#MCP

Labor0 MCP setup uses workspace-scoped endpoints and Labor0 tokens managed from the authenticated app.

#Workspace endpoints

The authenticated Labor0 app shows the active workspace MCP endpoint, discovery metadata URLs, authentication snippet, and client setup snippets. Copy endpoint values from the app so they match the workspace you intend to use.

Endpoint inspection and endpoint rotation stay in the authenticated app.

#Labor0 tokens

Use a Labor0 user API token for MCP clients and user-scoped Labor0 APIs. Tokens are created from the authenticated app's API Keys widget, backed by WorkOS, and represent the signed-in user who created them.

Codex setup should use --bearer-token-env-var LABOR0_TOKEN with the token supplied through the environment instead of placing token values in command history or shared config. Claude Code and OpenCode setup should use the same user-token handling pattern with the workspace-specific snippets shown in the app.

Token creation, rotation, expiration, and revocation stay in the authenticated app. Public docs use placeholder environment-variable names, not real token values.

#Client setup

• Claude Code uses the workspace endpoint plus a Labor0 token.
• Codex uses the workspace endpoint and bearer-token environment variable.
• OpenCode uses the workspace-specific setup snippet from the app.

#Boundaries

Public docs describe the setup path for user-scoped tokens and workspace endpoints. Token creation, endpoint rotation, connector installation, source indexing, and workspace data-binding administration remain protected Labor0 app workflows.

Service principals, workspace runtime credentials, and stored connector secrets are separate protected admin concepts. They are not exposed through public MCP setup instructions.