Skip to main content
Chance runs a hosted (remote) MCP server so AI assistants can call verify_intent / get_verification over the network — no local process to install.
Two ways to authenticate, depending on the client:
  • One-click OAuth — Claude.ai, Claude Desktop, Claude mobile, and ChatGPT open a Chance sign-in screen; no key to paste.
  • API key — the Anthropic and OpenAI developer APIs pass your chance_sk_ key as a header.
Prefer a local install (Claude Desktop / Cursor / Windsurf via npx)? Use the stdio MCP server instead — same tools, runs on your machine.

Claude.ai · Claude Desktop · Claude mobile (OAuth)

1

Open connector settings

Settings → Connectors → Add custom connector (Team/Enterprise: an owner adds it under Organization settings).
2

Add the URL

Paste https://harness.chance.cc/api/mcp and click Add. No OAuth client ID/secret needed — Chance registers your client automatically.
3

Sign in

Click Connect and approve on the Chance screen (sign in with the same account as your dashboard). Done — verify_intent is now available in chat.

ChatGPT (OAuth)

Enable Developer Mode (Settings → Connectors → Advanced), then Add custom connector and enter https://harness.chance.cc/api/mcp. Approve the Chance sign-in. Developer Mode exposes the full read/write tools (verify_intent is a write tool); the read-only Deep Research connector path is not the one you want here.

Anthropic Messages API (key)

Call the remote server directly from the API with the MCP connector — your chance_sk_ key goes in authorization_token:
The MCP-connector beta header and exact fields evolve — see Anthropic’s MCP connector docs for the current version.

OpenAI Responses API (key)

Add a remote MCP tool and pass your key as a header:

Any MCP client, via bridge (key)

For a client that only speaks local stdio, bridge to the hosted server with your key:

How the OAuth flow works

Chance implements the MCP Authorization spec (OAuth 2.1 + PKCE):
  • Discovery/.well-known/oauth-protected-resource and /.well-known/oauth-authorization-server
  • Dynamic Client Registration — clients register automatically; nothing to configure
  • PKCE (S256), single-use authorization codes, and rotating refresh tokens
  • The consent screen authenticates you with the same identity as the dashboard, then issues the client a scoped token that spends your credits
Nothing to set up on your side — just add the URL and approve.