Skip to content

CleanLog MCP

Connect Claude or Codex to your CleanLog data.

CleanLog's remote Model Context Protocol (MCP) server gives an approved AI assistant read-only access to the operational data you select. Your AI client starts OAuth; CleanLog never asks you to generate or paste an authorization URL.

Remote MCP endpoint

https://app.cleanlog.com/api/mcp

Transport: Streamable HTTP. Authentication: OAuth 2.0. Current CleanLog tools are read-only.

Before you connect

  • You must be a CleanLog account admin. Only admins can approve connector access.
  • Use a Claude plan that supports custom connectors, or a current ChatGPT desktop app, Codex CLI, or Codex IDE extension.
  • Decide which read-only data the assistant needs. You can approve fewer scopes on the CleanLog consent screen.

On Claude Team or Enterprise, an Owner or Primary Owner may need to enable the organization connector before members can connect it.

Claude

Add CleanLog as a custom connector

  1. 1

    Open Claude or Claude Desktop, then go to Settings → Connectors. For Team or Enterprise, choose Organization connectors.

  2. 2

    Select Add custom connector. Name it CleanLog and enter https://app.cleanlog.com/api/mcp as the remote MCP server URL.

  3. 3

    Add the connector, then select Connect. Claude opens CleanLog in your browser to start OAuth.

  4. 4

    Sign in to CleanLog, review the requested read scopes, clear any you do not want to grant, and select Approve access.

  5. 5

    Back in Claude, enable CleanLog from Search and tools. Test it with: “List my active CleanLog locations.”

Interface labels can change. See Anthropic's official custom connector guide for the current Claude controls.

Codex

Add a Streamable HTTP server

From settings

  1. 1. Open Settings in the ChatGPT desktop app or Codex IDE extension, then choose MCP servers → Add server.
  2. 2. Name the server CleanLog, choose Streamable HTTP, and enter https://app.cleanlog.com/api/mcp.
  3. 3. Save and restart the app or IDE extension. Select Authenticate beside CleanLog.
  4. 4. Complete the CleanLog OAuth consent screen, then use /mcp to confirm the server is connected.

From config.toml

Add this server table to ~/.codex/config.toml, or to .codex/config.toml in a trusted project:

[mcp_servers.cleanlog]
url = "https://app.cleanlog.com/api/mcp"

Restart Codex, then run codex mcp login cleanlog and complete OAuth in your browser. Test it with: “List my active CleanLog locations.”

See OpenAI's official Codex MCP guide for current settings, CLI, and configuration options.

Scopes and permissions

The consent screen lists the scopes requested by your AI client. Every currently available CleanLog MCP tool reads data; none creates, changes, or deletes records. Approve only what the assistant needs.

ScopeWhat it allows
mcp.readDiscover the CleanLog tools available to your AI client.
read:locationsRead location names, status, and other location details.
read:shiftsRead scheduled shifts and their status.
read:inspectionsRead inspections and checkpoint score trends.
read:work_ordersRead complaints, service requests, and remediation work orders.

Permissions are also limited to the CleanLog account of the admin who approved the connection. Requests for another account are blocked.

Audit and revoke access

  1. 1. In CleanLog, open Settings → Integrations → Connected AI tools.
  2. 2. Select View access log to review the tool, time, status, latency, and row count for each call.
  3. 3. Select Revoke connection for the client you want to disconnect.
  4. 4. Remove or disconnect CleanLog in Claude or Codex as well, so the inactive server no longer appears there.

Security and retention

  • OAuth starts in Claude or Codex. Your CleanLog password is not shared with the AI provider.
  • CleanLog records every MCP call. The MCP audit record stores an arguments fingerprint, not the raw request arguments; error details are bounded and scrubbed for common personal data.
  • CleanLog retains MCP audit records for 12 months, then hard-deletes them through a scheduled retention policy. Other business records follow the controls and legal limits described in our Privacy Policy.
  • Revocation stops future CleanLog queries. Information already sent to the AI provider remains subject to that provider's retention policy and is not erased by revoking the token.

Troubleshooting

The OAuth screen says you do not have permission

Only CleanLog account admins can approve an MCP connection. Ask an admin for access or have an admin complete the connection.

The authorization request expired or was already used

Return to Claude or Codex and start Authenticate or Connect again. Do not reuse an old consent-page URL.

A tool reports “scope denied”

Revoke and reconnect the client, then approve the scope required for that data. For example, checkpoint trends require read:inspections.

The server is saved but not authenticated in Codex

Select Authenticate in MCP server settings or run codex mcp login cleanlog. Then restart the client and check /mcp.

The assistant returns no CleanLog rows

Confirm the requested date or status filters, the approved data scope, and that the connected CleanLog account contains matching records. The access log shows whether the call succeeded or was denied.

You still cannot connect

Copy the timestamp and status from the CleanLog MCP access log, then contact CleanLog support. Never send an OAuth token or password.