Client Setup

Client Deployment Guide (MCP Bridge)

Version: 1.0.2 Scope: Developer Workstation Setup

This guide explains how to connect your local AI Agents (Claude Desktop, Cursor, etc.) to the secure ContextLoom Appliance.

Introduction

ContextLoom uses the Model Context Protocol (MCP) to serve governed context. Because your source code lives in a secure “Vault” and your AI tools run locally (or in the cloud), we use a lightweight Bridge Client to tunnel the connection securely.

Prerequisites

Node.js: v18 or newer installed on your workstation.
Access Token (PAT): You must generate a Personal Access Token from the ContextLoom Dashboard.
Appliance URL: The URL of your organization’s ContextLoom instance (e.g., https://loom.internal).

Step 1: Generate API Key

Log in to ContextLoom.
Navigate to Access Tokens.
Click Generate Token.
Copy the token immediately (it begins with cl_pat_...). You will need this for the configuration.

Step 2: Client Configuration

ContextLoom supports any MCP-compliant client. Below are the configurations for the most popular tools.

Option A: Cursor

Recommended: Use the npx (Zero-Install) method.

Open Cursor Settings (Ctrl/Cmd + ,).
Navigate to General > MCP.
Click Add New MCP Server.
Enter the following details:

Name: contextloom
Type: stdio (Local)
Command: npx

Args:

-y
@contextloom/bridge
--url https://loom.internal
--token cl_pat_YOUR_TOKEN
--insecure

(Note: Use --insecure only if your appliance uses a self-signed certificate)

Option B: Claude Desktop

Edit your configuration file located at:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

Add the following entry:

{
  "mcpServers": {
    "contextloom": {
      "command": "npx",
      "args": [
        "-y",
        "@contextloom/bridge",
        "--url", "https://loom.internal",
        "--token", "cl_pat_YOUR_TOKEN",
        "--insecure"
      ]
    }
  }
}

(Remove the --insecure flag if you have a valid public certificate)

Option C: VS Code (via Cline)

Install the Cline extension from the VS Code Marketplace.
Open the MCP Servers tab in the Cline sidebar.
Click Configure MCP Servers (opens mcp_config.json).
Add the contextloom entry as shown in the Claude Desktop example above.

Option D: Windsurf

Edit your local MCP configuration:

File: ~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "contextloom": {
      "command": "npx",
      "args": [
        "-y",
        "@contextloom/bridge",
        "--url", "https://loom.internal",
        "--token", "cl_pat_YOUR_TOKEN",
        "--insecure"
      ]
    }
  }
}

Option E: Gemini CLI

If you are using the terminal-based Gemini agent:

Open ~/.gemini/settings.json.
Add to mcpServers:

{
  "mcpServers": {
    "contextloom": {
      "command": "npx",
      "args": [
        "-y",
        "@contextloom/bridge",
        "--url", "https://loom.internal",
        "--token", "cl_pat_YOUR_TOKEN",
        "--insecure"
      ]
    }
  }
}

Air-Gapped Installation (No Internet)

If your workstation cannot access the public npm registry (registry.npmjs.org), you must use the offline tarball method.

Download: Obtain contextloom-bridge-1.0.2.tgz from your administrator.
Load: Place it in a local directory (e.g., C:\Tools\contextloom\).
Configure: Update the command and args in your JSON config to point to the local file.

Example (Windows):

"contextloom": {
  "command": "node",
  "args": [
    "C:\\Tools\\contextloom\\index.js",
    "--url", "https://loom.internal",
    "--token", "cl_pat_YOUR_TOKEN",
    "--insecure"
  ]
}

Troubleshooting

Error: self signed certificate in certificate chain

Cause: Your appliance is using a self-signed certificate which is not trusted by Node.js.
Fix: Add the --insecure flag to your MCP server configuration arguments.

Error: Connection Refused

Verify you can reach https://loom.internal in your browser.

Error: 401 Unauthorized

Your PAT may be invalid or expired. Generate a new one in Access Tokens.