Let your AI agents work smarter with Cinode data
The Cinode MCP (Model Context Protocol) Server securely connects AI clients and MCP-compatible agents to your Cinode environment so they can access your organisation’s live data. That gives agents the same contextual view of people, projects, skills and assignments that your team has, instantly, so they can assist, analyse, update and automate with confidence.
Think of it as giving your AI assistant a working knowledge of your Cinode setup, without exposing data you don’t want shared.
Why use the Cinode MCP Server?
Smarter AI support – Agents act with real context from your Cinode data
Faster workflows – Reduce time spent on manual updates and lookups
Always in sync – Agents work with live, up-to-date information
Secure by design – Fine‑grained access control over what agents can see and change
Prerequisites
The Cinode MCP Server enables direct, secure access between AI agents and your Cinode data.
To connect, you need:
Cinode Plan - You need to be on a paid plan using Cinode to have access to our API and our MCP Server.
MCP client - Currently supported clients include Claude, Visual Studio Code, Microsoft Copilot, Cursor, and more.
Other clients may be supported if they accept Authentication through Bearer or Basic tokens.
Getting Started
You can access our MCP server with Streamable HTTP at https://mcp.cinode.com/_mcp.
Authentication Methods
Our MCP server supports two authentication approaches:
Bearer Token: Static API token authentication
Basic Credentials: Client ID and Client Secret authentication
Bearer tokens and Basic credentials are sensitive information.
Never share or store them insecurely (for example: in screenshots, public/shared documents, ticket attachments, chat tools like Teams/Slack, emails, sticky notes, or websites). Always use secure storage and only transmit credentials over encrypted connections (HTTPS/TLS).
How Basic Credentials work
Basic authentication uses your Client ID and Client Secret:
Join them with a colon:
CLIENT_ID:CLIENT_SECRETBase64-encode the full string.
Send it in the
Authorizationheader:Authorization: Basic BASE64_ENCODED_VALUE
When you generate a Personal API Account in Cindoe we'll show you an encoded and ready-to-use string which you immediately can use within the Authorization header. Read more here.
Configuration Examples
The examples below are generic templates. Always refer to your provider's official documentation for the most up-to-date configuration instructions, as setup details may vary between versions and providers.
For Bearer token authentication:
{
"mcpServers": {
"cinode": {
"command": "npx",
"args": [
"mcp-remote",
"https://mcp.cinode.com/_mcp",
"--header",
"Authorization: ${AUTH_HEADER}"
],
"env": {
"AUTH_HEADER": "Bearer YOUR_CINODE_API_TOKEN"
}
}
}
}
LLM Provider Setup Guides
Claude Desktop: MCP setup documentation
Microsoft Copilot: MCP setup documentation (we've detailed the setup step-by-step here)
Claude Code: MCP setup documentation
Cursor: MCP configuration guide
VS Code: Add to VS Code
Security & Governance
Using MCP together with AI makes it possible to perform large-scale and automated changes to your Cinode data. While powerful, this also increases the risk of unintended or irreversible outcomes if prompts are incorrect or poorly tested.
When write access is enabled, AI-driven actions can modify or delete large amounts of data in a short time.
You are responsible for how MCP and AI tools are used in your organisation.
Changes made through MCP may be permanent and cannot always be undone.
Use MCP write capabilities at your own risk.
To reduce risk, Cinode strongly recommends that you:
Only enable write tools when necessary and when you are confident in both the technology and your prompt capabilities.
Validate prompts using read-only access before allowing create, update, or delete operations.
Limit write access to experienced users who understand Cinode’s data model and business impact.
Review and monitor automated workflows regularly.
Make sure your provider's privacy settings are set according to internal policy.
Access and User Permissions
By default, employees can create personal API accounts and use those credentials (for example, Basic tokens) to connect MCP clients and AI tools to Cinode. This means that MCP access does not have to be centrally provisioned by an administrator.
This is not a security risk in itself:
A personal API account cannot be used to do more than the user can already do in the Cinode application.
All actions performed through MCP are limited by the user’s existing roles and permissions.
MCP access follows the same permission boundaries as normal interactive use of Cinode.
For organisations that want tighter control, administrators can:
Disable personal API account creation, preventing users from connecting MCP clients on their own.
Revoke or rotate existing API tokens at any time.
Adjust user roles and permissions, which immediately affects what MCP-connected tools can access or change.
