docs(mcp): add API key auth, multi-client setup, and missing tools

[saddlepaddle]

Summary

• Restructured Setup section into CLI Options (Claude Code, Codex, Gemini CLI, Open Code) and Manual Configuration (6 client tabs) — verified against each client's official docs
• Added API Key authentication section with generation steps and usage examples
• Added 3 missing tools: update_workspace, start_claude_session, start_claude_subagent
• Added AI Sessions category to capabilities and tools tables

Test plan

• bun run typecheck passes
• bun test passes (1193 pass, 0 fail)
• Lint errors are pre-existing, not from this change
• All 18 MCP tools documented
• Visual review of rendered docs page

Summary by CodeRabbit

• Documentation
  • Expanded MCP capabilities including workspace update and navigation options.
  • Added AI Sessions category with support for Claude sessions and subagents.
  • Introduced multi-client setup UI for Claude Code, Codex, Gemini CLI, and Open Code.
  • Added comprehensive configuration examples and API Key Authentication section with OAuth comparison.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated the MCP documentation file to expand capabilities and provide comprehensive setup guidance. Added four new MCP tools (update_workspace, navigate_to_workspace, start_claude_session, start_claude_subagent), replaced static CLI guidance with multi-tab UI for multiple clients, introduced per-client configuration examples, and added API Key Authentication section.

Changes

Cohort / File(s)

Summary

MCP Documentation Updates apps/docs/content/docs/mcp.mdx

Expanded MCP capabilities documentation with new workspace management tools (update_workspace, navigate_to_workspace), AI Sessions tools (start_claude_session, start_claude_subagent), multi-tab setup instructions for Claude Code/Codex/Gemini CLI/Open Code, per-client configuration examples with authentication paths (OAuth and API keys), and API Key Authentication section with decision table comparing OAuth 2.1 vs API Key.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A documentation hop, so neat and bright,
New tools for workspaces, sessions in flight,
With tabs for each client and keys for auth,
This MCP guide clears the developer path! 🚀

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly and clearly describes the main changes: adding API key authentication, multi-client setup, and documenting missing MCP tools.
Description check	✅ Passed	The description covers all critical sections: summary of changes, test plan with specific results, and includes the required Type of Change context through documentation focus.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch update-mcp-docs-add-api-key-auth-mcp-json-setup-an

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@apps/docs/content/docs/mcp.mdx`:
- Around line 140-144: Update the opening sentences to make OAuth 2.1 the
default but not exclusive: replace "The MCP server uses OAuth 2.1. When you
first connect, you'll be prompted to authorize the connection in your browser.
The token is scoped to your active organization." with a single clear statement
like "By default, the MCP server uses OAuth 2.1; when you first connect you'll
be prompted to authorize in your browser and the token is scoped to your active
organization; API keys are also supported for headless environments." Ensure
this change appears in the OAuth section immediately before the "API Key
Authentication" heading so the relationship between defaults and alternatives is
clear.
- Around line 40-44: Clarify that the Open Code CLI command opencode mcp add is
interactive and accepts no inline arguments by updating the mcp.mdx example: add
a short explanatory sentence near the Tab block (the example showing the
opencode mcp add command) stating that the command will prompt for server name
and URL interactively rather than taking arguments, so users know to run it and
then respond to prompts.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

cat -n apps/docs/content/docs/mcp.mdx | head -60

Repository: superset-sh/superset

Length of output: 2200

---

🌐 Web query:

Open Code CLI opencode mcp add documentation syntax arguments

💡 Result:

opencode mcp add — syntax & arguments

Syntax

opencode mcp add

Arguments / flags

• None. mcp add takes no positional arguments and is an interactive command that guides you through adding either a local or remote MCP server to your OpenCode configuration. [1]

Where it’s stored / what it creates (config shape)

MCP servers are defined in your OpenCode config under mcp (each server keyed by a unique name, with an enabled flag). [2]

• Local MCP uses type: "local" and a required command: [...]. [2]
• Remote MCP uses type: "remote" and a required url: "..." (optionally headers, oauth, etc.). [2]

Sources: OpenCode CLI docs [1], OpenCode MCP servers docs [2].

---

Add clarification comment to explain that opencode mcp add is interactive.

The Open Code CLI's mcp add command differs from other clients because it's interactive and takes no arguments—it prompts you for the server name and URL. The example should clarify this to avoid confusion.

Suggested fix

- opencode mcp add
+ opencode mcp add  # follow prompts for server name and URL

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<Tab value="Open Code">
	```bash title="terminal"
	opencode mcp add
	```
	</Tab>
	<Tab value="Open Code">

🤖 Prompt for AI Agents

In `@apps/docs/content/docs/mcp.mdx` around lines 40 - 44, Clarify that the Open
Code CLI command opencode mcp add is interactive and accepts no inline arguments
by updating the mcp.mdx example: add a short explanatory sentence near the Tab
block (the example showing the opencode mcp add command) stating that the
command will prompt for server name and URL interactively rather than taking
arguments, so users know to run it and then respond to prompts.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Clarify that OAuth is default, not exclusive.

This sentence now conflicts with the API key section below. Reword to indicate OAuth 2.1 is the default while API keys are also supported.

✏️ Suggested rewording

-The MCP server uses OAuth 2.1. When you first connect, you'll be prompted to authorize the connection in your browser. The token is scoped to your active organization.
+The MCP server supports OAuth 2.1 by default. When you first connect, you'll be prompted to authorize the connection in your browser. The token is scoped to your active organization.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	The MCP server uses OAuth 2.1. When you first connect, you'll be prompted to authorize the connection in your browser. The token is scoped to your active organization.
	### API Key Authentication
	For headless environments, CI/CD pipelines, or scripts where browser-based OAuth isn't practical, you can authenticate with an API key instead.
	The MCP server supports OAuth 2.1 by default. When you first connect, you'll be prompted to authorize the connection in your browser. The token is scoped to your active organization.
	### API Key Authentication
	For headless environments, CI/CD pipelines, or scripts where browser-based OAuth isn't practical, you can authenticate with an API key instead.

🤖 Prompt for AI Agents

In `@apps/docs/content/docs/mcp.mdx` around lines 140 - 144, Update the opening
sentences to make OAuth 2.1 the default but not exclusive: replace "The MCP
server uses OAuth 2.1. When you first connect, you'll be prompted to authorize
the connection in your browser. The token is scoped to your active
organization." with a single clear statement like "By default, the MCP server
uses OAuth 2.1; when you first connect you'll be prompted to authorize in your
browser and the token is scoped to your active organization; API keys are also
supported for headless environments." Ensure this change appears in the OAuth
section immediately before the "API Key Authentication" heading so the
relationship between defaults and alternatives is clear.

[github-actions]

🧹 Preview Cleanup Complete

The following preview resources have been cleaned up:

• ✅ Neon database branch
• ✅ Electric Fly.io app

Thank you for your contribution! 🎉