MCP server
The Model Context Protocol (MCP) is the open standard for letting an agent in one tool reach into another tool’s data and capabilities. SprintLoop ships an MCP server so that whichever agent you’re running outside SprintLoop — Claude Desktop, Cursor, Cline, an internal automation — can read lanes, dispatch new ones, and pull from the audit ledger without a custom integration.
This is what lets a Claude Desktop session know “this is the lane that’s currently in flight on the auth refactor” without you copy-pasting from the workspace.
What the server exposes
The SprintLoop MCP server exposes three tool families:
| Family | Tools | What they do |
|---|---|---|
lanes.* | list, get, dispatch, cancel, pause, interrupt, signoff | Full lane lifecycle |
audit.* | query, export, verify | Read the workspace’s signed audit ledger |
context.* | bmad, policy, style, memory.search | Pull from the Context Engine |
Each tool’s input schema is JSON Schema. Each tool’s output is structured (no string outputs). The full schema is published at https://api.sprintloop.ai/mcp/schema and refreshed on every release.
The server does not expose anything that mutates billing, identity, or workspace settings. Those surfaces require web-app sign-off explicitly.
Connect from Claude Desktop
Claude Desktop reads MCP config from ~/Library/Application Support/Claude/claude_desktop_config.json on macOS or %APPDATA%\Claude\claude_desktop_config.json on Windows. Add a sprintloop entry under mcpServers:
{ "mcpServers": { "sprintloop": { "command": "npx", "args": ["-y", "@sprintloop/mcp-server"], "env": { "SPRINTLOOP_TOKEN": "sl_pat_..." } } }}Restart Claude Desktop. The sprintloop server will appear in the tools list. The first call mints a session against your workspace; subsequent calls reuse the session.
To get a token: SprintLoop Settings → API tokens → Create. Give the token a name (e.g., “Claude Desktop on my laptop”), pick a scope (lanes:read,lanes:write,audit:read,context:read is the default for MCP), and copy the value. Tokens are shown once; if you lose it, mint a new one.
Connect from Cursor
Cursor supports MCP servers via its .cursor/mcp.json file in the workspace root or ~/.cursor/mcp.json globally. The shape is identical to Claude Desktop:
{ "mcpServers": { "sprintloop": { "command": "npx", "args": ["-y", "@sprintloop/mcp-server"], "env": { "SPRINTLOOP_TOKEN": "sl_pat_..." } } }}Cursor reloads the config when the file changes, so no editor restart needed.
Connect from Cline
Cline (the open-source VS Code extension) reads from ~/Documents/Cline/MCP/cline_mcp_settings.json. Same shape:
{ "mcpServers": { "sprintloop": { "command": "npx", "args": ["-y", "@sprintloop/mcp-server"], "env": { "SPRINTLOOP_TOKEN": "sl_pat_..." } } }}Run the server directly
For homegrown MCP clients, run the server with stdio transport:
SPRINTLOOP_TOKEN=sl_pat_... npx -y @sprintloop/mcp-serverOr HTTP transport (recommended for hosted clients):
SPRINTLOOP_TOKEN=sl_pat_... npx -y @sprintloop/mcp-server --transport http --port 7301In HTTP mode the server speaks the MCP HTTP transport at http://localhost:7301. Health check at /health, schema at /schema, requests at /rpc.
What the tools look like in practice
A few of the most-used tools and their shapes:
lanes.list
Input:
{ "status": "open", "owner": "me", "limit": 20 }Output:
{ "lanes": [ { "id": "ln_2K8m...", "title": "Refactor auth refresh logic", "status": "open", "owner": "alex@acme.test", "scope_claim": ["apps/api/auth/**"], "harness": "claude-code", "started_at": "2026-05-09T14:22:11Z" } ], "next_page_cursor": null}lanes.dispatch
Input:
{ "title": "Add /healthz endpoint", "repo": "acme/payments", "scope_claim": ["apps/api/healthz/**", "package.json"], "harness": "codex", "brief": "Add a /healthz endpoint that returns the current commit SHA and a 200 status."}Output:
{ "lane_id": "ln_4F2p...", "url": "https://app.sprintloop.ai/lanes/ln_4F2p..." }audit.query
Input:
{ "lane_id": "ln_2K8m...", "since": "2026-05-08T00:00:00Z" }Output: a list of signed entries with fields entry_id, kind (tool_call, model_call, signoff, state_change), signature, signed_by, and an opaque payload_hash you can verify.
context.bmad
Input:
{ "lane_id": "ln_2K8m...", "dimensions": ["product", "policy"] }Output: the assembled context bundle for that lane, scoped to the requested dimensions.
Authentication and scope
Every tool call is authenticated via the bearer token. Tokens carry a scope set; calls outside the token’s scope return a SCOPE_DENIED error. Recommended scope sets:
- Read-only (audit dashboards, status surfaces):
lanes:read,audit:read,context:read. - Standard (most agents): the default — read everything, dispatch lanes, but no sign-off.
- Trusted automation (CI / scripted closers): add
lanes:signoff. Used when an external system has the right to attest.
Tokens have an optional repos field that further restricts which connected repos the token can dispatch into. Combined with scope, that gives you fine-grained control — a “QA bot” token that can read every lane but only dispatch into the qa-fixtures repo, for example.
Rate limits
The MCP server enforces:
- 60 requests per minute per token for read tools (
*.list,*.get,*.query). - 20 requests per minute per token for write tools (
*.dispatch,*.cancel,*.signoff).
Limits are per-token, not per-workspace. If you need higher limits for a specific automation, contact support — most workspaces never hit these.
Troubleshooting
“The server isn’t showing up in Claude Desktop.” Check that npx is on the PATH for the user Claude Desktop runs as (this bites people who installed Node via Homebrew but Claude Desktop runs from ~/Applications). The simplest fix is to install the server globally — npm i -g @sprintloop/mcp-server — and use command: "sprintloop-mcp" in the config.
“Authentication failed.” Tokens expire; check the token’s expiry on the API tokens page. If you’re seeing SCOPE_DENIED instead, the token doesn’t have the requested scope — mint a new one.
“lanes.dispatch returns POLICY_DENIED.” The workspace’s policy file is blocking the dispatch. Check Settings → Policy in the web app to see which rule fired and either amend the brief or dispatch a different scope.