Overview
What this connector is
This is a Model Context Protocol (MCP) connector hosted by TrueGradient. After you connect it in Claude and sign in with your TrueGradient account, Claude can list your experiments, inspect their datasets, and read rows to answer questions about your data — for example, “what were my top 10 SKUs by sales last month?” or “compare forecast accuracy across my last two demand-planning experiments.”
The connector exposes data; it does not compute or analyze on its own. It returns rows (or engine-computed aggregates) to Claude, and Claude does the summarization and explanation. Every tool it exposes to Claude is read-only.
Capabilities
Supported capabilities
Browse experiments
List your Completed experiments — optionally filtered to demand planning, inventory optimization, or pricing & promotion optimization.
Explore datasets
For any experiment, see its datasets, their columns, and a sample row, so Claude can pick the right data by name.
Read rows
Read dataset rows in pages of up to 1,000 rows, with clear pagination, after checking the dataset’s size up front.
Computed reads
Push totals, top-N, averages, and group-by breakdowns down to the TrueGradient query engine and get back the final result set.
Tools exposed to Claude
| Tool | Purpose | Access |
|---|---|---|
Who am I (TrueGradient identity) tg_whoami | Confirms the connection is authenticated and shows the connected company and granted permissions. Takes no arguments — identity is read from the verified session. | Read-only |
List experiments for analysis tg_list_experiments_for_analysis | Lists your Completed, non-archived experiments (the same set the TrueGradient app shows), newest first. Optionally filtered to a single module. | Read-only |
Resolve experiment datasets tg_resolve_datasets | For chosen experiment(s), lists the available datasets with a short summary, the live column list, and a sample row — so the right dataset can be picked by name. | Read-only |
Dataset size & shape tg_dataset_info | Reports a dataset’s total row count, page count, and columns up front, so a full read can be planned in one cheap call. | Read-only |
Fetch dataset rows tg_fetch_dataset | Returns dataset rows (paginated), or pushes computation to the query engine for totals, top-N, averages, and group-by breakdowns. Returns the final result set. | Read-only |
Confirms the connection is authenticated and shows the connected company and granted permissions. Takes no arguments — identity is read from the verified session.
Lists your Completed, non-archived experiments (the same set the TrueGradient app shows), newest first. Optionally filtered to a single module.
For chosen experiment(s), lists the available datasets with a short summary, the live column list, and a sample row — so the right dataset can be picked by name.
Reports a dataset’s total row count, page count, and columns up front, so a full read can be planned in one cheap call.
Returns dataset rows (paginated), or pushes computation to the query engine for totals, top-N, averages, and group-by breakdowns. Returns the final result set.
These five tools are the connector’s entire user-facing surface — and every one of them is read-only.
Authentication
How authentication works
The connector runs as a standard OAuth 2.1 authorization server. Connecting from Claude uses the normal MCP authorization flow — you never share a password or an API key with Claude.
- 1Add the connector
In Claude, open Settings → Connectors → Add custom connector, and enter the server URL
https://tg-mcp-production-ap-south-1.truegradient.ai/mcp. - 2Sign in with TrueGradient
Claude registers itself dynamically and redirects you to TrueGradient’s identity gateway, where you sign in with Google (scopes
openid email profile) and, if you belong to more than one company, pick one. The company is derived server-side from your verified identity — never trusted from the browser. Authorization requires PKCE with S256 (the plain method is rejected). - 3Token issuance
On success, the connector issues a session bound to your verified TrueGradient identity. Your company and user are carried inside a signed (RS256) token — not stored as adjustable settings. Access tokens are short-lived (5 minutes) and refreshed silently in the background.
- 4Ask away
Once connected, ask Claude about your data. To confirm the connection, ask it to run the “Who am I” tool — it returns your company and granted permissions.
- OAuth 2.1 with PKCE (S256) and Dynamic Client Registration.
- Client allow-list: only OAuth clients whose redirect host is on TrueGradient’s allow-list (Claude’s domains) can complete the flow.
- Stay connected for up to 60 days without re-login, using rotating refresh tokens. A replayed or stolen refresh token is detected and invalidates the entire session family.
