Available usage type keys are returned by the list_usage_types tool (no workspace_id required).

Plan-level resource limits

Some resources are capped at the plan level, independently of token or image quotas:

Brand voices — Free plan workspaces have a maximum number of brand voices they can store. Call the get_brand_voice_limits direct tool. The response's create object exposes currentUsage, limit, and isUnlimited.

Target audiences — Similarly capped on lower-tier plans. Call the get_audience_limits direct tool. The response's create object exposes usage, limit, and isUnlimited.

Attempting to create a resource beyond the plan limit returns a 403 error with a clear message. Upgrade your plan in the neuroflash workspace settings to increase these limits.

Daily vs monthly limits

Token and image quotas have both a monthly limit (resets each billing cycle) and a daily limit (resets at midnight UTC). The usedAmountDaily and limitAmountDaily fields in the quota response reflect the daily dimension. If the daily limit is reached before the monthly one, tool calls will fail until the daily reset.