Your AI assistant, plugged into your PageLens audits.
Connect Claude Desktop, Cursor, or any MCP-compatible client and ask “what should I fix on my site this week?”. The assistant reads your latest scan, picks the highest-leverage findings, and helps you act on them — without leaving your editor.
Free. Read-only. OAuth 2.1 with PKCE. Revoke any time from your settings.
Add PageLens to your client
Pick your assistant, paste the config, restart, and click through the consent screen. The MCP URL below is yours; the OAuth client registers itself the first time it connects.
Claude Desktop
Edit Claude's config file. macOS path: ~/Library/Application Support/Claude/claude_desktop_config.json. Windows: %APPDATA%\\Claude\\claude_desktop_config.json
claude_desktop_config.jsonjson{
"mcpServers": {
"pagelens": {
"url": "https://www.pagelensai.com/api/mcp"
}
}
}Cursor
Settings → Features → Model Context Protocol → Add new MCP server.
.cursor/mcp.jsonjson{
"mcpServers": {
"pagelens": {
"url": "https://www.pagelensai.com/api/mcp"
}
}
}Codex CLI
Codex picks this up from your config dir on next launch.
~/.codex/config.tomltoml[mcp_servers.pagelens]
url = "https://www.pagelensai.com/api/mcp"Generic / other clients
Any client that supports the streamable HTTP transport over OAuth 2.1 can connect. Discovery follows RFC 8414 + RFC 9728.
MCP server URLtexthttps://www.pagelensai.com/api/mcpOn first connect your client will pop a browser tab to PageLens for you to log in and approve the requested scopes. Tokens are short-lived (1 hour, refreshed automatically) and bound to your account — no shared keys, no credentials in your config.
What your assistant can do
Six read-only tools and two pinnable resources per scan (Markdown report + summary JSON). Read-only by design — no “delete my scan” surprise.
list_scans
Browse the most recent scans on your account.
get_scan
Pull a single scan's headline data — score, grade, exec summary, top-5 findings.
list_findings
Page through every finding for a scan, filtered by severity, persona, or page.
get_quick_wins
Fetch the top N quick-win findings (high impact + low effort) for a scan.
list_domains
List the domains you've verified ownership of, with their badge status.
whoami
Confirm which PageLens account this connection is operating against.
Pinnable resources
pagelensai://scan/{id}/markdown— the same agent-friendly Markdown export the report's “Download as .md” button produces.pagelensai://scan/{id}/summary.json— slim JSON: score, grade, severity counts, top findings, persona reviews.
Scopes you control
Every connected client requests one or more scopes. The consent screen is the gate — only what you approve gets granted, and you can revoke per-token from your settings.
read:scans— Read your scansList the scans on your account and read their headline data (URL, score, timestamp, tier, viewports).
read:findings— Read scan findingsRead the per-page findings, evidence, and quick-wins for any scan on your account.
read:domains— Read your verified domainsList the domains you've verified ownership of and which scan is currently anchored to each.
read:profile— Read your basic profileRead your account name and email so the assistant can confirm whose data it's working with.
write:feedback— Submit finding feedbackFlag findings on YOUR scans as false positives, miscategorised, or non-actionable. Feedback is queued for human review on PageLens's side — the assistant cannot edit, hide, or delete the scan itself, only attach a note explaining why a finding is wrong. Bounded to one open report per (you, finding); abuse is rate-limited and audit-logged against the OAuth client.
How we keep this safe
OAuth 2.1 with PKCE
No bearer tokens in your config. Each connection runs the full authorisation-code + PKCE flow, audience-bound to /api/mcpvia RFC 8707 so a leaked token can't be replayed against another resource. Tokens hash-at-rest; the raw value lives only in your client.
Read-only and rate-limited
Six tools, all read-only. Per-token (60/min), per-user (200/min) and per-client (1000/min) Upstash buckets stop a runaway loop from eating your context window or our DB pool. 429s come back with the standard Retry-After + X-RateLimit-* headers.
One-click revoke
Settings → Integrations shows every connected client and every active token, with a “Disconnect” button per client and a per-token revoke for the cautious. Revocation is immediate — the next request fails 401.
Standards-compliant
We follow the MCP 2025-03-26 spec to the letter — streamable HTTP transport, RFC 7591 Dynamic Client Registration, RFC 8414 Authorization Server Metadata, RFC 9728 Protected Resource Metadata, RFC 7009 Token Revocation. Your client never has to hard-code anything PageLens-specific.
Plug it in. Ask the assistant.
Already have a PageLens scan? You're 30 seconds away from “tell me what to fix” working in your editor.