Documentation AI agents (MCP)

AI agents (MCP)

Connect other clients

Last updated Jul 12, 2026

Any client that speaks MCP over streamable HTTP can connect to Popcorn Editor. The endpoint is your app origin plus /mcp/popcorn — your exact URL is shown in the app under SettingsYour agent access, where you also mint the agent token these clients send as a bearer header. The examples below use https://app.example.com/mcp/popcorn as a placeholder.

Cursor

Add the server to .cursor/mcp.json in your project (or ~/.cursor/mcp.json to make it available globally):

{
  "mcpServers": {
    "popcorn": {
      "url": "https://app.example.com/mcp/popcorn",
      "headers": {
        "Authorization": "Bearer <token>"
      }
    }
  }
}

Replace <token> with an agent token from SettingsYour agent access. The token is shown once when you create it, so paste it right away.

VS Code (Copilot agent mode)

Add the server to .vscode/mcp.json:

{
  "servers": {
    "popcorn": {
      "type": "http",
      "url": "https://app.example.com/mcp/popcorn",
      "headers": {
        "Authorization": "Bearer <token>"
      }
    }
  }
}

Copilot's agent mode picks up the server and can call the Popcorn tools (validate-design, create-design, list-templates, and the rest — see the tools reference).

Any MCP client

A client can connect if it supports:

  • Streamable HTTP transport to https://app.example.com/mcp/popcorn, and
  • either OAuth 2.1 (the server supports dynamic client registration, so leave any Client ID/Secret fields blank — you sign in and authorize in the browser) or custom request headers, so it can send Authorization: Bearer <token> with an agent token.

Connector-style UIs (Claude.ai, Claude Desktop, ChatGPT) typically use OAuth — see Connect Claude and Connect ChatGPT. CLIs and IDEs typically use agent tokens, like Gemini CLI and the examples above.

Stdio-only clients

If a client only supports stdio servers (no remote HTTP), bridge it with mcp-remote. Configure the client to run:

npx mcp-remote https://app.example.com/mcp/popcorn --header "Authorization: Bearer <token>"

The bridge runs locally as a stdio server and forwards everything to Popcorn over HTTP.

Limits and revocation

Requests are rate-limited to 60 per minute per user, and every call is workspace-scoped and permission-checked server-side. To target a team workspace instead of your personal one, send an optional X-Workspace header with the workspace uuid.

For token scopes (Read & write vs Read only), expiry options, and how to revoke access, see Tokens & security.