DecisionOps Documentation
IDE & MCP

MCP Authentication

Authorize DecisionOps from the IDE so MCP requests can search, draft, validate, and publish decisions securely.

Use this page when your IDE already has the DecisionOps MCP server configured and you want to understand what happens on the first tool call. This is the shared authorization flow for supported IDE and MCP clients.

Why The First Tool Call Stops For Auth

DecisionOps uses OAuth authorization code flow with PKCE for IDE and MCP clients. When your editor sends the first request without a valid access token, the MCP server responds with an auth challenge instead of silently failing. That challenge tells the client where to begin the DecisionOps authorization flow.

This is expected behavior. It does not mean the MCP config is broken.

What You Need First

Before you start, make sure you have:

  • a supported IDE with the DecisionOps MCP server configured
  • access to the DecisionOps organization you want to authorize
  • a browser available to complete the sign-in and consent steps

If you are already signed in to the DecisionOps dashboard, the browser handoff is usually shorter. If you are not signed in, the consent flow will prompt you to log in first.

First-Run Authorization Flow

The full flow usually looks like this:

  1. You invoke a DecisionOps tool from the IDE.
  2. The IDE receives an auth challenge from the MCP server.
  3. Your browser opens the DecisionOps authorization page.
  4. You sign in if needed.
  5. You confirm the organization and requested access.
  6. You approve the consent request.
  7. You return to the IDE and retry the same tool call.

That last step matters. The browser flow grants access, but it does not automatically replay the original MCP request in every client.

Confirm That Authorization Worked

After the retry succeeds, open /integrations/agents in the dashboard. The connected clients list should show the IDE you just authorized. This gives you a quick way to confirm that the grant exists and that the platform is associated with the organization you expected.

Once authorization is complete, continue with:

Troubleshooting

If the browser says your session expired, sign in again and repeat the tool call. If you accidentally deny consent, rerun the tool to trigger a fresh authorization request. If the grant appears in the dashboard but the IDE still cannot call tools, check that the local config still points to decision-ops-mcp at https://api.aidecisionops.com/mcp. If the wrong organization shows up during consent, stop there and switch to the correct organization before approving access.

Connect From Antigravity

Use this guide when you want to connect DecisionOps from Antigravity. Like Codex, Antigravity is modeled as a user-scoped MCP integration, but the config path is environment-driven instead of fixed to a single well-known file.

Search Decisions While Coding

Use this workflow when you want to understand what has already been decided before making a new choice in code. Searching first helps you avoid duplicate records, spot organization-wide defaults, and reuse language or rationale that is already accepted.

On this page

Why The First Tool Call Stops For AuthWhat You Need FirstFirst-Run Authorization FlowConfirm That Authorization WorkedTroubleshooting