Every IoTMan workspace exposes an MCP endpoint behind OAuth 2.1. Connect Claude Code, Cursor, ChatGPT, or your own agent — each gets scoped, revocable access. Because the log is immutable and views are derived, the worst an agent can do is append. No UPDATE, no DELETE, no data corruption.
An agent is a thing. Just a very smart one.
Real workspace with MCP endpoint. No account needed.
Every workspace gets an MCP endpoint at mcp/<slug>. Spec-compliant clients auto-discover it and register dynamically via OAuth 2.1 PKCE. No API keys to copy-paste.
Grant an agent read access to views, append access to a stream, or trigger access to a function — per token, per workspace. Revoke any grant instantly.
Agents that write data append events; they don't update or delete anything. There's no mutable row to mess up. A bad prompt or a buggy agent can't poison your data.
Create streams, configure views, inspect events, manage auth — all exposed as MCP tools. Your AI operates the platform without touching a dashboard.
You use Claude Code or Cursor to build and operate your IoTMan workspace. Your assistant reads config, creates streams, inspects events — without opening the dashboard.
Point Claude Code, Cursor, or any MCP-compliant client at mcp/<workspace>. It auto-discovers OAuth 2.1 and registers via PKCE. No API keys to manage.
Grant read access to views, write access to streams, or full admin — per token, per workspace. The AI only touches what you let it.
Claude Code, Cursor, ChatGPT, MCP Inspector, or your own. MCP is an open standard — no proprietary library, no vendor-specific integration code.
You're building a product where your users talk to an AI agent that needs to read or write event data — but only within strict boundaries.
One OAuth 2.1 grant per agent instance. Agent A sees stream:orders; agent B sees stream:sensors. No cross-tenant leakage.
An agent with write access can only POST new events. It cannot UPDATE a row, DELETE a record, or corrupt existing data. The log is immutable.
A token misbehaves? Revoke the grant. No shared secrets to rotate, no database passwords to reset. One click, done.
Agents are unpredictable. The platform's architecture — append-only events, derived views, scoped access — is what makes them safe to deploy.
In IoTMan, a sensor POSTs events and reads views. An agent does the same — authenticate, append, subscribe. Same primitives, same safety. It's just another producer on the network.
An agent with write access can only POST new events. It cannot UPDATE a row or DELETE a record. There's nothing to corrupt.
A view is a live projection over the log. If an agent sends bad data, fix the projection — the original events are untouched. You can always rebuild from the source of truth.
An OAuth 2.1 token grants access to specific streams, not the whole database. Agent A sees stream:orders; agent B sees stream:sensors. No cross-contamination.
New compliance question? New business rule? Replay the log through a new view. The agent didn't need to predict what you'd ask — the data was always there.
The MCP endpoint exposes the full management API — not just querying data, but creating streams, editing views, configuring webhooks, and modifying the AsyncAPI that defines how devices connect and how integrations flow.
This would be reckless on a mutable platform. Here, every configuration change is an appended event. Every view is rebuildable. A bad change isn't a disaster — it's a point on the log you can rewind past.
Create streams, configure views, register webhooks, modify AsyncAPI — all exposed as tools. The same agent that reads your data can evolve how it's shaped.
Every change to streams, views, and AsyncAPI is appended to the log. No mutable config to corrupt. Replay to any point in time.
You decide whether an agent gets read-only access, append-only, or full reconfiguration. Start conservative, expand as you gain confidence.
Three steps from workspace to working agent.
Define scopes per OAuth 2.1 grant. A developer's coding assistant gets stream:write and view:read. A customer-facing agent gets stream:sensors:append only.
Point any MCP-compliant client at mcp/<workspace>. It auto-discovers the OAuth 2.1 authorization endpoint, registers via PKCE, and receives a scoped token.
tools/list to discover available operations. tools/call to execute them. Write operations append events — nothing else. Every call is authenticated and scoped.
Model Context Protocol is an open standard. Any compliant client connects out of the box — no proprietary library, no vendor-specific integration code.
No static secrets to share, rotate, or leak. Agents register dynamically via PKCE. Tokens expire. Scopes are granular per grant.
The MCP endpoint a developer uses to configure the workspace is the same one end-users' agents use to interact with it. The only difference is the OAuth 2.1 scopes on the token. No separate admin API, no privileged path.
The platform's append-only architecture isn't a feature for agents — it's the foundation that makes agents safe. Immutable data, rebuildable views, scoped access.
Create a workspace, copy the MCP URL, point your client. Free tier, no credit card.