MCP Server
Give an AI agent permission-aware access to Meridian HR.
Meridian ships a Model Context Protocol server alongside the REST API. It exposes the same data and operations — employees, leave, payroll, org structure — as tools that any MCP-capable agent (Claude Desktop, Cursor, custom SDK clients) can call directly.
How it differs from the REST API
| REST API | MCP Server | |
|---|---|---|
| Transport | HTTPS | JSON-RPC over stdio |
| Caller | Any HTTP client | AI agent / MCP host |
| Authentication | Bearer API key + X-Org-Id | Same API key, passed at start-up |
| Surface | Every endpoint | A curated set of high-leverage tools |
| Permission model | RBAC on the calling key | The same RBAC — tools are filtered to what the key can do |
The MCP server is not a bypass. It uses the same API keys and the same permission checks. An agent connected with a read-only key sees only read tools.
Install
The server is a static Rust binary. Grab the latest release for your platform from github.com/meridianhr/meridian/releases and put it on your PATH as meridian-mcp.
Connect from Claude Desktop
Edit ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"meridian": {
"command": "meridian-mcp",
"env": {
"MERIDIAN_API_KEY": "mer_live_sk_...",
"MERIDIAN_ORG_ID": "01HX...",
"MERIDIAN_API_URL": "https://api.meridianhr.co"
}
}
}
}Restart Claude Desktop. The Meridian tools appear in the tool picker.
Connect from Cursor or VS Code
Add to .cursor/mcp.json (or .vscode/mcp.json):
{
"mcpServers": {
"meridian": {
"command": "meridian-mcp",
"env": {
"MERIDIAN_API_KEY": "mer_live_sk_...",
"MERIDIAN_ORG_ID": "01HX..."
}
}
}
}Verify
The server speaks JSON-RPC 2.0 on stdin/stdout. You can sanity-check it without an agent:
echo '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{}}' | meridian-mcpYou should see an initialize response. Then call tools/list to see exactly which tools the key in MERIDIAN_API_KEY is allowed to call.
Next: see the tool reference.