Favor Church Logo Favor Church Rock MCP
Online

Model Context Protocol Gateway

Secure, low-token action-router interface for Rock RMS v17.7. Connects Claude, Cursor, and other AI clients to church operations.

Version: 1.0.0
Cache: Redis Active
Rock Target: https://rock-preview.favor.church
MCP Connections

Exposes endpoints tailored to different authentication scopes and security levels.

Smart Gateway POST
Detects user status automatically. Upgrades to readwrite mode for admins with write scopes; defaults to readonly.
https://rock-mcp.favor.church/mcp
Min Scope read
Write Access RSR Admins Only
Read-Only Gateway POST
Enforces a read-only context. Safe default for standard operations. Ideal for broad, lower-risk LLM access.
https://rock-mcp.favor.church/mcp/readonly
Min Scope read
Write Access Disabled
Read-Write Gateway POST
Explicitly registers read and write tools. Requires OAuth client write credentials. Runs operations as the user.
https://rock-mcp.favor.church/mcp/readwrite
Min Scope read + write
Write Access Enabled (Authorized)
Integration Guide

To register the Favor Church Rock MCP server in your Claude Desktop app, edit your configuration file:

  • MacOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
claude_desktop_config.json
{
  "mcpServers": {
    "rock-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/sdk",
        "connect",
        "https://rock-mcp.favor.church/mcp"
      ],
      "env": {
        "AUTHORIZATION": "Bearer YOUR_JWT_TOKEN"
      }
    }
  }
}

Cursor allows connecting to MCP servers via SSE (Server-Sent Events) or Command mode.

For SSE connection (recommended for remote endpoints):

  1. Open Cursor Settings > Features > MCP.
  2. Click + Add New MCP Server.
  3. Fill in:
    • Name: rock-mcp
    • Type: command (using npx connection wrapper to pass headers)
    • Command: npx -y @modelcontextprotocol/sdk connect https://rock-mcp.favor.church/mcp

All MCP endpoints are secured using JSON Web Tokens (JWT) linked to church member logins.

Required Headers:

  • Authorization: Bearer <token> - Valid JWT from the Favor login provider.
  • x-mcp-session-id (Optional) - Consistent UUID for caching user context and discovery states.

Tokens must contain at least the read scope. To perform updates/writes via /mcp/readwrite or /mcp, the token must include the write scope, and the user must be authorized for the targeted entity.