# Apono Agentic Access Apono Agentic brings infrastructure access management into your AI-powered coding tools. Your AI assistant can discover cloud resources, request just-in-time access, and connect to databases and services — all without leaving your workflow. * **Autonomous access**: Your AI agent discovers resources, requests access, and retrieves credentials on your behalf * **Policy enforcement**: All access follows your organization's Apono policies, including approvals and time-based grants * **Secure by design**: Credentials are handled through Apono's secure proxy — the AI agent never sees raw secrets *** ### Prerequisites | Requirement | Details | | ----------------- | ------------------------------------------------------------------------------------ | | **Node.js** | Version 16 or later installed on your machine | | **Apono account** | An active Apono account with access policies configured by your organization's admin | | **AI client** | One of the supported clients: Claude Code, Claude Desktop, or Cursor | *** ### How it works When your AI client starts the Apono MCP server: 1. **Binary download** (first run only) — The npm wrapper automatically downloads the Apono CLI binary to `~/.local/bin/apono-agentic`. 2. **Authentication** (first run only) — A browser window opens for OAuth2 login. Your credentials are stored locally so you don't need to log in again until the token expires. 3. **Agent registration** — The MCP server registers itself as an agent with Apono, enabling policy-based access control for AI-initiated requests. 4. **Proxy starts** — The server begins accepting tool calls from your AI client over the MCP protocol. *** ### Install on Claude Code Follow these steps to install the Apono Agentic MCP server on Claude Code: 1. Open the Claude Code configuration file at `~/.claude/claude_code_config.json`. 2. Add the following MCP server configuration: {% code title="claude\_code\_config.json" %} ```json { "mcpServers": { "apono": { "command": "npx", "args": ["-y", "@apono-io/apono-mcp@latest", "--agent-type", "claude-code", "--proxy"] } } } ``` {% endcode %} 1. Save the file and restart Claude Code. 2. On first run, a browser window opens for login. Sign in with your Apono account. {% hint style="info" %} To verify the installation, ask the assistant to list your available integrations. You should see results from your Apono account. {% endhint %} *** ### Install on Claude Desktop {% hint style="warning" %} MCP integrations are currently supported only within the Claude Desktop application. {% endhint %} Follow these steps to install the Apono Agentic MCP server on Claude Desktop: 1. Open the Claude Desktop configuration file: * **macOS:** `~/Library/Application Support/Claude/claude_desktop_config.json` * **Windows:** `%APPDATA%\Claude\claude_desktop_config.json` 2. Add the following MCP server configuration: {% code title="claude\_desktop\_config.json" %} ```json { "mcpServers": { "apono": { "command": "npx", "args": ["-y", "@apono-io/apono-mcp@latest", "--agent-type", "claude-desktop", "--proxy"] } } } ``` {% endcode %} 1. Save the file. 2. Quit and restart Claude Desktop. 3. On first run, a browser window opens for login. Sign in with your Apono account. {% hint style="info" %} To verify the installation, ask the assistant to list your available integrations. You should see results from your Apono account. {% endhint %} *** ### Install on Cursor Follow these steps to install the Apono Agentic MCP server on Cursor: 1. Open the Cursor MCP configuration file at `.cursor/mcp.json` in your project root, or globally at `~/.cursor/mcp.json`. 2. Add the following MCP server configuration: {% code title="mcp.json" %} ```json { "mcpServers": { "apono": { "command": "npx", "args": ["-y", "@apono-io/apono-mcp@latest", "--agent-type", "cursor", "--proxy"] } } } ``` {% endcode %} 1. Save the file. 2. Quit and restart Cursor. 