This allows administrators to decide whether MCP access should be user-driven or centrally controlled, while maintaining full alignment with Cinode’s permission model.
What can AI agents do with Cinode data?
Once connected, AI agents can:
Summarise consultant CVs, project statuses, and candidate histories
Search for skills, vacancies and available candidates
Draft or update profiles, roles and assignments
Analyse patterns like skills gaps, utilisation and delivery timelines
Automate repetitive workflows based on real-time information
Below are practical, copy-ready prompts grouped by persona and use case.
Recruiter / Sourcer
"Find all candidates with React experience who are available within 30 days and rank them by rating and last contact date."
"Show candidates that match 'backend + Go' with at least 3 years' experience and export their emails to CSV."
"Alert me when new candidates matching 'data scientist' enter the pipeline with rating >= 4."
"Create a candidate for Alex Rivera (alex@example.com) and mark them available from 2025-10-01."
Hiring Manager
"List current roles for project 456 and recommend two internal candidates who match those role requirements."
"Pull full profiles for shortlisted candidate IDs [101, 102, 103] and show their interview availability this week."
"Update the 'Senior Engineer' posting to add 'distributed systems' as a required skill and set the deadline to 2025-11-01."
Team Lead / Engineering Manager
"Show weekly utilisation for my team (users [11,22,33]) and flag any weeks exceeding 90%."
"Find team members with 'React Native' skill at level 3+ and propose a two-week overlap schedule for knowledge transfer."
"Create a 1‑hour kickoff meeting on 2025-10-05 10:00 and attach a one-line agenda."
Project Manager
"Get project 789’s details including assignments, upcoming milestones, and unassigned roles."
"Schedule a recurring weekly status meeting for project 789 every Monday at 09:00 and assign it to the project manager."
"Add a kickoff event to project 789 with the description 'scope alignment' and assign it to user 55."
Customer Success / Sales
"Create customer 'Nordic Supply', add contact Emma Lee (emma@ndx.com) and set the company country to Sweden."
"Add a note to customer 234 summarising the latest call and tag the account 'at-risk'."
"Retrieve all customers tagged 'enterprise' and list primary contact emails."
HR / People Ops
"Add a full‑day absence for employee 555 on 2025-10-10 and show that user’s absence history for the last 6 months."
"Create an employee record for candidate ID 321 with a starting password and add them to team 7."
"Export employees with employment start dates in Q4 2024 to a spreadsheet."
Learning & Training
"List company trainings of type 'certification' and add a new training 'Security Basics' with target date 2026-01-15."
"Look up Microsoft certifications online that we have not in our company training catalog, create them and add these to relevant employee's growth plans."
"Show employees who completed 'Code Review Best Practices' and filter by team."
Admin / Finance
"Update customer 123’s VAT number to SE123456789 and attach a short note about the change."
"Add 'Acme Corp' HQ address in Stockholm with zip code and contact phone."
"List billing-related customer tags for accounts created in the last 12 months."
Resource Planning / Operations
"Get weekly utilisation for teams [3,5] and users [11,22] over the next 6 months to identify capacity gaps."
"List unassigned roles for a high-priority project and recommend the top three internal users available next sprint."
"Create or update team 'Mobile Team' under parent team 3 and add user 77 with 80% availability."
Executive / Reporting
"Produce a headcount summary by team and role for the last quarter and highlight net hires vs departures."
"Show a utilisation heatmap for all teams for the coming 6 months and list teams with projected shortages."
"Export a CSV of employees with level >= 4 in 'Leadership' skills and their current assignment status."
Integrations & Automation (advanced)
"When a candidate reaches stage 'Offer', create the employee record, add an onboarding event for HR, and enroll them in the 'Onboarding' training."
"For every new customer tagged 'priority', create a primary contact, lookup and add the HQ address and schedule a 30‑day follow‑up event assigned to sales rep 12."
Complex multi-step workflows (examples)
"Search candidates for 'machine learning' with rating >= 4, shortlist the top 3, create interview events for next Tuesday at staggered times and notify the hiring manager."
"Generate a project 456 report, list missing role assignments, assign two available users to those roles and add a project note summarising the changes."
"Run a capacity check for teams [2,3,4] for the next 3 months; if any week exceeds 85% utilisation, create a subcontractor request and tag it 'urgent'."
Troubleshooting
Rate limiting: Cinode API limits apply. Reduce request frequency or contact Cinode Support for available packages for increased API limits