Skip to main content
agno connect
agno connect finds your running AgentOS, mints one service-account token per coding agent when the AgentOS has authorization enabled, writes each client’s MCP configuration, and verifies every entry with a real MCP handshake. Your coding agents can then run your agents, teams, and workflows through the AgentOS MCP server. The AgentOS must have its MCP server enabled:
agent_os = AgentOS(
    agents=[...],
    mcp_server=True,
)

The Execution Flow

  1. Discover. Resolve the AgentOS from --url, AGENTOS_URL (the environment variable, or a project .env.production / .env file), or a localhost probe, then read its version, MCP path, and auth mode from GET /info.
  2. Authenticate. When authorization is enabled, resolve an admin credential from AGNO_ADMIN_TOKEN or OS_SECURITY_KEY, or prompt for it.
  3. Mint. When authorization is enabled, create one service account per client (named claude-code, cursor, and so on) with the server’s default run and read scopes and a 90-day expiry. An unsecured AgentOS connects without credentials.
  4. Write. Add an MCP server entry, named after your AgentOS (agentos when it has no name), to each client’s own config file.
  5. Verify. Read the entry back the way the client would resolve it, then complete an MCP initialize and tools/list call against the AgentOS with the configured token.
  6. Report. Print per-client results: connected, sign in, already ok, skipped, action needed, or failed.
When the MCP endpoint is OAuth-protected, nothing is minted: entries are written without tokens and each app completes a one-time sign-in (sign in in the report). Pass --pat to mint tokens anyway, for headless clients. Re-runs are safe. Entries that still verify are left alone, and --skip-existing never touches anything that exists. Broken or stale entries are rotated after a confirmation prompt in interactive runs; non-interactive runs (--json or no TTY) report them as failed instead, so pass --rotate in automation.

Supported Clients

By default agno connect configures every client it detects on the machine. Scope the run with --clients:
agno connect --clients claude-code,cursor
Client--clients valueConfig written
Claude Codeclaude-code (or claude)~/.claude.json, or .mcp.json with --project
Claude Desktopclaude-desktopclaude_desktop_config.json, launching the mcp-remote bridge via npx
OpenAI Codexcodex~/.codex/config.toml
Cursorcursor~/.cursor/mcp.json, or .cursor/mcp.json with --project
claude.ai / Claude appsclaude-aiNone. Prints manual Connector setup steps.
ChatGPTchatgptNone. Prints manual Connector setup steps.
Claude Desktop speaks MCP over stdio only, so its entry launches the mcp-remote proxy with npx. Node.js must be installed for that entry to start.

claude.ai and ChatGPT

The hosted chat apps add MCP servers from their own cloud, so agno connect cannot write or verify anything for them. It prints the setup steps instead:
agno connect --clients claude-ai,chatgpt
Requirements:
  • The AgentOS must be on a public HTTPS URL. A local AgentOS is unreachable from the apps’ clouds; deploy it or expose it through a tunnel first.
  • Both apps’ Connectors UIs authenticate with OAuth, not bearer tokens, so the AgentOS must be public or OAuth-enabled. A token-protected AgentOS cannot be added from the UI yet.
  • In the app, go to Settings -> Connectors -> Add custom connector and paste the printed MCP URL. Custom connectors need a paid plan.
When discovery lands on a public HTTPS AgentOS with authorization disabled, or with an OAuth-protected MCP endpoint, connect prints these steps automatically, without --clients.

Options

FlagDefaultDescription
--urlautodiscoverAgentOS base URL
--clientsdetectedComma-separated client list
--nameone account per clientUse one shared service account with this name
--scopes, -sserver’s run + read scopesScope to grant (repeatable)
--expires90dToken lifetime in days, or never
--privilegedoffRequired when --scopes grants write, delete, admin, or service_accounts scopes
--patoffMint tokens even when the MCP endpoint is OAuth-protected (for headless clients)
--server-namederived from the AgentOS nameMCP server entry name written to client configs
--projectoffWrite project-scoped configs (.mcp.json / .cursor/mcp.json)
--rotateoffRevoke and re-mint existing accounts without asking
--skip-existingoffNever touch existing accounts or config entries
--allow-httpoffPermit credentials over plaintext HTTP to a non-loopback host
--yes, -yoffTrust a remote AGENTOS_URL from a .env file without prompting
--jsonoffEmit a single JSON document

Security

Each client gets its own service account, so if one token leaks or a client is retired, you can revoke just that one without touching the others:
agno tokens revoke claude-code
BehaviorDetail
Default scopesagents:run, teams:run, workflows:run, sessions:read, config:read
Expiry90 days. Override with --expires 30 or --expires never.
Token storageWritten only to the client’s config file (mode 0600). The CLI stores nothing.
TransportThe CLI refuses to send credentials over plaintext HTTP to a non-loopback host unless you pass --allow-http.
RotationAfter --rotate, restart the affected client. A running client keeps its old in-process connection until it restarts.

Disconnect

agno disconnect
agno disconnect removes the AgentOS entry from each client’s config. It edits configs only, so it works with the AgentOS stopped and needs no admin credential. Without --server-name it removes every entry pointing at the target AgentOS; entries pointing at any other server are never touched. Pass --revoke to also revoke the service accounts connect minted (this path needs the running AgentOS and an admin credential).

Scripting

--json prints one JSON document with the discovered OS, per-client results, and the exit code. Exit codes: 0 all connected, 1 nothing connected, 2 usage error, 3 partial success. In --json mode the CLI never prompts, so set AGNO_ADMIN_TOKEN before you run it.

Developer Resources