4Degrees› Docs› Setup Guide

4Degrees AI Connector

A remote Model Context Protocol (MCP) server hosted at https://mcp.4degrees.ai/mcp. Once your firm enables it and a teammate authorizes their AI assistant, the assistant can pull contacts, deals, interactions, and network-strength signals from 4Degrees into the conversation — and, with the teammate’s explicit consent, take action on the CRM. Every write is permission-checked and audited; almost every write is undoable within ~5 minutes (contact reminders are the one exception). There are no destructive operations.

What it is #

The connector exposes three read tools over MCP: discover, query, and compare. All three are annotated readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: false — so any MCP-aware assistant treats them as safe to invoke without a confirmation prompt.

Plus one write tool — execute_action — gated by per-user consent. Annotated readOnlyHint: false, destructiveHint: false (no deletes), idempotentHint: true. See Write actions for the consent flow and full list of supported actions.

Authorization uses OAuth 2.1 with Dynamic Client Registration (RFC 7591) and PKCE S256, so each AI assistant registers its own client and your firm doesn’t need to provision credentials by hand.

Enable the connector #

One-time, by an owner or admin of your firm’s 4Degrees workspace:

Sign in to 4Degrees.
Open Workspace Settings → Integrations.
Toggle “AI Connector” on. This grants every member the option to connect their own AI assistant. It does not connect anyone automatically.

Connect your AI client #

Pick the way you actually use AI today. Each path takes under five minutes; the OAuth handshake is the same.

Claude on the web (claude.ai) #

Best UX. No JSON to edit, no CLI required. Recommended for most deal-team users.

In claude.ai, click your profile avatar → Customize → Connectors.
Click + → Add custom connector.
Paste the MCP URL: https://mcp.4degrees.ai/mcp.
Click Add. Claude opens a new tab to 4Degrees — sign in and approve. You’re done.

ChatGPT (chatgpt.com) #

Now live in the ChatGPT App Directory. One-click install — no URL to paste.

Alternative Custom connector by URL — for pilots or self-hosted deployments.

If you need to point ChatGPT at a non-production endpoint, use the custom-connector path:

In chatgpt.com, open Settings → Connectors → Create.
Set the connector name to 4Degrees and paste the URL: https://mcp.4degrees.ai/mcp.
Click Create. ChatGPT validates the connection and lists the available tools.
To use it: open a new chat → + → More → pick 4Degrees. Sign in to authorize the first time.

Claude Code (CLI) #

For developers using Claude Code in the terminal.

claude mcp add --transport http 4degrees https://mcp.4degrees.ai/mcp

That’s it — on first tool use Claude Code opens a browser to complete OAuth. Verify with claude mcp list; the server shows up as 4degrees.

By default the connector is scoped to the current project. Add --scope user to make it available across all projects.

Claude Desktop (macOS / Windows app) #

The desktop app does not yet have a built-in remote-connector UI. Until it does, use the mcp-remote bridge below.

Install Node.js if you don’t already have it (the bridge runs via npx).
Open Claude Desktop → Settings → Developer → Edit Config. That opens claude_desktop_config.json.
Add the 4degrees entry inside mcpServers:

{
  "mcpServers": {
    "4degrees": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://mcp.4degrees.ai/mcp"]
    }
  }
}

Quit Claude Desktop fully and relaunch. mcp-remote opens a browser the first time so you can sign in to 4Degrees.

OpenAI Codex (CLI) #

For developers using the OpenAI Codex CLI.

Edit ~/.codex/config.toml (or .codex/config.toml in your project root) and add:

[mcp_servers.4degrees]
url = "https://mcp.4degrees.ai/mcp"

Run codex mcp login 4degrees to authorize, or Codex will prompt you on first tool use.

Tool reference #

Three tools, each annotated readOnlyHint: true. AI assistants compose them automatically — you typically don’t call them by hand.

discover Lists available CRM resources, your org’s custom fields, and pipeline names. Always called first.

Parameters

Name	Type	Required	Description
`resource`	`string`	Optional	Resource name — one of `contacts`, `companies`, `deals`, `interactions`, `custom_fields`, `team`, `pipelines`. Omit to list all available resources.

Returns

Markdown text describing the requested resource, including your org’s actual custom fields and pipeline names. With no argument: a list of all available resources plus tips.

query Retrieves records with optional filters, field selection, sorting, pagination, and output format.

Parameters

Name	Type	Required	Description
`resource`	`string`	Required	One of `contacts`, `companies`, `deals`, `interactions`, `company_notes`, `deal_notes`, `custom_fields`, `team`, `pipelines`, `portfolio`, `introductions`.
`filters`	`object`	Optional	Field-value pairs. `{"id": "87"}` for a specific record; `{"name": "Jason"}` for a search.
`fields`	`string`	Optional	Comma-separated field names to return (e.g. `"name,email,company"`). Defaults to all fields.
`sort`	`string`	Optional	Sort field with optional `Desc` suffix (e.g. `"name"`, `"strengthDesc"`).
`limit`	`integer`	Optional	Max records returned. Default `20`; clamped to `100`.
`offset`	`integer`	Optional	Skip N records for pagination. Default `0`.
`format`	`string`	Optional	`"csv"` (default, most token-efficient), `"markdown"`, `"json"`, or `"summary"`.

