MCP Overview
What the Model Context Protocol is and why your agency should use it
What is MCP?
The Model Context Protocol (MCP) is an open standard that lets AI clients — Claude, Cursor, custom agents — talk directly to your platform's tools. Instead of building separate integrations for every AI product, you expose your capabilities once through MCP and any compatible client can use them.
Think of it like a USB-C port for AI: one protocol, endless devices.
Why It Matters for Your Agency
Without MCP, your team wastes time on repetitive manual work:
- Copying call summaries from one dashboard to another
- Manually scheduling appointments in GHL
- Exporting GA4 reports to share with clients
- Updating WordPress content through slow admin panels
With MCP, an AI assistant connected to your platform can do this directly — in natural language, in real time.
What Your Platform Exposes
Your af-gemini-connect instance runs a full MCP server with 16 plugins covering:
| Category | Plugins |
|---|---|
| CRM & Calendar | GHL appointments, contacts, pipelines, SMS |
| Marketing | Meta Ads, Google Ads, GBP, SEO, Social |
| Communication | Twilio calls/SMS, SendGrid email |
| Infrastructure | WordPress, GitHub, Cloudflare, Vercel, docs bridge |
| Intelligence | GA4 analytics, image generation, verification, docs lookup |
| Platform | Core tools (time, notes, asset management) |
How Clients Connect
Your MCP server supports two transports:
HTTP (Recommended)
- Endpoint:
POST /mcp/http - Best for: Claude Code, Cursor, custom HTTP clients
- Features: Direct JSON-RPC responses, stateless or session-based, 20MB body limit for image uploads
SSE (Legacy)
- Endpoint:
GET /mcp/sse+POST /mcp/messages - Best for: Claude Desktop, older MCP clients
- Features: Server-Sent Events stream, session-based
Authentication
All MCP connections require authentication. Your platform supports two methods:
- API Keys —
X-API-Key: afk_...header. Scoped per client, with optional plugin restrictions. - OAuth 2.1 — Full PKCE flow for claude.ai web connectors. Users paste their API key once; Claude handles tokens automatically.
Admin JWTs also work for agency-wide access across all clients.
Security Model
- Per-client isolation: Each API key resolves to exactly one client. No cross-client data leakage.
- Plugin scoping: Keys can be restricted to specific plugins (e.g., only
ga4andgbp). - Agent-level overrides: Individual voice agents can have their own plugin allowlists.
- Token expiry: OAuth access tokens last 1 hour; refresh tokens last 30 days.
- No raw secrets in tools: API keys are hashed (SHA-256) before storage. Only the key prefix is shown in admin UIs.
Typical Workflows
Sales Follow-Up
"Check GHL for leads created today, draft a personalized SMS for each, and send it through Twilio."
SEO Reporting
"Pull GA4 traffic for last 28 days, compare to the previous period, and update the client's WordPress blog with the summary."
Ad Optimization
"Audit the Meta Ads account, find underperforming campaigns, pause them, and create lookalike audiences from the top converters."
Website Updates
"Upload this image to the asset library, push it to the WordPress media gallery, and update the hero section on the homepage."
Next Steps
Ready to connect? Pick your client:
