Developers · CiteSurge

Your visibility data,
inside your agent.

The CiteSurge MCP server puts supported AI-visibility evidence and prioritized implementation guidance where the work happens. Follow-up runs document later evidence without implying automatic changes or causation. Works with Claude Code, Claude Desktop, Cursor, and any MCP-capable client.

Connect

The server speaks Streamable HTTP at https://citesurge.com/api/mcp and authenticates with the same API keys as the REST API. In Claude Code:

claude mcp add --transport http citesurge https://citesurge.com/api/mcp \
  --header "Authorization: Bearer cs_live_..."

For Claude Desktop, Cursor, and other clients that launch local servers, use mcp-remote:

{
  "mcpServers": {
    "citesurge": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://citesurge.com/api/mcp",
        "--header",
        "Authorization: Bearer cs_live_..."
      ]
    }
  }
}

Keys are created by account owners in Project settings → Developer & organization → API access and can be scoped to specific projects. A read-only key covers standard reporting tools. trigger_audit needs the "read and trigger audits" role. Private repository suggestions and code diffs require owners to grant the separate Site Updates and code diffs scope when creating the key. Existing keys do not receive that scope automatically. MCP access is included on every paid plan (Pro, Agency, and Enterprise) and turns on automatically once your account has a paid project.

Tools

list_projects
Projects visible to the key, with each project's latest overall score.

get_visibility_report
Latest scores and deltas vs the previous audit, plus a one-paragraph summary.

list_action_items
Dashboard Action Plan items for the selected/default brand, filterable by brand, area, severity, status, and quick-win flag.

read_action_item
One full Action Plan item by id, with the recommendation, affected URL, and dashboard link.

list_site_updates
Current source-aware website edits, linked Action Plan identities, readiness, risk, change totals, and pull-request status. Requires the Site Updates key scope.

read_site_update
One prepared Site Update with rationale, checks, and bounded unified code diffs. Requires the Site Updates key scope.

get_recommendations
Backward-compatible latest-audit findings list.

get_citations
Sources AI answers cited, with domain ownership flags. Filter by engine or date.

get_mentions
Brand and competitor mentions inside AI answers. Filter by engine or date.

get_score_history
Scores over time, newest first.

trigger_audit
Start an audit run (keys with the trigger role only; once per hour per project).

Responses are compact and paginated so they sit well in an agent's context window; pass the previous response's nextCursor to page. The full audit report is exposed as the MCP resource citesurge://projects/{project}/report (Markdown), and the analyze_visibility prompt walks an agent from report to Action Plan items, prepared Site Updates when authorized, and proposed fixes.

Multiple projects

One key can serve every project in the account. The agent calls list_projects to see what the key can reach, then passes a project's project slug to each subsequent tool, no interactive picker required. Scope a key to specific projects at creation time to narrow what it can read.

The fix loop: skills pack

Two ready-made skills turn the MCP server into a closed loop for your agent:

citesurge-fix
Pulls your Action Plan items and maps each area to concrete site edits (structured data, llms.txt, content structure, answer-block formatting), applies them in your repo, then verifies with a re-audit.

citesurge-report
Composes a stakeholder-ready Slack or email update from your live scores, trend, and top recommendations.

Install both skills with one command:

npx @citesurge/skills            # into ./.claude/skills
npx @citesurge/skills --global   # into ~/.claude/skills

The package is public on npm. The value stays gated because every tool call still authenticates with your org API key. You can also copy the skill directories into your agent's skills location by hand (for Claude Code, .claude/skills/ in your repo).

Limits and safety

MCP calls share the API's rate limits: 60 reads and 10 writes per minute per key. trigger_audit is gated to one run per hour per project and is refused while a project is at its plan's usage cap. An agent loop hits a clear refusal, never surprise spend. Refusals name the reason so the agent can report it and stop.

Errors

Bad, revoked, or expired keys get a 401 challenge at the transport level. Within a session, tool failures return MCP tool errors with a stable code: not-found for anything outside the key's reach, rate-limit-exceeded with a retry hint, and reason codes like audit-recently-requested for trigger refusals. Error responses never include internal details.

More help

Setup questions, plan eligibility, and quick fixes for a key that will not authenticate are collected on the Help & FAQ page. The same keys power the REST API.