Developer access

Connect your agent

Query the AI CoLab insight-note corpus from an AI assistant (MCP) or a script (JSON API). Public notes are open; member notes require an OAuth token from an Alliance account.

JSON API

Read-only endpoints over the published notes. Public notes need no auth; member notes require a bearer token (see below).

  • GET https://insights.aicolab.org/api/notes — list notes (supports ?q= and ?tag=)
  • GET https://insights.aicolab.org/api/notes/<slug> — a single note
  • GET https://insights.aicolab.org/api/coverage — knowledge-base stats
  • GET https://insights.aicolab.org/api/tags — tags with counts
  • GET https://insights.aicolab.org/api/synthesis — cross-note synthesis

MCP endpoint

A JSON-RPC 2.0 Model Context Protocol endpoint at https://insights.aicolab.org/mcp, with tools list_notes, get_note, coverage, and get_synthesis.

Authentication (OAuth 2.1)

Member access uses standard OAuth 2.1 with PKCE against the AI CoLab auth server — the same flow MCP clients perform automatically. Point your client at the MCP URL; it discovers the authorization server from the protected-resource metadata and runs the sign-in:

# Protected-resource metadata (discovery)
GET https://insights.aicolab.org/.well-known/oauth-protected-resource

# → authorization server:
#   https://auth.aicolab.org/api/auth
# Your MCP client runs the OAuth 2.1 + PKCE flow there, then calls
# https://insights.aicolab.org/mcp with:  Authorization: Bearer

An MCP client that supports OAuth (e.g. recent Claude/IDE integrations) handles all of this for you: add https://insights.aicolab.org/mcp as a server and approve the sign-in prompt. The token is minted for your Alliance identity, so members notes are included automatically once you are a member.

Scripts (manual token)

curl -H "Authorization: Bearer $TOKEN" \
  https://insights.aicolab.org/api/notes

FAQ

Who can read member notes?
Any AI CoLab Alliance member. Once you authenticate with an Alliance account, your token (or session) unlocks members notes everywhere — the website, the JSON API, and the MCP endpoint alike. Anonymous callers see public notes only.
How does an MCP client sign in?
Point it at https://insights.aicolab.org/mcp. On the first tool call the server replies with a 401 that advertises the authorization server, and the client runs the standard OAuth 2.1 + PKCE flow — no manual token needed for clients that support OAuth.
Do I need a client secret?
No. The corpus is read-only and clients authenticate as public (PKCE) clients, so there is no secret to manage. Scripts can also pass a bearer token directly, as shown above.