Skip to content
Cavaridge Docs

Connect Cavaridge to Claude

Cavaridge™ ships as an MCP provider. Connect once and every Cavaridge product is available as tools, resources, and prompts inside Claude — chat, document analysis, posture scans, quotes, the lot.

Prerequisites

Section titled “Prerequisites”
  • Claude Desktop (recommended) or claude.ai with MCP connector support
  • A Cavaridge tenant + account (sign up at cavaridge.app)
  • Permission to create OAuth clients on your tenant (MSP Admin, Platform Admin, or Individual Owner)

Add the connector

Section titled “Add the connector”
  1. In Claude, open Settings → Connectors → Add custom connector.
  2. Server URL: pick the product surface(s) you want — most common is https://mcp.cavaridge.app/forge for Cavaridge AI tools, or https://mcp.cavaridge.app/aegis for AEGIS posture scanning.
  3. Auth method: OAuth 2.1 with PKCE (Claude handles the flow).
  4. Authorize URL: https://auth.cavaridge.app/oauth/authorize
  5. Token URL: https://auth.cavaridge.app/oauth/token
  6. Scopes: pick the minimum sufficient scopes for your use case. The MCP portal at api.cavaridge.app/mcp lists what each scope grants.

Claude opens the Cavaridge OAuth consent page in your browser. Sign in, review the scopes, click Allow.

Verify

Section titled “Verify”

Back in Claude, ask:

List my AEGIS scans

If you connected mcp.cavaridge.app/aegis, Claude calls the aegis.list_scans tool and renders the result inline.

Add more product surfaces

Section titled “Add more product surfaces”

Connect each product server independently. The audit log treats every connection separately, so you can revoke a single product without affecting the others.

Where to manage connections

Section titled “Where to manage connections”

Trust contract

Section titled “Trust contract”

When Claude calls a Cavaridge tool on your behalf, the platform:

  • Records the invocation in your audit log (you own the trail)
  • Enforces minimum-sufficient-scope on every tool call
  • Returns confirmation_required for destructive tools — Claude must surface the prompt before re-invoking with confirmed: true
  • Honors UTM tenant boundaries — cross-tenant calls return 403 forbidden_cross_tenant

You can revoke any connection from the API portal at any time. Revocation is immediate.