MCP Tool Marketplace
Picora ships an official Model Context Protocol (MCP) server at mcp.picora.me. Once your AI client is configured, your assistant can upload images, read knowledge bases, generate signed URLs, and more — directly through Picora’s APIs, no glue code required.
Quick start
- Add to Claude Desktop — one click on macOS / Windows
- Add to Cursor — paste a config snippet into
~/.cursor/mcp.json - Custom client — any MCP 2025-spec client can authenticate via OAuth 2.1
What you can do
The marketplace ships 30 tools grouped into 6 domains. The full machine-readable catalog lives at https://api.picora.me/mcp/tools.json.
| Domain | Tools | Examples |
|---|---|---|
| 📷 Media | 8 | picora.upload_image, picora.list_images, picora.delete_image |
| 📚 Knowledge bases | 6 | picora.list_kbs, picora.create_kb, picora.sync_kb |
| 📝 Documents | 5 | picora.create_doc, picora.update_doc_content, picora.list_docs |
| 👤 Profile & quota | 2 | picora.get_subscription, picora.get_quota_usage |
| 🎨 Image processing (v0.32) | 3 | picora.generate_image_url, picora.sign_image_url |
| 🔌 Integration meta | 2 | picora.help, picora.about |
All tools require an OAuth 2.1 access token; the picora.help and picora.about integration tools are public (no scope) so an agent can introspect what’s available before authenticating.
How scope and plan gating work
| Layer | Enforced when |
|---|---|
| OAuth scope | Per-tool — picora.upload_image requires media.write, picora.list_kbs requires kb.read |
| Plan gate | Some tools require Pro (video upload, KB) or Pro+ (watermark templates) |
| Rate limit tier | Each tool declares read / mutation / upload — counted against the underlying HTTP tier |
If your agent tries a tool it doesn’t have access to, the server returns MCP_SCOPE_INSUFFICIENT or MCP_PLAN_INSUFFICIENT with meta.required set, so the agent can ask the user to upgrade or reauthorize.
Deprecated tools
Picora keeps deprecated tools available for at least one minor version after the deprecation flag goes up, so existing client integrations don’t break overnight. Every deprecated call returns:
Deprecation: trueHTTP headerSunset: <date>HTTP header (RFC 8594)_deprecation: { replaceWith, removeIn, hint }in the response body- A
mcp.tool.deprecated_usedwarn-level log line, surfaced on the admin dashboard
You’ll find the current deprecation status of each tool on its detail page (or in tools.json).
Privacy
The MCP server logs tool_slug, client_id, latency_ms, and status for each invocation, retained for 90 days for ops + abuse review. It does not log tool arguments or response bodies — your input prompts and the data you read stay private to the underlying API call.
Rate limit and quotas
Each tool maps onto an existing HTTP rate-limit tier (read / mutation / upload). MCP calls share the same tier budgets as direct HTTP calls — using a tool doesn’t get separate quota. See Rate Limits for the per-tier ceiling and headers.
Status
The MCP marketplace landed in v0.33. The catalog is stable for the listed 30 tools; new tools will land additively in patch releases without breaking existing slugs.