Ablo logoAblo
DocsSign inJoin the waitlist
Model Context Protocol

Your sync engine, in any AI assistant. One command.

Ablo ships an MCP server out of the box. Connect Claude Code, Cursor, Windsurf, or any MCP client and your resources become typed, callable tools — with capability-scoped writes and intent-mediated coordination intact.

Get startedMCP docs
terminal
# Claude Code
claude mcp add --transport http ablo https://<your-app>/api/mcp

# Cursor / Windsurf — drop into mcp.json
{
  "mcpServers": {
    "ablo": {
      "transport": "http",
      "url": "https://<your-app>/api/mcp"
    }
  }
}

Tools, derived from your schema.

Every resource you declare becomes an MCP tool with a real JSON schema, real argument types, and real error messages. The assistant never invents fields, never hallucinates IDs, and gets a typed rejection the second it tries to write stale state.

  • Read tools return data + a stamp the assistant must echo on write.
  • Write tools require the stamp and accept an optional intent — same flow as the SDK.
  • List + filter tools for discovery, with cursor-based pagination.
tool-spec.json
// What the assistant sees — auto-derived from your schema.
{
  name: 'task.update',
  description: 'Update a task record. Subject to intent + capability scope.',
  inputSchema: {
    type: 'object',
    required: ['id', 'patch', 'readAt'],
    properties: {
      id:     { type: 'string' },
      patch:  { type: 'object', properties: { status: { type: 'string' } } },
      readAt: { type: 'string', description: 'Stamp from the prior retrieve.' },
    }
  }
}
mint-session-key.sh
# Mint a session-scoped capability for the assistant, not a long-lived key.
curl -X POST https://<your-app>/api/orgs/acme/keys \
  -H 'Authorization: Bearer $SYNC_ADMIN_KEY' \
  -d '{
    "label": "claude-code dev session",
    "scope": { "resource": "tasks", "operations": ["read", "update"] },
    "lease": "8h"
  }'

Scoped credentials, not long-lived keys.

Don't hand the assistant your root API key. Mint a session-scoped capability — one resource type, one set of operations, eight hours — and revoke it from the dashboard when the session ends. If the model ever leaks the token, the blast radius is bounded by what you signed.

The same capability primitives the agent runtime uses are what the MCP transport threads through every request. One auth model, one audit trail.

Connect your assistant

Claude Codeclaude mcp add --transport http …CursorDrop the JSON into mcp.json and restart.WindsurfSame JSON, same shape, same transport.