In the portal: Dashboard → your agent → External API. Click Issue token, give it a device name (e.g. “MacBook Claude Desktop”), copy the token shown — it’s shown once. The endpoint URL is listed on that page too: https://memory-<slug>.ownify.ai/mcp/rpc

Default ACL is safe: read all wings except security; write only to private and diary. Tokens never expire — revoke from the same page when a device is retired.

Claude Desktop and Claude Code speak MCP over stdio. ownify-memory-bridge is a tiny Go binary (~5MB, static, no runtime deps) that translates stdio MCP to authenticated HTTPS calls against memgate.

curl -fsSL https://ownify.ai/install/ownify-memory-bridge | bash

The script detects your OS + arch (macOS arm64/amd64, Linux arm64/amd64), downloads the matching binary into /usr/local/bin (or ~/.local/bin if you can’t write to /usr/local), and prints the next-step config snippets. No sudo prompt unless your user lacks write to /usr/local/bin.

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or the equivalent on your platform — add a ownify-memory server to mcpServers:

{
  "mcpServers": {
    "ownify-memory": {
      "command": "ownify-memory-bridge",
      "env": {
        "KLAW_ENDPOINT": "https://memory-<your-slug>.ownify.ai/mcp/rpc",
        "KLAW_TOKEN":    "<paste the token from the portal>"
      }
    }
  }
}

Restart Claude Desktop. Open a chat and run /mcp — you should see ownify-memory connected with all the ownify tools listed (klaw_search, klaw_store_user_preference, etc.).

One-line install:

claude mcp add ownify-memory \
  --env KLAW_ENDPOINT=https://memory-<your-slug>.ownify.ai/mcp/rpc \
  --env KLAW_TOKEN=<paste the token> \
  -- ownify-memory-bridge

Verify with claude mcp list. The ownify tools become available to any Claude Code session.

The bridge surfaces the same MCP tools as inside the cluster:

• klaw_search — semantic + keyword hybrid search across your memory.
• klaw_list_wings, klaw_list_drawers, klaw_get_drawer — browse.
• klaw_store_user_preference, _user_profile, _decision, _todo, _event, _diary_entry, _workspace_fact — typed shortcuts that file into the right wing automatically.
• klaw_add_drawer — explicit (wing, room) write when none of the typed tools fits.
• klaw_kg_query — query the agent’s knowledge graph.

The default safe ACL profile blocks writes to security, public, shared, and tenant-memory from external clients. Read access to those wings works; tighten or widen via the Access Matrix on the agent’s Access page if you need a different posture per device.

If you don’t want the stdio bridge, the same endpoint accepts plain JSON-RPC over HTTPS — usable from any HTTP client, scripts, or your own MCP-Streamable-HTTP integration:

curl -sS -X POST https://memory-<slug>.ownify.ai/mcp/rpc \
  -H "Authorization: Bearer $KLAW_TOKEN" \
  -H "Content-Type: application/json" \
  --data '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}'

The same Bearer token, same JSON-RPC envelopes Claude clients exchange via the bridge.

Open the External API page on the agent and click Revoke next to the token. Effective within a few seconds — the device loses access on the next request. Each token is bound to one device by name, so revoking one doesn’t affect others.