Security & Privacy
Security & privacy
What the connector accesses
- Your TrueGradient experiments’ metadata and the datasets attached to them (the supply-chain / demand / inventory / pricing data in your TrueGradient account), scoped to your company.
What it does not access
- Any other company’s data.
- Your Claude chat history, your files, or Claude’s memory.
- Third-party APIs — the connector talks only to TrueGradient’s own services. It does not transfer funds or generate images, audio, or video.
Data handling & retention
- No dataset retention. The connector reads data on demand to answer your question and returns it to Claude. It does not store your dataset contents or your conversations.
- Minimal session state. Only OAuth session state (refresh-token records) is stored, to keep you signed in — and it is revocable.
- Short-lived backend credentials. Each data read uses a freshly minted token that is valid for seconds and for a single call.
- Encrypted in transit and at rest. All traffic is HTTPS/TLS; OAuth session state is stored in DynamoDB with server-side encryption (AWS KMS).
- Transport security. Host validation rejects requests whose
Hostheader is not the connector’s own, and the OAuth redirect target is restricted to an exact allow-list of Claude’s URLs. - Disconnecting. Removing the connector in Claude (or revoking access in TrueGradient) ends the session and invalidates its tokens.
Multi-tenant safety
Company isolation guarantees
Isolation is enforced by construction, not by convention:
- No company identifier is ever an input. None of the tools accept a company id as an argument. Your company is read only from your verified login token.
- Re-verified on every call. Each data request derives the company from the signed token again — there is no client-supplied or cached company scope to tamper with.
- Server-built data paths. The storage location of a dataset is constructed server-side from your verified company; raw storage paths are never accepted from, or returned to, the caller.
- Ownership assertion (defense in depth). Before any data is touched, the server asserts the resolved path falls within your company’s prefix and rejects anything that does not.
The result: it is structurally impossible for one connected user to reach another company’s data.
Usage
Example questions you can ask
Reference
Technical details
- Protocol
- Model Context Protocol (MCP)
- Transport
- Streamable HTTP (stateless)
- Production endpoint
https://tg-mcp-production-ap-south-1.truegradient.ai/mcp- Authorization
- OAuth 2.1 authorization server
- Auth features
- PKCE (S256, required), Dynamic Client Registration, token revocation
- Identity token
- Signed RS256 JWT carrying verified company & user
- Access token lifetime
- 5 minutes (refreshed silently)
- Session lifetime
- Up to 60 days via rotating refresh tokens (reuse-detected)
- Sign-in
- Google (openid email profile), via the TrueGradient identity gateway
- Encryption
- TLS in transit; AWS KMS server-side encryption at rest
- Tools exposed to Claude
- 5 (all read-only)
- Resources / Prompts / Sampling
- None
MCP
Supported MCP features
FAQ
Frequently asked questions
Can the connector change or delete my data?
No. Every tool exposed to Claude is read-only. The connector reads experiment metadata and dataset rows; it has no tool that writes, edits, or deletes your data.
Can Claude reach another company’s data through it?
No. The tools take no company identifier as input. Your company is read from your signed login token and re-verified server-side on every call, and resolved data paths are asserted to be within your company’s prefix.
Are my datasets or conversations stored by the connector?
No. Dataset contents and conversations are not retained. The connector reads data on demand to answer your question. Only OAuth session state (refresh-token records) is stored to keep you signed in, and it is revocable.
How do I confirm I’m connected to the right account?
Ask Claude to run the “Who am I” tool. It returns your company id, user id, and the permission flags granted to the session — without taking any input.
How long do I stay connected?
Up to 60 days without re-login. Claude rotates a short-lived (5-minute) access token silently in the background using rotating refresh tokens; if a refresh token is ever replayed, the whole session is revoked.
How do I disconnect?
Remove the connector in Claude, or revoke access in TrueGradient. Either ends the session and invalidates its tokens.
Which data can I ask about?
Your Completed experiments across demand planning, inventory optimization, and pricing & promotion optimization — the same set the TrueGradient app shows.
Privacy & Support
Privacy policy & support
For full details on what TrueGradient collects and how it is used, see the TrueGradient Privacy Policy.
Questions or issues?
Contact support@truegradient.ai. We respond within a reasonable timeframe.
 (1).svg){kind=icon}
