Skip to content

@logi/mcp — Drive logi from Claude/Cursor

Source: en/reference/mcp.md · Live: https://docs.1pass.dev/en/reference/mcp LLM-sanitized: internal links absolutized, VitePress containers → admonitions, line numbers in the Jump-to Index reference this rendered file (1-indexed).

📍 Jump-to Index

  • L32-L40: ## Two usage modes
  • L41-L73: ## Installation
  • L74-L86: ## End-user mode tools (8)
  • L87-L111: ## Docs tools (3, no auth required)
    • L103-L111: ### Examples
  • L112-L140: ## Developer mode tools (coming soon)
    • L129-L140: ### Developer examples
  • L141-L146: ## Security
  • L147-L183: ## Remove after onboarding
  • L184-L189: ## Next

@logi/mcp — Drive logi from Claude/Cursor

Manage logi in natural language from AI tools that support MCP, such as Claude Code, Claude Desktop, and Cursor.

For example: "Show me all of my logi apps that aren't on the production tier," or "Send alice@example.com an invite with admin permissions."

🚨 Danger: Dev-time only tool @logi/mcp is a temporary development tool used only while onboarding an RP onto logi. It is not a runtime dependency — your deployed application runs without this MCP server, and authentication is handled entirely by the SDK/OAuth flow.

Its purpose is setup assistance: registering the OAuth app, configuring redirect URIs, rotating secrets, looking up docs during integration, and so on. Once onboarding is done, you can unmount (remove) it.

Two usage modes

ModeWhoWhat
End-user modeRegular usersManage your own sign-in activity, passkeys, and connected apps
Developer modeOAuth app developersOAuth app CRUD, secret rotation, team management

The set of tools you see depends on the scope of the PAK (Personal API Key) you issue.

Installation

⚠️ Warning: Pre-release This has not been published to npm yet.

~/.claude.json (Claude Code):

json
{
  "mcpServers": {
    "logi": {
      "command": "node",
      "args": ["/Users/you/toy/logi/mcp/dist/index.js"],
      "env": {
        "LOGI_API_URL": "https://api.1pass.dev",
        "LOGI_API_KEY": "lpa_pat_xxxxxxxxxxxxx"
      }
    }
  }
}

After publish:

json
{
  "command": "npx",
  "args": ["-y", "@logi/mcp"]
}

Issue a PAK from start.1pass.dev → API Keys or /api/v1/me/api_keys. For end-user mode, select scopes such as login_history:read; for developer mode, select apps:manage and apps:read.

End-user mode tools (8)

ToolDescriptionRequired scope
logi_whoamiCheck connection status + account
logi_list_login_historyRecent sign-in activitylogin_history:read
logi_delete_login_logSoft-delete a specific loglogin_history:write
logi_list_trashed_logsView the trashlogin_history:write
logi_restore_login_logRestorelogin_history:write
logi_list_passkeysList passkeyspasskeys:read
logi_delete_passkeyDelete a passkeypasskeys:manage
logi_list_connected_appsView connected apps + permissionsapps:read

Docs tools (3, no auth required)

These work even without API key configuration. They fetch the public markdown mirror at docs.1pass.dev/llms/* — designed so the agent references the correct docs on its first attempt when integrating logi (the LangChain mcpdoc pattern).

ToolDescriptionRequired scope
logi_fetch_quickstartThe agent quickstart guide (lang=ko|en)
logi_get_docFetch a specific doc path (allowed prefixes: guide/, oauth/, cli/, and so on)
logi_list_docsThe llms.txt sitemap — a list of available doc paths
> How do I integrate logi? (→ logi_fetch_quickstart)
> Tell me about the OAuth scope types (→ logi_get_doc path=oauth/scopes.md)
> What logi docs are there? (→ logi_list_docs)

Examples

> Show me my last 10 logi sign-in events
> Were there any suspicious logins yesterday? Filter to outside Korea only.
> Clean up the passkeys I no longer use
> I want to disconnect Notion

Developer mode tools (coming soon)

OAuth app developers managing apps in natural language from Claude/Cursor:

ToolDescriptionRequired scope
logi_apps_listList apps in my orgapps:read
logi_apps_createRegister a new appapps:manage
logi_apps_showApp detailsapps:read
logi_apps_editEdit metadata and redirect URIsapps:manage
logi_apps_rotate_secretRotate client_secretapps:manage
logi_apps_deleteDelete an appapps:manage
logi_team_inviteInvite a memberorg:manage
logi_audit_logsView audit logsorg:read

Audit logs are currently viewed in the Developer Console (web). Developer-mode MCP tools such as logi_audit_logs are planned, and in all cases they are never exposed in the native iOS/Android apps.

Developer examples

> Rotate the client_secret for "Demo Test App" and write the new value into .env
> Invite alice@example.com to our org as an admin
> Who changed a redirect URI last week?
> Create a new app for the staging environment with redirect_uri https://staging.acme.com/cb

💡 Tip: Flow Claude calls a tool → returns the result → suggests the next action. For example, after rotating a secret, it automatically offers to update your .env file.

Security

  • Every call uses PAK authentication (injected only via env, never exposed in memory or logs)
  • Sensitive operations (deletion, secret rotation) will gain iOS app step-up push approval in the future
  • The MCP server prints only the first 8 characters of the PAK prefix to stdout/stderr, masking the rest

Remove after onboarding

Because @logi/mcp is a dev-time tool, you can remove (unmount) it from your AI tool's configuration once RP onboarding is complete (app registration, redirect URIs, secrets, integration checks). Removing it does not affect sign-in for your deployed app — the runtime does not depend on the MCP.

1. Delete the logi block from your config

Delete the entire logi entry under mcpServers in ~/.claude.json (Claude Code). This is the block to remove:

json
{
  "mcpServers": {
    "logi": {
      "command": "node",
      "args": ["/Users/you/toy/logi/mcp/dist/index.js"],
      "env": {
        "LOGI_API_URL": "https://api.1pass.dev",
        "LOGI_API_KEY": "lpa_pat_xxxxxxxxxxxxx"
      }
    }
  }
}

If logi is the only entry, you can empty or remove the mcpServers object entirely.

For other tools such as Cursor and Claude Desktop, delete the logi block from their respective MCP config files (for example, claude_desktop_config.json for Claude Desktop, .cursor/mcp.json for Cursor).

2. Restart the AI tool

Restart Claude Code / Claude Desktop / Cursor so the logi MCP tools are no longer loaded.

3. (Optional) Revoke the PAK

For a PAK you no longer need, we recommend revoking it at start.1pass.dev → API Keys.

If you later need to manage apps or rotate secrets again, you can re-mount at any time by repeating the Installation steps.

Next

최종 수정:

Identity가 제품의 신뢰를 만듭니다.