Stats
Actions
Tags
From olam
Connect Claude Code to a remote admin-hosted Olam deployment via the MCP `http` transport (Worker URL + CF Access SSO). Use when the user has a Worker URL from an admin OR says "connect Claude to olam", "add olam MCP via URL", "set up admin-hosted olam", "wire up olam mcp endpoint". NOT for the standard shuk-marketplace install (that auto-registers a local stdio MCP via `.mcp.json`); NOT for shelling into a running world's container (see `olam-enter`).
How this skill is triggered — by the user, by Claude, or both
Slash command
/olam:connectThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Admin-hosted model: a single Worker URL + CF Access SSO replaces the
Admin-hosted model: a single Worker URL + CF Access SSO replaces the
local clone + .env.local dance. Run one command and you're done.
This is one of two MCP install paths:
claude plugin install olam@shuk auto-registers a local stdio MCP via the plugin's .mcp.json. No URL, no admin. If you arrived via shuk, you do not need this skill.--transport http.claude mcp add --transport http olam https://<olam-worker-url>/mcp
The first tool call opens a browser to Cloudflare Access; you SSO with your workspace email; Claude Code stores the refresh token in the OS keychain. Every subsequent call is silent.
Confirm the MCP is reachable:
claude mcp list
You should see olam listed with Transport: http. Then try:
olam_status <world-id> # if you already know a world
# or
olam_create task="your first seed of thought"
For GitHub Actions, cron jobs, or any non-interactive caller, the admin mints a single CF Access Service Token once and hands the client-id + client-secret pair to the CI platform's secret store.
claude mcp add --transport http olam https://<olam-worker-url>/mcp \
--header "CF-Access-Client-Id: $CF_ACCESS_CLIENT_ID" \
--header "CF-Access-Client-Secret: $CF_ACCESS_CLIENT_SECRET" \
--header "X-Olam-Impersonate-Email: [email protected]"
X-Olam-Impersonate-Email only works when the caller's
CF-Access-Client-Id matches an allow-listed service-token ID —
that list lives in the Worker secret OLAM_CI_ALLOWED_EMAILS. JWT
(SSO) sessions ignore the impersonation header entirely.
<olam-worker-url> — something like https://olam.<your-org>.workers.dev/mcp.claude mcp list doesn't show olam → re-run the claude mcp add
command; the URL must end in /mcp.401 Unauthorized → SSO session expired. Run any
MCP tool; Claude will re-prompt for SSO in the browser.403 when impersonating → the email you requested
isn't in OLAM_CI_ALLOWED_EMAILS. Ask the admin to add it..mcp.json. Use it instead unless your admin specifically requires the http-transport path.olam-enter.olam-create (requires the MCP to be connected first; if you are using this skill, do that step before olam-create).olam setup for the per-machine bootstrap.olam-create — provision a world (once the MCP is connected).olam-list — show running worlds.olam-enter — shell into a world's container.npx claudepluginhub pleri/olam-cliProvides behavioral guidelines to reduce common LLM coding mistakes, focusing on simplicity, surgical changes, assumption surfacing, and verifiable success criteria.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Creates, edits, and optimizes skills for Claude Code, including drafting, evaluating with test prompts, iterating on performance, and improving skill descriptions for better triggering accuracy.