Returns

Formatted text in the requested format. Interactions require at least one scoping filter (contact_id, owner, type, source, date_after, date_before, or search) to avoid an unbounded query.

compare Server-side aggregation — counts, averages, sums — grouped by a dimension. Avoids fetching raw records.

Parameters

Name	Type	Required	Description
`resource`	`string`	Required	What to aggregate — typically `contacts` or `deals`.
`metric`	`string`	Required	One of `count`, `avg_strength`, `sum_deal_value`, `avg_deal_value`, `total_interactions`.
`group_by`	`string`	Required	How to group — e.g. `pipeline`, `stage`, `owner`, `tag`, `location`, `month`, or any custom-field name.
`filters`	`object`	Optional	Same syntax as `query`.
`format`	`string`	Optional	`"csv"` (default), `"markdown"`, or `"json"`.

Returns

Aggregated rows in the requested format. deals supports count/sum_deal_value/avg_deal_value by pipeline/stage; contacts supports count/avg_strength by owner/tag; both support total_interactions.

execute_action Write tool — create, update, append, tag, move, reassign. Gated by per-user consent.

The single write entry-point. The AI assistant resolves the user’s intent into one of the registered action keys and calls execute_action. The dispatcher verifies the user’s write-consent flag, runs the permission cascade, and executes the action atomically.

Annotated readOnlyHint: false, destructiveHint: false (no deletes), idempotentHint: true, openWorldHint: false.

The full action registry is large and evolving. Rather than enumerate keys here (where they go stale), call discover with resource: "actions" to list every registered action and its payload schema as it exists in production right now.

Parameters

Name	Type	Required	Description
`action_key`	`string`	Required	Versioned action identifier — e.g. `contact.add_interaction.v1`, `deal.add_note.v1`, `contact.update_name.v1`. Use `discover` to list all valid keys.
`target_type`	`string`	Conditional	The resource the action targets — `contact`, `deal`, or `company`. Required for update / append / tag / move actions; omit for create actions.
`target_id`	`integer`	Conditional	The numeric ID of the target. Required for actions that mutate an existing record; omit for create actions.
`payload`	`object`	Required	Action-specific payload. Schema for each action is discoverable via `discover`.
`idempotency_key`	`string`	Optional	Caller-supplied key to dedupe retries. If omitted, the dispatcher derives one from the action key + target + payload hash.

Returns

A JSON envelope: {"ok": true, "result": {...}, "request_id": "..."} on success, or {"error": {"code": "...", "message": "..."}} on failure. Successful writes are reversible via a separate compensating action keyed by the returned request_id — valid for ~5 minutes after the original write. The exception is contact.add_reminder.v1: contact reminders have no compensating handler and must be cancelled in the web app. (Company and deal reminders ARE undoable like every other write.)

Discovering action keys + payloads

curl -X POST https://mcp.4degrees.ai/mcp \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "tools/call",
    "params": {"name": "discover", "arguments": {"resource": "actions"}}
  }'

Returns the live action registry with payload schemas, target requirements, and undo eligibility for each action.

Write actions #

The connector can now perform a fixed, enumerated set of write operations on your CRM — gated by an explicit per-user opt-in. Without consent, every write attempt is rejected before the dispatcher even resolves the target. The consent prompt is shown inline by the AI assistant the first time a write is requested; the user can revoke any time from app.4degrees.ai/settings/mcp.

What writes are supported

The live action registry is the source of truth — use discover with resource: "actions" to list every action with its payload schema. The shape of what's supported today:

Contacts — create, rename, edit notes, edit social profiles, edit location, log interactions, add reminders, add/remove tags, edit custom fields.
Deals — create, update, add notes, add associated contacts, move pipeline stage, add/remove tags, reassign owner.
Companies — create, update, add notes, add/remove tags, reassign owner.

What writes are NOT supported

No deletes. The connector cannot delete contacts, deals, companies, or notes. Cleanup is a manual operation in the web app.
No bulk operations. Every action targets a single resource. The AI assistant must call the tool once per target.
No cross-tenant writes. The dispatcher rejects any write targeting a resource not visible to the authenticated user.
No background writes. Every action is triggered by an explicit user prompt in the AI assistant.

How the consent gate works

The AI assistant interprets the user’s prompt and decides a write is needed (e.g. "log a call with Sarah today").
The connector receives the execute_action call and checks the user’s write-consent flag.
If unset, the connector returns a consent-prompt envelope. The AI assistant renders that prompt back to the user inline.
The user clicks Allow in the prompt. The flag is set. The original write proceeds.
Subsequent writes proceed without re-prompting until the user revokes consent.