3. On first run, a browser window opens for login. Sign in with your Apono account. {% hint style="info" %} To verify the installation, ask the assistant to list your available integrations. You should see results from your Apono account. {% endhint %} *** ### Use multiple accounts If you need to connect to more than one Apono account (for example, production and staging), use the `--profile` flag to create separate MCP server entries: ```json { "mcpServers": { "apono-prod": { "command": "npx", "args": ["-y", "@apono-io/apono-mcp@latest", "--agent-type", "claude-code", "--proxy", "--profile", "prod"] }, "apono-staging": { "command": "npx", "args": ["-y", "@apono-io/apono-mcp@latest", "--agent-type", "claude-code", "--proxy", "--profile", "staging"] } } } ``` Each profile stores its own authentication credentials, so you can be logged into multiple accounts simultaneously. Replace `claude-code` with the appropriate `--agent-type` for your client. *** ### Use the Apono Agentic tools Once installed, your AI assistant can interact with your infrastructure through Apono. Start a conversation and use natural language to manage access. | Sample prompts | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | - List my available resources- I need access to the production PostgreSQL database for 1 hour- What is the status of my access request?- Show me the connection details for my active database session | ### Available tools The table below lists the tools available to your AI assistant through the Apono Agentic MCP server. | Tool | Description | | ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------- | | **list\_available\_resources** | Browse integrations and resources your organization has connected to Apono, including current access status | | **ask\_access\_assistant** | Get scoped access recommendations for a specific task. The assistant analyzes what you need and suggests the right resources and permissions | | **create\_access\_request** | Submit a just-in-time access request following your organization's approval policies | | **get\_request\_details** | Check the status of a pending or completed access request | | **list\_resources\_filtered** | Filter available resources by specific criteria such as type, integration, or permission level | {% hint style="info" %} After submitting an access request, you will receive a notification through your configured channels (Slack, Teams, or email). The AI assistant can also check the request status for you. {% endhint %} *** ### Security notes #### Authentication Your AI client connects to Apono through the MCP server using OAuth2. On first run, a browser window opens for SSO login. Your credentials are stored locally and refreshed automatically. You may need to re-authenticate periodically when your token expires. #### Authorization When the AI assistant first calls an Apono tool, your client may prompt you to authorize the action. Select **Allow once** to maintain control over when and how each tool is used. #### Credential handling The Apono Agentic MCP server uses a secure proxy to manage credentials. Connection details are passed directly to your tools and sessions — the AI assistant itself does not have access to raw credentials. *** ### Troubleshoot the server If the MCP server does not appear or tools are unresponsive, try these steps in order: 1. **Check Node.js version.** Ensure Node.js 16+ is installed: ```sh node --version ``` 1. **Re-authenticate.** Run the login command manually: ```sh npx -y @apono-io/apono-mcp@latest login ``` 1. **Restart your AI client.** MCP servers load when the client starts. Quit and reopen the application. 2. **Force agent re-registration.** If authentication succeeds but the server still doesn't respond: ```sh npx -y @apono-io/apono-mcp@latest --agent-type --proxy --force-agent-auth ``` Replace `` with `claude-code`, `claude-desktop`, or `cursor`. 1. **Enable debug logging.** Add `"--debug"` to the args in your configuration file: ```json "args": ["-y", "@apono-io/apono-mcp@latest", "--agent-type", "claude-code", "--proxy", "--debug"] ``` 1. **Check log files.** Logs are written to platform-specific locations: {% tabs %} {% tab title="macOS" %} **$HOME/Library/Application\ Support/apono-cli/mcplogging.log** {% endtab %} {% tab title="Windows" %} **%APPDATA%\apono-cli\mcplogging.log** {% endtab %} {% tab title="Linux" %} **$XDGCONFIGHOME/apono-cli/mcplogging.log** {% endtab %} {% endtabs %} 1. If the problem persists, send the **mcplogging.log** file to Apono Support at [**support@apono.io**](mailto:support@apono.io). {% hint style="success" %} **Manual authentication:** If a browser cannot open automatically (common in remote or headless environments), run `npx -y @apono-io/apono-mcp@latest login` from a terminal with browser access. To use a personal token instead, run `npx -y @apono-io/apono-mcp@latest login --personal-token`. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.apono.io/docs/access-requests-and-approvals/apono-agentic.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.