# MCP Admin System — Token Setup Guide **Status:** 2026-03-25 | **Owner:** CADevO **Purpose:** Complete admin system health restoration --- ## Current MCP Health Status | Server | Status | Action Required | |--------|--------|----------------| | desktop-commander | ✅ OK | None | | filesystem-synos | ✅ OK | None | | memory | ✅ OK | None | | sequential-thinking | ✅ OK | None | | playwright | ✅ OK | None | | semgrep | ✅ OK | Token set | | todoist | ✅ OK | Token set | | github | ✅ FIXED | Token set from gh keyring | | notion (local) | ⚠️ NEEDS TOKEN | See Step 1 below | | slack | ❌ BROKEN | See Step 2 below | | brave-search | ❌ BROKEN | See Step 3 below | | context7 | ⚠️ UNKNOWN | May work without key on free tier | | n8n | ❌ NOT DEPLOYED | n8n server needs to be stood up first | | google-calendar | ❌ BROKEN | OAuth setup required | --- ## Cloud MCP (claude.ai integrations) These connect through the claude.ai web session and will drop if the session times out. The local `notion` server above replaces the cloud Notion integration for reliability. | Integration | How to Keep Alive | |-------------|------------------| | Notion (cloud) | Will be replaced by local server | | Gmail | Re-authenticate at claude.ai → Settings → Integrations if it drops | | Slack | Backed by local Slack MCP once token is set | | Google Calendar | OAuth setup fixes this permanently | --- ## Step 1: Notion API Key (CRITICAL) The local Notion MCP replaces the flaky cloud integration. One-time setup. 1. Go to: https://www.notion.so/my-integrations 2. Click "New integration" 3. Name: "Claude Code — " 4. Type: Internal integration 5. Capabilities: Read content, Update content, Insert content 6. Copy the "Internal Integration Secret" (starts with `secret_`) 7. Run this command (replace YOUR_KEY): ```powershell [System.Environment]::SetEnvironmentVariable('NOTION_API_KEY', 'secret_YOUR_KEY_HERE', 'User') ``` 8. **Share pages with integration:** For each Notion page you want accessible: - Open the page → Share → Invite → search for your integration name **Pages to share immediately:** - CoM Solutions (main) - Business Hub - Mission Control - ARCANUM Operations Hub - Library of Nerd / Lib_CYBR --- ## Step 2: Slack Bot Token 1. Go to: https://api.slack.com/apps 2. Find or create "CoM CADevO" app in CoM Solutions HQ workspace 3. OAuth & Permissions → Bot Token Scopes: channels:read, channels:history, chat:write, files:read 4. Install to workspace → Copy "Bot User OAuth Token" (starts with `xoxb-`) 5. Run: ```powershell [System.Environment]::SetEnvironmentVariable('SLACK_BOT_TOKEN', 'xoxb-YOUR-TOKEN', 'User') ``` 6. Note: The Slack MCP config in `settings.json` currently hardcodes `SLACK_TEAM_ID` to `CoMsolutionshq`, so setting a `SLACK_TEAM_ID` environment variable will not affect behavior unless you update `settings.json` to read from the environment. If you later change `settings.json` to reference `${SLACK_TEAM_ID}`, set it with: ```powershell [System.Environment]::SetEnvironmentVariable('SLACK_TEAM_ID', 'YOUR_TEAM_ID', 'User') ``` --- ## Step 3: Brave Search API Key 1. Go to: https://api.search.brave.com/register 2. Create account → API Keys → Generate key (free tier: 2,000 queries/month) 3. Run: ```powershell [System.Environment]::SetEnvironmentVariable('BRAVE_API_KEY', 'YOUR_KEY', 'User') ``` --- ## Step 4: n8n Deployment (Admin Automation Backbone) All 10 HEARTBEAT workflows depend on n8n. Priority after Notion. **Fastest path — Docker on :** > Security note: > - Bind n8n to localhost only unless you explicitly intend to expose it. > - Set `N8N_BASIC_AUTH_PASSWORD` to a long, unique password (e.g. stored in a password manager). > > Example (PowerShell) to set the password for the current user: > ```powershell > [System.Environment]::SetEnvironmentVariable('N8N_BASIC_AUTH_PASSWORD', 'REPLACE_WITH_A_STRONG_UNIQUE_PASSWORD', 'User') > ``` ```bash docker run -d --restart unless-stopped \ -p 127.0.0.1:5678:5678 \ -v n8n_data:/home/node/.n8n \ -e N8N_BASIC_AUTH_ACTIVE=true \ -e N8N_BASIC_AUTH_USER=admin \ -e N8N_BASIC_AUTH_PASSWORD="${N8N_BASIC_AUTH_PASSWORD:?set a strong N8N_BASIC_AUTH_PASSWORD}" \ --name n8n \ n8nio/n8n ``` Then: ```powershell [System.Environment]::SetEnvironmentVariable('N8N_API_URL', 'http://localhost:5678', 'User') # Get API key from n8n UI: Settings → API → Create API Key [System.Environment]::SetEnvironmentVariable('N8N_API_KEY', 'YOUR_N8N_KEY', 'User') ``` --- ## Step 5: Google Calendar OAuth 1. Go to: https://console.cloud.google.com 2. Create project "CoM Admin" → Enable Google Calendar API 3. Credentials → Create OAuth Client ID → Desktop app 4. Download JSON → extract client_id and client_secret 5. Run: ```powershell [System.Environment]::SetEnvironmentVariable('GOOGLE_CALENDAR_CLIENT_ID', 'YOUR_ID', 'User') [System.Environment]::SetEnvironmentVariable('GOOGLE_CALENDAR_CLIENT_SECRET', 'YOUR_SECRET', 'User') ``` --- ## After Each Token Set **Restart Claude Code** after setting env vars — the new process will inherit them. Verify with: ```bash echo "NOTION: ${NOTION_API_KEY:+SET}" && echo "SLACK: ${SLACK_BOT_TOKEN:+SET}" && echo "BRAVE: ${BRAVE_API_KEY:+SET}" && echo "N8N: ${N8N_API_URL:+SET}" ``` --- ## Unimplemented Admin Systems (HEARTBEAT backlog) All 10 n8n workflows are planned but not built. Priority order: 1. Morning Report (needs n8n + Notion + Slack) 2. Tailscale Mesh Monitor (needs n8n + Slack) 3. GitHub PR Watchdog (needs n8n + GitHub webhook + Slack) 4. Notion Sync (needs n8n + Notion + Google Drive) 5. Dependency Audit (`cargo audit` → Slack alert) These require n8n to be running first (Step 4 above).