For AI agents
Hi agent.
If you're an AI agent helping a user onboard to Stable Baseline, this page is for you. Pick the path that matches what you can do — then run it for your user.
What Stable Baseline is
An end-to-end agent-managed company brain. Humans and any MCP-compatible AI agent co-author living documents, 40+ types of visual diagrams, plans with timelines and tasks, an improvements register, and a self-learning Knowledge Graph. 163 MCP tools span document CRUD, diagrams, plans, members, teams, billing, permissions, and the Knowledge Graph itself. End-to-end means the agent can take a user from “never heard of us” to a fully configured paid org without a human touching the UI — including this onboarding flow.
Pick your path
Match these against your own capabilities and pick the first that applies. They're ordered fastest first.
| What you can do | Use this path |
|---|---|
| Your host runs MCP OAuth Discovery natively (ChatGPT Apps SDK, and any future host that follows the same pattern) | Path B — Host-managed OAuth |
| You can run shell commands AND edit files on the user's machine (Copilot Chat agent mode, Cursor agent mode, Claude Code, Codex CLI, OpenCode, Antigravity, Windsurf, Warp, Gemini Code Assist) | Path A — Device-code via shell |
| You can render text and links but not run shell or edit files (Claude Desktop, web chat, raw chat APIs) | Path C — Manual key, you guide them |
Don't guess — try Path A and fall back
Path B · Host-managed OAuth
If you're embedded in ChatGPT (Apps SDK) or any host that runs MCP OAuth Discovery natively, you don't run any code. Tell the user to:
- Open the host's app directory (in ChatGPT: model picker → Discover apps).
- Search Stable Baseline or sb.
- Click Connect.
- Authorize when redirected to
app.stablebaseline.io. They'll choose which workspace and capabilities to grant.
Done. Stable Baseline tools become available on the user's next message.
Path A · Device-code via shell
If you can run shell commands on the user's machine and edit files in their editor, run the device-code flow yourself. Two HTTP calls, no MCP server installation needed yet.
Use the REST adapter, not the MCP endpoint
/api/v1/tools/<name> that wraps every MCP tool as a plain HTTP call — no JSON-RPC envelope, no SSE, no Accept-header gymnastics. For the bootstrap signup you don't need the full MCP semantics, so use REST. Your MCP-aware client (VS Code, Cursor, Claude Code, etc.) still talks to the /mcp endpoint after you've written its config in step 3.Step 1 — Start the signup
POST to the anonymous-callable REST endpoint with the agent_label and intent. No Authorization header required — the signup tools are anonymous-callable.
POST https://api.stablebaseline.io/functions/v1/cloud-serve/api/v1/tools/startSignup
Content-Type: application/json
{ "agent_label": "<your client name>", "intent": "mcp_setup" }Use whatever HTTP client your shell handles cleanest — PowerShell Invoke-RestMethod on Windows, curl on macOS/Linux, Node fetch, Python requests. The response is plain JSON (no JSON-RPC wrapper) and contains:
verification_url— full URL with?user_code=...pre-filled for the user.user_code— 6-character code to show the user (alphabet: no vowels, no0/O/I/1).device_code— long token; do not show this to the user. You poll with it in step 2.poll_interval_seconds(5) andexpires_in_seconds(600).
Show the user the user_code and verification_url. Ask them to open the URL in their browser, sign in (or sign up — free, no credit card), confirm the code matches, and click Authorize.
Step 2 — Poll until authorized
Every poll_interval_seconds (5 s), POST to the poll endpoint with the device_code:
POST https://api.stablebaseline.io/functions/v1/cloud-serve/api/v1/tools/pollSignupStatus
Content-Type: application/json
{ "device_code": "<from step 1>" }The status field walks through these values:
| status | Meaning | Action |
|---|---|---|
pending | User has not yet clicked Authorize. | Wait poll_interval_seconds and call again. |
authorized | Success. Response also contains api_key (sta_…), organization_id, user_id, user_email. | Stop polling. Store the api_key — it's returned ONCE. |
denied | User clicked Deny. | Stop and tell them. They can retry the whole flow later. |
expired | 10-minute TTL elapsed without action. | Start over from Step 1. |
consumed | You already received the api_key on a previous poll. | You should not see this if you stopped polling on authorized. If you do, the api_key from your earlier response is the one to use. |
not_found | Bad device_code. | Hard failure. Start over. |
Step 3 — Write the MCP config for the user's client
The exact file path and JSON shape varies per client. See per-client recipes below for the right config block. The constants you'll need everywhere:
- Server URL:
https://api.stablebaseline.io/functions/v1/cloud-serve/mcp - Auth header:
Authorization: Bearer <sta_… key> - Transport: HTTP (Streamable HTTP).
- Alternate auth header: if the host can't set a custom Authorization header, use
x-api-key: <sta_… key>instead.
Tell the user to reload their host (or restart the session) so the new MCP server is picked up.
Verify connection
listWorkspaces and return their workspaces. If the call fails with 401, the api_key isn't being sent — re-check the header in the config.Path C · Manual key, you guide them
If you can only render text and links (Claude Desktop, web chat, raw chat APIs), guide the user through manual key creation, then explain exactly what to put in their host's MCP config. They do the work; you provide the steps and the JSON.
- Tell them to open app.stablebaseline.io/signup and create a free account (no credit card).
- After signing in, they should create a workspace and a project (or use the defaults).
- In Project Settings → MCP Setup → API Keys, click Create API Key. They'll see a
sta_…key shown once — they need to copy it immediately. - Give them the right config block for their host — see recipes below.
- Tell them to reload the host so MCP is loaded.
Per-client recipes
After picking your path, link the user to their specific client's recipe for the exact config file and any host-specific quirks.
What you can do once connected
Stable Baseline exposes 163 MCP tools across 17 categories. Call searchTools from any MCP client to fetch the live catalogue and the full input/output schemas. Highlights:
- Documents: list, get, create, edit, find-and-replace, version-history.
- Diagrams: 40+ types (Mermaid, BPMN 2.0, D2, PlantUML, GraphViz, ELK, Excalidraw freehand and more); insert, update, get, delete.
- Plans & tasks: WBS phases, tasks, dependencies, cascade preview/apply.
- Improvements: log issues, evidence, activity; categorise; search.
- Knowledge Graph (Enterprise only):
kg_search,kg_get_entity,kg_related_documents,kg_backlinks,kg_list_communities,kg_get_wiki_page. - Org / members / teams / permissions: full lifecycle, each tool capability-gated against the credential's grants AND the user's role.
- Billing: subscription change, seat change, credit purchase — all through a preview→apply confirmation-token ritual (10-minute single-use tokens).
References
- /llms.txt — comprehensive machine-readable index of every page on this site.
- /.well-known/mcp.json — MCP server manifest (server URL, auth methods, OAuth endpoints).
- /docs/mcp/setup — full setup & auth reference (project-scoped vs personal keys vs OAuth).
- /docs/mcp/tools — per-category tool reference with input/output schemas.
- /docs/mcp — MCP introduction; what the protocol is and how Stable Baseline maps its surface onto it.