@logi/mcp — Drive logi from Claude/Cursor
Source:
en/reference/mcp.md· Live: https://docs.1pass.dev/en/reference/mcp LLM-sanitized: internal links absolutized, VitePress containers → admonitions, line numbers in the Jump-to Index reference this rendered file (1-indexed).
📍 Jump-to Index
- L32-L40: ## Two usage modes
- L41-L73: ## Installation
- L74-L86: ## End-user mode tools (8)
- L87-L111: ## Docs tools (3, no auth required)
- L103-L111: ### Examples
- L112-L140: ## Developer mode tools (coming soon)
- L129-L140: ### Developer examples
- L141-L146: ## Security
- L147-L183: ## Remove after onboarding
- L184-L189: ## Next
@logi/mcp — Drive logi from Claude/Cursor
Manage logi in natural language from AI tools that support MCP, such as Claude Code, Claude Desktop, and Cursor.
For example: "Show me all of my logi apps that aren't on the production tier," or "Send alice@example.com an invite with admin permissions."
🚨 Danger: Dev-time only tool
@logi/mcpis a temporary development tool used only while onboarding an RP onto logi. It is not a runtime dependency — your deployed application runs without this MCP server, and authentication is handled entirely by the SDK/OAuth flow.
Its purpose is setup assistance: registering the OAuth app, configuring redirect URIs, rotating secrets, looking up docs during integration, and so on. Once onboarding is done, you can unmount (remove) it.
Two usage modes
| Mode | Who | What |
|---|---|---|
| End-user mode | Regular users | Manage your own sign-in activity, passkeys, and connected apps |
| Developer mode | OAuth app developers | OAuth app CRUD, secret rotation, team management |
The set of tools you see depends on the scope of the PAK (Personal API Key) you issue.
Installation
⚠️ Warning: Pre-release This has not been published to npm yet.
~/.claude.json (Claude Code):
{
"mcpServers": {
"logi": {
"command": "node",
"args": ["/Users/you/toy/logi/mcp/dist/index.js"],
"env": {
"LOGI_API_URL": "https://api.1pass.dev",
"LOGI_API_KEY": "lpa_pat_xxxxxxxxxxxxx"
}
}
}
}After publish:
{
"command": "npx",
"args": ["-y", "@logi/mcp"]
}Issue a PAK from start.1pass.dev → API Keys or /api/v1/me/api_keys. For end-user mode, select scopes such as login_history:read; for developer mode, select apps:manage and apps:read.
End-user mode tools (8)
| Tool | Description | Required scope |
|---|---|---|
logi_whoami | Check connection status + account | — |
logi_list_login_history | Recent sign-in activity | login_history:read |
logi_delete_login_log | Soft-delete a specific log | login_history:write |
logi_list_trashed_logs | View the trash | login_history:write |
logi_restore_login_log | Restore | login_history:write |
logi_list_passkeys | List passkeys | passkeys:read |
logi_delete_passkey | Delete a passkey | passkeys:manage |
logi_list_connected_apps | View connected apps + permissions | apps:read |
Docs tools (3, no auth required)
These work even without API key configuration. They fetch the public markdown mirror at docs.1pass.dev/llms/* — designed so the agent references the correct docs on its first attempt when integrating logi (the LangChain mcpdoc pattern).
| Tool | Description | Required scope |
|---|---|---|
logi_fetch_quickstart | The agent quickstart guide (lang=ko|en) | — |
logi_get_doc | Fetch a specific doc path (allowed prefixes: guide/, oauth/, cli/, and so on) | — |
logi_list_docs | The llms.txt sitemap — a list of available doc paths | — |
> How do I integrate logi? (→ logi_fetch_quickstart)
> Tell me about the OAuth scope types (→ logi_get_doc path=oauth/scopes.md)
> What logi docs are there? (→ logi_list_docs)Examples
> Show me my last 10 logi sign-in events
> Were there any suspicious logins yesterday? Filter to outside Korea only.
> Clean up the passkeys I no longer use
> I want to disconnect NotionDeveloper mode tools (coming soon)
OAuth app developers managing apps in natural language from Claude/Cursor:
| Tool | Description | Required scope |
|---|---|---|
logi_apps_list | List apps in my org | apps:read |
logi_apps_create | Register a new app | apps:manage |
logi_apps_show | App details | apps:read |
logi_apps_edit | Edit metadata and redirect URIs | apps:manage |
logi_apps_rotate_secret | Rotate client_secret | apps:manage |
logi_apps_delete | Delete an app | apps:manage |
logi_team_invite | Invite a member | org:manage |
logi_audit_logs | View audit logs | org:read |
Audit logs are currently viewed in the Developer Console (web). Developer-mode MCP tools such as
logi_audit_logsare planned, and in all cases they are never exposed in the native iOS/Android apps.
Developer examples
> Rotate the client_secret for "Demo Test App" and write the new value into .env
> Invite alice@example.com to our org as an admin
> Who changed a redirect URI last week?
> Create a new app for the staging environment with redirect_uri https://staging.acme.com/cb💡 Tip: Flow Claude calls a tool → returns the result → suggests the next action. For example, after rotating a secret, it automatically offers to update your
.envfile.
Security
- Every call uses PAK authentication (injected only via env, never exposed in memory or logs)
- Sensitive operations (deletion, secret rotation) will gain iOS app step-up push approval in the future
- The MCP server prints only the first 8 characters of the PAK prefix to stdout/stderr, masking the rest
Remove after onboarding
Because @logi/mcp is a dev-time tool, you can remove (unmount) it from your AI tool's configuration once RP onboarding is complete (app registration, redirect URIs, secrets, integration checks). Removing it does not affect sign-in for your deployed app — the runtime does not depend on the MCP.
1. Delete the logi block from your config
Delete the entire logi entry under mcpServers in ~/.claude.json (Claude Code). This is the block to remove:
{
"mcpServers": {
"logi": {
"command": "node",
"args": ["/Users/you/toy/logi/mcp/dist/index.js"],
"env": {
"LOGI_API_URL": "https://api.1pass.dev",
"LOGI_API_KEY": "lpa_pat_xxxxxxxxxxxxx"
}
}
}
}If logi is the only entry, you can empty or remove the mcpServers object entirely.
For other tools such as Cursor and Claude Desktop, delete the logi block from their respective MCP config files (for example, claude_desktop_config.json for Claude Desktop, .cursor/mcp.json for Cursor).
2. Restart the AI tool
Restart Claude Code / Claude Desktop / Cursor so the logi MCP tools are no longer loaded.
3. (Optional) Revoke the PAK
For a PAK you no longer need, we recommend revoking it at start.1pass.dev → API Keys.
If you later need to manage apps or rotate secrets again, you can re-mount at any time by repeating the Installation steps.