Diablo_ClaudeMD_Ricing_example/MCP_SETUP.md

# MCP Admin System — Token Setup Guide

**Status:** 2026-03-25 | **Owner:** CADevO
**Purpose:** Complete admin system health restoration

---

## Current MCP Health Status

| Server | Status | Action Required |
|--------|--------|----------------|
| desktop-commander | ✅ OK | None |
| filesystem-synos | ✅ OK | None |
| memory | ✅ OK | None |
| sequential-thinking | ✅ OK | None |
| playwright | ✅ OK | None |
| semgrep | ✅ OK | Token set |
| todoist | ✅ OK | Token set |
| github | ✅ FIXED | Token set from gh keyring |
| notion (local) | ⚠️ NEEDS TOKEN | See Step 1 below |
| slack | ❌ BROKEN | See Step 2 below |
| brave-search | ❌ BROKEN | See Step 3 below |
| context7 | ⚠️ UNKNOWN | May work without key on free tier |
| n8n | ❌ NOT DEPLOYED | n8n server needs to be stood up first |
| google-calendar | ❌ BROKEN | OAuth setup required |

---

## Cloud MCP (claude.ai integrations)

These connect through the claude.ai web session and will drop if the session times out.
The local `notion` server above replaces the cloud Notion integration for reliability.

| Integration | How to Keep Alive |
|-------------|------------------|
| Notion (cloud) | Will be replaced by local server |
| Gmail | Re-authenticate at claude.ai → Settings → Integrations if it drops |
| Slack | Backed by local Slack MCP once token is set |
| Google Calendar | OAuth setup fixes this permanently |

---

## Step 1: Notion API Key (CRITICAL)

The local Notion MCP replaces the flaky cloud integration. One-time setup.

1. Go to: https://www.notion.so/my-integrations
2. Click "New integration"
3. Name: "Claude Code — <node>"
4. Type: Internal integration
5. Capabilities: Read content, Update content, Insert content
6. Copy the "Internal Integration Secret" (starts with `secret_`)
7. Run this command (replace YOUR_KEY):
   ```powershell
   [System.Environment]::SetEnvironmentVariable('NOTION_API_KEY', 'secret_YOUR_KEY_HERE', 'User')
   ```
8. **Share pages with integration:** For each Notion page you want accessible:
   - Open the page → Share → Invite → search for your integration name

**Pages to share immediately:**
- CoM Solutions (main)
- Business Hub
- Mission Control
- ARCANUM Operations Hub
- Library of Nerd / Lib_CYBR

---

## Step 2: Slack Bot Token

1. Go to: https://api.slack.com/apps
2. Find or create "CoM CADevO" app in CoM Solutions HQ workspace
3. OAuth & Permissions → Bot Token Scopes: channels:read, channels:history, chat:write, files:read
4. Install to workspace → Copy "Bot User OAuth Token" (starts with `xoxb-`)
5. Run:
   ```powershell
   [System.Environment]::SetEnvironmentVariable('SLACK_BOT_TOKEN', 'xoxb-YOUR-TOKEN', 'User')
   ```
6. Note: The Slack MCP config in `settings.json` currently hardcodes `SLACK_TEAM_ID` to `CoMsolutionshq`, so setting a `SLACK_TEAM_ID` environment variable will not affect behavior unless you update `settings.json` to read from the environment.
   If you later change `settings.json` to reference `${SLACK_TEAM_ID}`, set it with:
   ```powershell
   [System.Environment]::SetEnvironmentVariable('SLACK_TEAM_ID', 'YOUR_TEAM_ID', 'User')
   ```

---

## Step 3: Brave Search API Key

1. Go to: https://api.search.brave.com/register
2. Create account → API Keys → Generate key (free tier: 2,000 queries/month)
3. Run:
   ```powershell
   [System.Environment]::SetEnvironmentVariable('BRAVE_API_KEY', 'YOUR_KEY', 'User')
   ```

---

## Step 4: n8n Deployment (Admin Automation Backbone)

All 10 HEARTBEAT workflows depend on n8n. Priority after Notion.

**Fastest path — Docker on <node>:**

> Security note:
> - Bind n8n to localhost only unless you explicitly intend to expose it.
> - Set `N8N_BASIC_AUTH_PASSWORD` to a long, unique password (e.g. stored in a password manager).
>
> Example (PowerShell) to set the password for the current user:
> ```powershell
> [System.Environment]::SetEnvironmentVariable('N8N_BASIC_AUTH_PASSWORD', 'REPLACE_WITH_A_STRONG_UNIQUE_PASSWORD', 'User')
> ```

```bash
docker run -d --restart unless-stopped \
  -p 127.0.0.1:5678:5678 \
  -v n8n_data:/home/node/.n8n \
  -e N8N_BASIC_AUTH_ACTIVE=true \
  -e N8N_BASIC_AUTH_USER=admin \
  -e N8N_BASIC_AUTH_PASSWORD="${N8N_BASIC_AUTH_PASSWORD:?set a strong N8N_BASIC_AUTH_PASSWORD}" \
  --name n8n \
  n8nio/n8n
```

Then:
```powershell
[System.Environment]::SetEnvironmentVariable('N8N_API_URL', 'http://localhost:5678', 'User')
# Get API key from n8n UI: Settings → API → Create API Key
[System.Environment]::SetEnvironmentVariable('N8N_API_KEY', 'YOUR_N8N_KEY', 'User')
```

---

## Step 5: Google Calendar OAuth

1. Go to: https://console.cloud.google.com
2. Create project "CoM Admin" → Enable Google Calendar API
3. Credentials → Create OAuth Client ID → Desktop app
4. Download JSON → extract client_id and client_secret
5. Run:
   ```powershell
   [System.Environment]::SetEnvironmentVariable('GOOGLE_CALENDAR_CLIENT_ID', 'YOUR_ID', 'User')
   [System.Environment]::SetEnvironmentVariable('GOOGLE_CALENDAR_CLIENT_SECRET', 'YOUR_SECRET', 'User')
   ```

---

## After Each Token Set

**Restart Claude Code** after setting env vars — the new process will inherit them.

Verify with:
```bash
echo "NOTION: ${NOTION_API_KEY:+SET}" && echo "SLACK: ${SLACK_BOT_TOKEN:+SET}" && echo "BRAVE: ${BRAVE_API_KEY:+SET}" && echo "N8N: ${N8N_API_URL:+SET}"
```

---

## Unimplemented Admin Systems (HEARTBEAT backlog)

All 10 n8n workflows are planned but not built. Priority order:
1. Morning Report (needs n8n + Notion + Slack)
2. Tailscale Mesh Monitor (needs n8n + Slack)
3. GitHub PR Watchdog (needs n8n + GitHub webhook + Slack)
4. Notion Sync (needs n8n + Notion + Google Drive)
5. Dependency Audit (`cargo audit` → Slack alert)

These require n8n to be running first (Step 4 above).