Demiton
Demiton
/ var / log / engineering
Wrap-up
MCP
OAuth
Domain Model
Adapters

Friday wrap: the spine for autonomous clients

JT
6 min read
Friday wrap: the spine for autonomous clients

Beer in hand. Two weeks of work, most of it pointed at the same thing.

When an AI agent like Claude wants to talk to Demiton, three problems have to be solved before a single useful answer comes back. The agent has to authenticate against us without a human pre-provisioning credentials. It has to turn a vague natural-language question into something that maps to a real data source. And it has to actually fetch the data through an adapter that knows the system on the other end.

This fortnight we shipped the foundations of all three.

1. Claude OAuth and RFC 7591 Dynamic Client Registration

The biggest thing we shipped. When Claude Desktop wants to talk to an MCP server it needs OAuth credentials. The old way was operator-provisioned: someone at the platform creates a client, hands over a client_id and client_secret, and the user pastes them into a config. That doesn't scale, and it's not how Claude actually wants to work.

RFC 7591 defines an endpoint where clients register themselves. They POST their metadata, our server mints them a client_id (and optionally a secret), and the client persists it locally. No human in the loop. Claude Desktop hits /oauth/register, gets back a credential pair, then walks the rest of the OAuth dance (auth code, consent, token, userinfo) exactly like a first-class IdP integration.

What's now live:

  • /oauth/register: RFC 7591 dynamic client registration, accepts redirect URIs, scopes, client metadata.
  • Consent screen: when a user authorises an unknown client they see what scopes are being granted and to whom.
  • /oauth/userinfo: the OIDC userinfo endpoint, so Claude can show "signed in as Justin Trollip" once a token is held.
  • /oauth/consent POSTs through CSRF-exempt middleware. The consent form lives outside the normal session boundary, which took some untangling.

The ask_demiton MCP tool now sits behind this. Anyone using Claude Desktop or mcp-remote can connect to our server, sign in, grant scope, and start asking questions without us touching anything in our admin panel. The flow takes under thirty seconds end to end.

This is the foundation. Without it every other piece of MCP work has to be hand-wrapped per customer.

We had also shipped a second public tool called demiton_demo for anonymous, unauthenticated probes. That's being retired. Claude's OAuth and dynamic-client model handles the first-contact problem better than a session-scoped anonymous tool ever could. If the auth path is frictionless then the anonymous path is just confusion.

2. The intent taxonomy and domain model

Once an agent can authenticate, the next problem is what to do with its question. "How's the Pacific Highway job tracking?" could mean a project P&L lookup, a schedule check, a site-diary recall, or a vendor position. The platform has to decide.

This fortnight we shipped two iterations of the taxonomy that does that deciding.

Intent Taxonomy v1 landed first. Eight domains, 36 intents, with a full source registry that maps each intent to one or more named data sources. The domains were project finance, scheduling, identity, documents, opportunities, market intelligence, vendors, and compliance. Each intent declared which adapter chains could legitimately answer it.

Domain Model v2.0.0 then collapsed that down. The v1 surface was too granular to reason about. v2 has three domains, broader and more honest about what the platform actually distinguishes, plus three new properties:

  • Workflow sources: an intent isn't only a router target. It can be backed by a stored workflow that runs adapters in sequence.
  • Audit log: every routing decision is recorded. When you ask Demiton something you can later see why it picked the source it did.
  • Probe UI: a built-in surface at /domain-model where you can submit a question, watch it route, and inspect the candidate sources without firing real adapter calls. This was the thing that turned taxonomy from theoretical to debuggable.

The whole thing lives in version-controlled YAML. The DB caches it, the YAML defines it. Changing the routing logic is now a Git diff, not a migration.

This pays off most when an LLM is the caller. An LLM doesn't know our schema. It knows English. The taxonomy is the translation layer between English and the actual Business Central tables, the SharePoint document libraries, the public CKAN datasets, and the GPS feeds. Before this, every MCP tool had to bake its own routing logic in. Now every tool inherits the same routing brain.

3. New adapters

Last piece. An intent that resolves to a source is useless if the source isn't actually plugged in. Six new adapters landed:

  • Wikipedia REST API. For resolving public entities, projects, and organisations. The cheapest possible enrichment layer.
  • Navman TN360. GPS and fleet telemetry. Wired in for the PCA fuel-claim workflow that needed kilometre-level vehicle movement against fortnightly RTCCO reporting windows.
  • Generic SDMX. Statistical Data and Metadata eXchange. ABS, OECD, World Bank, anything that publishes SDMX feeds. One adapter, hundreds of potential intelligence sources.
  • RBA CSV. Reserve Bank of Australia statistical tables. Cash rate, exchange rate, inflation, CPI. Macro context for Connected customers running long-cycle infrastructure work.
  • GraphMail (app-only auth). Microsoft Graph mail with application-level credentials. Critical for the procurement intake-to-PO workflow, where the platform needs to read a shared inbox without impersonating any individual user.
  • Dropbox OAuth2 with full authorization-code flow. The old refresh-token model is gone. Connection cards now have an "Authorize" button, the flow walks the standard OAuth path, and tokens refresh automatically.

Two structural improvements went in alongside.

The adapter registry now carries AdapterEntry metadata. Every adapter declares its tier requirement, its capability surface, and what archetype of resource it serves. The taxonomy can introspect this directly instead of having to know each adapter by name.

Adapters are also now tiered by customer profile. Not every adapter is offered to every plan. The entitlement layer enforces that, so individual adapters don't have to implement gating themselves.

Where this lands

An autonomous client can now become a first-class user of the platform without anyone at Demiton pre-configuring anything for them. The auth runs itself, the routing runs itself, and the adapters fetch what's been resolved.

These pieces existed in some form before this fortnight. None of them existed in a form that would have survived a real Claude Desktop user trying to connect at 7am on a Tuesday. They do now.

Cheers.

— Justin

Talk to your data

Ask Claude about your projects.

Demiton's MCP server puts your project financials, worker schedules, and vendor data behind 20+ tools your AI assistant can query directly. Connected tier includes it.

See ConnectedStart free