J77 exposes its content pipeline as a Model Context Protocol tool. ChatGPT, Claude, Cursor, and any MCP-aware client can call it directly — researched, verified, publish-ready content delivered into the agent loop.
OAuth 2.1 with PKCE keeps your account safe; the consent UI lets you grant the minimum scope each assistant needs.
We ship the foundation first — the parts that secure your account and prove the integration works end-to-end. The tool surface is landing right behind it.
RFC 9728 + RFC 8414 endpoints serve metadata; clients auto-discover.
RFC 7591 — assistants register themselves, no manual config needed.
Users approve j77:read / j77:write per assistant before any token is minted.
Supabase issues ES256 JWTs with a j77_scopes claim driven by your consent.
List or revoke any connected assistant from Settings → Connections.
Tools and resources land this quarter. Infrastructure above is shipped.
The MCP client and J77 use a standard OAuth 2.1 authorization-code flow with PKCE. No shared secrets, no API key handoff.
The assistant fetches /.well-known/oauth-authorization-server and /.well-known/oauth-protected-resource on api.j77.ai. It learns where the authorization server is and which scopes are available.
The assistant registers itself at /auth/v1/oauth/clients/register and receives a client_id + client_secret. No manual setup on either side.
Supabase redirects you to j77.ai/oauth/consent. You choose which scopes the assistant gets (j77:read is always granted; j77:write is opt-in).
The assistant exchanges its auth code at /auth/v1/oauth/token. Supabase issues an ES256 JWT carrying your sub, the assistant’s client_id, and a j77_scopes claim populated by your consent. That token authorizes calls to /mcp.
Every tool on J77 falls under one of these two scopes. Granted scopes are baked into the assistant's token by our access-token hook on every mint.
j77:readRead your account, balance, builds, deliverables, and library.
list_targets · get_build · get_deliverable · account_summary · token_balancej77:writeCreate builds, generate audio/images, modify your library, share deliverables.
create_build · generate_image · generate_audio · share_deliverable · update_libraryThe example tool names above are the planned surface for the tool launch this quarter. The OAuth + scope layer is live now and will gate them on day one.
Same URL for every client: https://api.j77.ai/mcp. Pick the client below and copy the snippet.
# 1. Start MCP Inspector (no install — npx)
npx @modelcontextprotocol/inspector
# 2. In the Inspector UI:
# Transport: Streamable HTTP
# Server URL: https://api.j77.ai/mcp
# Click Connect — Inspector handles DCR + OAuth in a popup.First connection prompts the browser-based OAuth flow. After approval, the token is cached by the client until you revoke it.
Every consent ends up in Settings → Connections. You see which assistants you've authorized, when each one last called J77, and a single Revoke button per row.
Revoking deletes the grant and Supabase invalidates the assistant's session — the next call from that client gets a 401.
Same tokens as the web app. The first 100 read-tool calls per day are free; token-consuming tool calls (builds, audio, images) burn the same token balance you spend from the dashboard.