Connections, MCP & Platform API
Connect Linear and other apps, issue Critique API keys for agents, and call MCP or REST v1 from external tools.
Critique v4.1 adds a connections layer on top of the model and agent keys you already save in Settings. This page is the user-facing guide; operators also need CRITIQUE_SECRETS_ENCRYPTION_KEY on the server before anyone can save connections or API keys.
Zapier vs MCP vs native (read this first)
| Path | What it is | What it is not |
|---|---|---|
| Zapier | Automate Slack, Jira, Sentry, Vercel, and 8,000+ apps with Zaps | Not MCP; not stored per-app keys in Critique |
MCP + crt_ keys | IDE agents (Cursor, Claude) call Critique | Not Zapier; not for wiring Jira to Slack |
| Native Linear / Slack | Deep Critique Chat (issue search, Slack post) | Optional if Zapier already notifies your channels |
| BYOK / BYOA | Model and fix-agent keys in Settings | Separate from Connections |
Zapier (recommended)
For Slack, Jira, Sentry, Vercel, and most of your stack, use Zapier instead of pasting keys for each app in Critique. Combine Webhooks by Zapier with Critique crt_ API keys and MCP when agents need passport data.
Optional native Linear and Slack keys below are only for deep Critique Chat features (issue search, confirmed Slack posts).
Three ways to “connect” Critique
| Kind | Where you configure | What it pays for / unlocks |
|---|---|---|
| BYOK (models) | Settings → OpenRouter or CrofAI | Critique Chat and review models bill your OpenRouter or Crof account. See BYOK. |
| BYOA (fix agents) | Settings → Cursor, Anthropic, OpenAI | Queue Cloud Agents, Claude Managed Agents, or Codex from review runs. See BYOA. |
| App connections | Settings → Connections | Third-party product APIs (Linear today; Slack, Sentry, Jira, Vercel, MCP catalog entries on the roadmap). Powers chat tools and dashboard context — not model inference. |
Critique API keys (crt_…) | Connections page → Critique API keys | Programmatic access for your user: MCP server and REST v1. Acts as you, scoped to repos your GitHub App installation controls. |
BYOK and BYOA stay on Settings. Linear and future integrations live under Connections so agents and chat can reuse the same encrypted credential store.
flowchart TB
subgraph settings [Settings]
BYOK[OpenRouter / Crof BYOK]
BYOA[Cursor / Anthropic / OpenAI BYOA]
end
subgraph connections [Connections]
Apps[Linear Slack Sentry …]
CRT[crt_ API keys]
end
Chat[Critique Chat] --> BYOK
Review[PR review] --> BYOK
Fix[Queue fix agents] --> BYOA
Chat --> Apps
Agent[External agent MCP client] --> CRT
CRT --> MCP["POST /api/mcp"]
CRT --> REST["GET /api/v1/…"]App connections (Linear and catalog)
Open Settings → Connections.
Linear (available now)
- Create a Personal API key in Linear → Settings → API.
- In Critique, open Linear → paste the key → Save.
- Use Test connection to confirm Critique can reach Linear.
- Toggle Enable for Chat (and other surfaces when they ship) so agents may call Linear-backed tools.
When Linear is connected and enabled for chat, Critique Chat can call searchIssuesAndRoadmap — search issues, see assignee context, and relate PR work to your roadmap without leaving the thread. See Chat tools.
Legacy Settings → Linear API key redirects to the same Linear card on the Connections page.
Slack (available now)
Connect with either:
- Bot token (
xoxb-…) from Slack API apps — needschat:write(and channel access). Optional default channel (for example#eng-reviews). - Incoming webhook URL (
https://hooks.slack.com/services/…) — fastest setup; posts to one channel only.
Use Test connection after save. When Slack is connected and Chat is enabled, Critique Chat can postToSlack — a confirmation card appears before anything is posted.
Other apps
Sentry, Jira, and Vercel are not configured as separate Connections cards — use Zapier or Control Board incident webhooks (Change control). See the connections roadmap.
Operator requirement
If the UI says secrets storage is not configured, your deployment is missing CRITIQUE_SECRETS_ENCRYPTION_KEY. Generate a 32-byte base64 key (see Environment variables) and redeploy. The same key encrypts BYOK/BYOA keys, repository secrets, connection credentials, and API key hashes.
Critique API keys
API keys authenticate as your Critique user to automation endpoints. They are not OpenRouter keys and not Linear keys.
- Go to Settings → Connections → Critique API keys.
- Name the key (for example
Cursor MCPorCI bot) → Create. - Copy the full key once — it starts with
crt_and is only shown at creation. - Store it in your agent or secret manager; Critique stores only a hash and a short prefix.
Default scopes on new keys:
| Scope | Allows |
|---|---|
read:passports | GET /api/v1/passports |
read:reviews | GET /api/v1/review-runs/:id |
write:reviews | Reserved for future write APIs; queue review today uses MCP queue_review when the key is valid |
Browser session cookies also work on REST v1 routes when you are signed in (scopes are not enforced for session auth).
MCP server (v0)
Critique exposes an MCP-compatible JSON-RPC endpoint for external clients (Cursor, Claude Desktop, custom agents).
| Item | Value |
|---|---|
| URL | https://critique.sh/api/mcp (or your NEXT_PUBLIC_APP_URL + /api/mcp) |
| Method | POST |
| Auth | Authorization: Bearer crt_… |
| Protocol | MCP 2024-11-05 subset (initialize, tools/list, tools/call, ping) |
Tools
| Tool | Description |
|---|---|
list_passports | Up to 20 change passports visible to your account |
get_review_run | Review run snapshot by id (installation-scoped) |
queue_review | Queue a PR review (repositoryFullName, pullRequestNumber, headSha; optional pullRequestTitle) |
Example tools/call body (JSON-RPC):
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "list_passports",
"arguments": { "limit": 10 }
}
}Configure your MCP client with the Critique URL and a crt_ key. MCP does not replace GitHub App install — the repository must already be on an installation you control.
REST API v1 (read)
Read-only HTTP JSON for the same account. Use a crt_ key or an authenticated browser session.
| Endpoint | Scope | Description |
|---|---|---|
GET /api/v1/passports?limit=20 | read:passports | Change passport queue (max 100) |
GET /api/v1/review-runs/:id | read:reviews | Review run snapshot |
Example:
curl -sS \
-H "Authorization: Bearer crt_YOUR_KEY" \
"https://critique.sh/api/v1/passports?limit=5"Responses are no-store and scoped to installations linked to your user.
Dashboard integration hub
Dashboard → Overview includes an integrations section when you have GitHub connected: connection status, Linear issue previews, passport queue snippets, and a Manage connections link to /settings/connections. Use it as a control-room view alongside review runs and usage.
Security practices
- Treat
crt_keys like passwords — revoke in Connections if leaked. - Use separate keys per agent or environment so revocation is surgical.
- Linear and other connection secrets are encrypted at rest; Critique never returns full secrets to the browser after save.
- MCP and REST act only within your Critique permissions — they cannot access another user’s repositories.
Related
- BYOK — OpenRouter / Crof model keys (Settings)
- BYOA — Cursor, Claude, Codex fix agents (Settings)
- Chat tools — including
searchIssuesAndRoadmap - Environment variables — v4.0 flags and v4.1
CRITIQUE_SECRETS_ENCRYPTION_KEY - Change control — passports, incident webhooks