Documentation

Add a .mcp.json file to the root of your repository pointing at the Tseha MCP server:

{
  "mcpServers": {
    "tseha": {
      "url": "https://tseha.io/mcp"
    }
  }
}

That is the whole configuration. The first time your agent connects, it opens an OAuth sign-in (via Auth0) in your browser; approve it once and the agent is connected. From then on, the agent queries Tseha automatically on the tasks it performs. You can find your ready-to-copy snippet on the dashboard under MCP Connection.

The same server URL works for any MCP client. Where the config lives depends on the client:

• Claude Code — a .mcp.json file in your project root (shown above), or run claude mcp add --transport http tseha https://tseha.io/mcp.
• Cursor — add the same mcpServers block to .cursor/mcp.json (per project) or ~/.cursor/mcp.json (global).
• Other MCP clients (GitHub Copilot with MCP support and any tool implementing the protocol) — point the client at the server URL https://tseha.io/mcp using the HTTP transport.

• OAuth 2.1 + PKCE. Authentication happens automatically on first connection — there is no API key to paste. Tseha publishes standard discovery documents (/.well-known/oauth-authorization-server and /.well-known/oauth-protected-resource) and supports dynamic client registration, so compliant clients configure themselves.
• Scope. The issued token is scoped to your organization and your role. Read and write access over MCP follow your role (Owner, Admin, Developer can write; User is read-only), and project visibility is enforced on top of that.
• Revocation. Membership and role are re-checked on every request, so removing a member or changing a role takes effect immediately — no token rotation needed. Signing out ends the session. Administrative token actions are recorded in the audit log.

Tseha exposes granular, read-oriented tools so your agent fetches only what it needs for the current task (lazy loading) rather than a bulky snapshot:

A typical sequence while writing code: list_components → search_components → get_component → get_style_tokens. Your source code is never sent to Tseha; the server only serves the standards you publish.

• Rate limit. 120 requests per minute per token (sliding window). Exceeding it returns HTTP 429 with a Retry-After header. Enterprise plans can configure custom limits.
• Response size. A single tool response is capped (~25,000 tokens). Oversized results are truncated with a hint to use a more specific tool (for example get_component instead of the full list_components payload).

Errors follow JSON-RPC 2.0. The ones you are most likely to see:

• -32001 — unauthorized (missing/invalid session or inaccessible project).
• -32002 — rate limit exceeded.
• -32004 — no component package assigned to the project.
• -32020 — components not yet indexed for semantic search.

• The agent never prompts to sign in. Confirm the server URL is exactly https://tseha.io/mcp and that your client supports the MCP HTTP transport; restart the client after editing the config.
• 401 / unauthorized. Your session expired or your membership/role changed — sign in again. If you were removed from the organization, access stops immediately by design.
• 429 / rate limited. Back off and respect the Retry-After header.
• Empty component results. The project has no package assigned (-32004), or its components have not been indexed yet (-32020) — an Admin can assign a package and trigger indexing from the admin panel.
• Still stuck? Email [email protected].