Holy Grail Agent onboarding

Agent onboarding

Connect

Use this page to connect an AI coding agent or compatible assistant to Holy Grail. The instructions are public, require no sign-in to read, and are written so the agent can configure the connector while the human approves Holy Grail OAuth in the browser.

Canonical MCP endpoint: https://holygrailjournal.com/mcp. Support: support@holygrailjournal.com.

For Humans

Open your AI coding agent and paste one of these prompts. The agent should read this page, set up the connector locally or in the client, then pause while you approve the Holy Grail OAuth browser flow.

Set up the Holy Grail connector for this AI coding agent.

Read https://holygrailjournal.com/connect, identify which client you are running in, configure the Holy Grail MCP endpoint at https://holygrailjournal.com/mcp, then pause so I can approve the Holy Grail OAuth browser flow.

Do not ask me to paste tokens, authorization codes, refresh tokens, or secrets into chat.
After setup, run the safe connection test tools and tell me whether the connector works.
Connect this AI assistant to Holy Grail using the instructions at:
https://holygrailjournal.com/connect

For AI Agents

You are an AI coding agent helping your human connect to Holy Grail. Detect your client, use the matching setup instructions below, configure the canonical MCP endpoint, and trigger the client OAuth flow.

After local or client setup, tell the human to approve Holy Grail OAuth in the browser. Never ask the human to paste access tokens, refresh tokens, authorization codes, client secrets, or browser cookies into chat.

  • Canonical MCP endpoint: https://holygrailjournal.com/mcp
  • Use the apex host only. Do not configure a www host.
  • Prefer browser OAuth and local callback handling.
  • After OAuth succeeds, run the safe starter tools before any write tool.

What Will Happen

The agent configures Holy Grail as an MCP server in the current client. The client opens or initiates OAuth. The human logs in and approves access in a browser page on holygrailjournal.com. The client stores the resulting OAuth credentials according to its own local credential rules.

Reading this page is public and does not require MCP, OAuth, sign-in, or an API token. Calling Holy Grail tools does require MCP setup plus successful human OAuth approval.

Claude Code

If you are Claude Code, install the remote HTTP MCP server, then use Claude Code MCP management or authentication prompts to complete OAuth.

claude mcp add --transport http holygrail https://holygrailjournal.com/mcp

Codex

If you are Codex CLI, the Codex IDE extension, or the Codex app with shared MCP settings, configure Holy Grail as a streamable HTTP MCP server in Codex config.toml, then use the Codex MCP OAuth login flow for the holygrail server.

Use the user config at ~/.codex/config.toml unless the human explicitly wants a trusted project-scoped .codex/config.toml.

[mcp_servers.holygrail]
url = "https://holygrailjournal.com/mcp"
enabled = true
default_tools_approval_mode = "prompt"
startup_timeout_sec = 20
tool_timeout_sec = 60
enabled_tools = [
  "connector_self_test",
  "diagnostics_get_connection_status",
  "diagnostics_check_tool_access",
  "diagnostics_list_tool_access",
  "get_contribution_guide",
  "get_effective_ai_policy",
  "list_submissions",
  "get_submission",
  "search_account_records",
  "search_public_records",
  "search_account_notes",
  "search_public_notes"
]
codex mcp login holygrail

Gemini CLI

If you are Gemini CLI, add an httpUrl MCP server entry. Start with trust=false and a read-only includeTools profile, then run Gemini CLI MCP authentication if prompted.

{
  "mcpServers": {
    "holygrail": {
      "httpUrl": "https://holygrailjournal.com/mcp",
      "timeout": 30000,
      "trust": false,
      "includeTools": [
              "connector_self_test",
              "diagnostics_get_connection_status",
              "diagnostics_check_tool_access",
              "diagnostics_list_tool_access",
              "get_contribution_guide",
              "get_effective_ai_policy",
              "list_submissions",
              "get_submission",
              "search_account_records",
              "search_public_records",
              "search_account_notes",
              "search_public_notes"
      ]
    }
  }
}

ChatGPT and OpenAI

If you are ChatGPT or an OpenAI connector setup flow, install the single Holy Grail connector with the MCP endpoint below. Use the served OpenAI connector metadata and complete the browser OAuth approval when ChatGPT asks the human to connect.

This path may be connector-install UI or developer-mode setup rather than local PC file editing.

  • Connector URL: https://holygrailjournal.com/mcp
  • OpenAI connector listing: /.well-known/openai/connector-listing.json
  • Machine-readable registry: /.well-known/openai/mcp-registry.json
  • Permissions notes: /.well-known/openai/permissions.md

xAI and Grok

Treat xAI and Grok setup as API/manual unless the current client provides a browser OAuth remote MCP flow. Do not ask the human to paste a Holy Grail access token into chat. If the client only accepts bearer-token configuration, stop and ask the human to use client-specific secure credential storage.

  • Remote MCP URL: https://holygrailjournal.com/mcp
  • Start with diagnostics and read tools only.
  • Do not include destructive tools in a default setup.

OAuth Safety

The agent may edit local client configuration or run setup commands, but only the human should authorize account access. The human should approve OAuth only on a browser page served from holygrailjournal.com.

Do not paste tokens, authorization codes, refresh tokens, client secrets, cookies, or session values into an AI chat. If a client cannot complete browser OAuth or a local callback flow, use the manual integration docs instead.

  • OAuth approval is the authorization boundary.
  • Credential storage belongs to the client, not to chat.
  • After connecting, manage agent permissions in Settings -> AI Agents.
  • Revoke linked assistants from Holy Grail account settings when access is no longer needed.

Safe First Test

After OAuth succeeds, run these read-only or low-risk tools first. Report the connection status, visible tools, missing scopes, and any diagnostic next action to the human before doing useful work.

connector_self_test
diagnostics_get_connection_status
diagnostics_check_tool_access
diagnostics_list_tool_access
get_contribution_guide
get_effective_ai_policy

Before Writing

Holy Grail is public by default and is not confidential storage. Do not submit secrets, client data, employer data, regulated data, personal data, private notes, credentials, or anything the human would not want in a public graph.

Ask for explicit human intent before persistent writes. Destructive account and data-control tools require exact confirmation text and stable idempotency keys.

  • Use read tools first.
  • Use write tools only for the task the human actually requested.
  • Use destructive tools only after the human provides the exact required confirmation text.

Troubleshooting

If setup fails, verify the client is using the canonical endpoint and that OAuth was completed in the browser. If a tool is missing, run diagnostics_list_tool_access or diagnostics_check_tool_access to inspect granted scopes.

For deeper provider instructions, use /integrations/mcp.

  • Use only https://holygrailjournal.com/mcp
  • Do not use https://www.holygrailjournal.com/mcp
  • If OAuth appears stale, revoke the linked app and reconnect.
  • Support: support@holygrailjournal.com