HANK_SAFE_HARBOR · MCP

Connect an AI agent to the Safe Harbor de-identification tools over the Model Context Protocol.

1 · Get a token

Create an API token at console.hank.ai. Send it as Authorization: Bearer <token> (header clients, preferred).

2 · Endpoint & tools

MCP URL (metered edge): https://api.hank.ai/v1/safeharbor/mcp/

• deidentify_text — de-identify a clinical text snippet
• deidentify_pdf — de-identify a PDF (base64 in/out)
• list_models — list de-id model variants

3 · Per-agent setup

Header-capable clients (token stays out of the URL — preferred):

Claude Code

claude mcp add --transport http hank-safe-harbor https://api.hank.ai/v1/safeharbor/mcp/ \
  --header "Authorization: Bearer YOUR_TOKEN"

Claude Desktop / Cursor (mcp.json)

{
  "mcpServers": {
    "hank-safe-harbor": {
      "url": "https://api.hank.ai/v1/safeharbor/mcp/",
      "headers": { "Authorization": "Bearer YOUR_TOKEN" }
    }
  }
}

Claude Desktop without a header field — bridge with mcp-remote:

npx -y mcp-remote https://api.hank.ai/v1/safeharbor/mcp/ --header "Authorization: Bearer YOUR_TOKEN"

OpenAI / Agents SDK / Codex (Responses tools[] entry)

{ "type": "mcp", "server_label": "hank-safe-harbor",
  "server_url": "https://api.hank.ai/v1/safeharbor/mcp/",
  "headers": { "Authorization": "Bearer YOUR_TOKEN" } }

URL-only connectors (ChatGPT Apps, Claude.ai custom connector):

https://api.hank.ai/v1/safeharbor/mcp/?token=YOUR_TOKEN

⚠ The ?token= form puts your credential in the URL, which can leak into logs and history. Prefer a header client, and rotate the token if you must use it.