Auditing

Every successful write is recorded in the 4Degrees activity feed with attribution “via AI Connector”, the actor, the action key, and the prior-value snapshot (for undo). Admins can review the activity feed in the standard 4Degrees admin UI.

OAuth flow #

Each teammate authorizes their AI assistant separately. Tokens are issued per-seat, scoped read-only, and stored as SHA-256 hashes server-side — the original token value is never persisted. Connection setup uses OAuth 2.1 with Dynamic Client Registration so the AI assistant registers its own client.

Code samples #

Discovering OAuth metadata (any client)

# Step 1 — discover the auth server
curl -i https:/.4degrees.ai/.well-known/oauth-protected-resource

# Returns:
{
  "resource": "https://mcp.4degrees.ai/mcp",
  "authorization_servers": ["https://app.4degrees.ai"],
  "resource_documentation": "https://mcp.4degrees.ai/docs/connector",
  "scopes_supported": ["read"],
  "bearer_methods_supported": ["header"]
}

Calling a tool with a bearer token

# Once your AI client has a token, every tool call is JSON-RPC over HTTP.
curl -X POST https://mcp.4degrees.ai/mcp \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "tools/call",
    "params": {
      "name": "compare",
      "arguments": {
        "resource": "deals",
        "metric": "count",
        "group_by": "stage",
        "filters": {"pipeline": "Enterprise"}
      }
    }
  }'

What data is accessible #

Read-only access to data your seat in 4Degrees already has permission to view, scoped to your firm:

Contacts, companies, deals (and their custom fields, tags, owners, locations)
Interaction metadata — subject, sender, date, type. Encrypted email and meeting bodies are never returned.
Pipelines, stages, custom field definitions, team membership
Portfolio dashboards (triage, warmest leads, news, job changes, reminders)
Introduction paths — teammates with the strongest relationship to a contact or company

See the connector Privacy Policy for the full data inventory.

Security & control #

Read-only by design

No write tools exposed. readOnlyHint: true + destructiveHint: false on every annotation.

Email bodies stay private

Encrypted at rest in 4Degrees. Only metadata — subject, sender, date — is queryable.

Org admins control access

One toggle in workspace settings disables the connector firm-wide and invalidates every teammate’s token immediately.

Revoke in one click

From your AI assistant’s settings or your 4Degrees account. Effective on the next request.

How to revoke access #

From Claude: Settings → Connectors → 4Degrees → Disconnect.
From ChatGPT: Apps → 4Degrees → Disconnect.
From 4Degrees: revoke the access token from your account settings.
From your firm’s administrator: disabling the AI Connector in workspace settings invalidates every token issued to org members.

Revocation is effective immediately on the next request — there’s no background sync to wind down.

Troubleshooting #

401 Unauthorized Token expired, revoked, or never issued.

Access tokens are valid for one hour. If your AI client doesn’t auto-refresh, disconnect and reconnect from the assistant’s settings. If your firm’s admin has disabled the connector since you last connected, every previously-issued token returns 401 too.

403 Forbidden Origin header isn’t in the connector allowlist.

The connector validates Origin headers as defense-in-depth. Approved origins include claude.ai, claude.com, chatgpt.com, chat.openai.com, and *.4degrees.ai. Requests with no Origin header (typical for non-browser MCP clients) are allowed.

Query timed out Add scoping filters; never query interactions unfiltered.

Interactions require at least one of contact_id, owner, type, source, date_after, date_before, or search. For other resources, narrow with owner: "you", a date range, or a tag.

FAQ #

Does Claude or ChatGPT learn from my firm’s data?

No. Per Anthropic’s Connector Terms and OpenAI’s Apps SDK terms, neither provider trains its models on data returned by third-party connectors. 4Degrees does not share connector data with any other party.

What happens when I revoke access?

The next request from that AI assistant fails authentication and the connection drops. There’s no background sync to wind down.

Can I share access across my team?

No — every teammate authorizes their own AI assistant separately. Each connection is scoped to that person’s seat in 4Degrees, ensuring every query respects their permissions and visibility rules.

Where is my firm’s data stored?

Your CRM data continues to live in your existing 4Degrees infrastructure. The connector does not duplicate, cache, or relocate it. The only thing 4Degrees logs from connector traffic is request metadata (user/org IDs, path, duration, hashed token ID) for audit and rate-limiting — see the privacy policy.

Are there rate limits or result-size caps?

Yes. Each access token has a fixed-window rate limit (default 100 requests per minute). Individual query calls return up to 100 rows; for "how many" questions the assistant should call compare instead, which aggregates server-side without hitting the row cap.

Which 4Degrees plans include the AI Connector?

The connector is available to firms whose 4Degrees plan includes MCP access. Your firm’s administrator can enable it in workspace settings; if the toggle isn’t visible, contact support@4degrees.ai or schedule a call.

Last updated April 27, 2026. Found something inaccurate? support@4degrees.ai.