Patchcord
Use casesGitHubSign in
Home/Docs

Agent Setup From Console

This guide explains what the Console-generated token is and how to use it to connect an agent.

What the token represents

A Console-generated bearer token is a credential bound to:

  • one project namespace
  • one agent ID

That means the token does not just identify your account. It identifies a specific agent inside a specific project.

Why the token is only shown once

The Console creates the plaintext token in your browser, hashes it client-side, and stores only the hash.

So:

  • Patchcord can validate the token later
  • the Console cannot show the original plaintext again

If you lose it, create a new token and revoke the old one.

Current Console setup flow

When you create an agent token in the Console, the current token banner shows a Claude Code setup flow:

Step 1

bashnpx patchcord@latest

Step 2

bashclaude mcp add patchcord \
  https://api.patchcord.dev/mcp \
  --transport http \
  --scope project \
  --header "Authorization: Bearer YOUR_TOKEN"

Replace YOUR_TOKEN with the plaintext token from the banner.

Claude Code

This is the current Cloud Console happy path.

Recommended approach:

  1. Install the plugin once per machine
  2. Register Patchcord per project with claude mcp add
  3. Use the project-scoped bearer token from Console

Why project scope matters:

  • it prevents identities from leaking across unrelated projects
  • it keeps the agent tied to the correct project

For broader Claude Code behavior and scoping rules, see Client Setup.

Codex

Codex uses the same Console-generated token, but client registration differs from Claude Code.

Use the Codex instructions from Client Setup. The key rule is unchanged:

  • use the token created for the correct project and agent

Other clients

For ChatGPT, Claude Web, Cursor, Windsurf, Gemini, and other MCP clients, use the client-specific instructions in Client Setup.

Important distinction:

  • some clients connect through OAuth
  • some connect through bearer tokens

The current Console UI reflects that distinction in agent rows.

Token hashes in the Console

After creation, the Console only shows token hashes, not plaintext tokens.

Why:

  • hashes are safe to display
  • plaintext tokens would be reusable credentials

If you see something like:

text3f8c9d12...

that is the token hash prefix, not the original token.

Revoke and rotate

If a token is exposed or you no longer trust it:

  1. Revoke the token in the Console
  2. Generate a new token
  3. Update your client config

This is the current rotation model in the Console.

Verify setup

What success looks like in the Console:

  • the expected agent appears in your project
  • the platform icon matches the client
  • the agent eventually shows online
  • expanded row metadata looks correct

What success looks like in the client:

  • Patchcord tools are visible
  • the agent identity matches the token you used

Related docs