Reviewer guide — evaluate hdls end to end
This page is the fastest factual path for a reviewer (e.g. an MCP directory or security reviewer) to stand up a working hdls workspace and exercise the server. Everything below takes about ten minutes and requires no payment details.
hdls is a portfolio of headless, MCP-native SaaS backends served from two kinds of
endpoint: the concierge (control plane) at https://hdls.ai/api/mcp and one
endpoint per product at https://hdls.ai/api/mcp/<slug> (e.g. /api/mcp/crm).
The full mental model is in What hdls is & how it works.
Step 1 — Sign up (free, no card)
- Go to https://hdls.ai and click Sign in.
- Enter your email — sign-in is passwordless email OTP: a one-time code is emailed to you, you type it in, and your account and workspace are created.
- New workspaces land on the Free plan ($0). No credit card is requested at any point; plan details are in Billing & plans.
The first user of a workspace is its owner — the highest of the four roles (
reader < member < admin < owner), so a fresh reviewer account can install products and invite teammates without extra setup.
Step 2 — Connect an MCP client (OAuth, DCR)
Add the concierge as a remote MCP server:
https://hdls.ai/api/mcp
hdls is its own OAuth 2.1 authorization server with RFC 7591 Dynamic Client
Registration, so clients that register themselves on the fly work without any
pre-provisioning — including claude.ai custom connectors and MCP
Inspector. An unauthenticated request returns 401 with a WWW-Authenticate
header pointing at the discovery metadata, which kicks off the browser flow: sign
in, pick your workspace and the products the connection may touch, click Allow
access.
- claude.ai — Settings → Connectors → Add custom connector → paste the URL.
- MCP Inspector — enter the URL, transport Streamable HTTP, and follow the OAuth prompt.
- Claude Code —
claude mcp add --transport http hdls https://hdls.ai/api/mcp -s user, then/mcp.
Per-client detail lives in Connect your AI assistant.
Step 3 — Install the CRM
On the concierge connection, install the CRM product:
Tool: install_product
Arguments: { "slug": "crm" }
Installing is idempotent and needs admin or owner (you're the owner). It records that your workspace uses the CRM; the product's named tools are served on the CRM's own endpoint, not on the concierge.
Step 4 — Connect to the CRM endpoint
Add a second connector for the product itself:
https://hdls.ai/api/mcp/crm
Same OAuth flow. This endpoint exposes the CRM's named tools: create_account,
update_account, search_accounts, create_contact, update_contact,
search_contacts, create_deal, move_deal_stage, log_activity, and
summarize_account.
Step 5 — Seed sample data
Just ask the model, on the CRM connection:
"Create three sample accounts — Northwind Robotics, Bluewater Analytics, and Cedar & Pine Coffee — each with a contact, and open two deals: a $24k deal in 'proposal' and an $86k deal in 'won'."
The assistant calls create_account, create_contact, and create_deal for
each. You never pass a tenant_id — rows are pinned to your workspace by
Postgres row-level security, stamped server-side.
(If the hdls team is running the evaluation workspace for you, the same dataset
can be seeded by the operator-run scripts/seed-demo-workspace.ts script instead.)
Step 6 — Representative tool-call walkthrough
A pass over each surface. On the concierge (https://hdls.ai/api/mcp):
| Tool | What to expect |
|---|---|
help | Your live connection status: workspace, role, active product, next steps. |
list_products | The full catalog — every product with its named tools, endpoint, and an installed flag. |
describe_product { "slug": "crm" } | One product in depth: each tool with a one-line description, plus how to connect. |
publish_page | Publish a hosted report or live dashboard; returns a stable https://hdls.ai/p/<id> link. See Hosted pages. |
list_pages | Everything your workspace has published, with URLs and visibility. |
On the CRM endpoint (https://hdls.ai/api/mcp/crm):
| Tool | What to expect |
|---|---|
create_account { "name": "Helios Renewables", "domain": "heliosrenew.example" } | Creates the account and returns its record (with id). |
search_accounts { "query": "helios" } | Finds the account by name/domain/industry search. |
summarize_account { "id": "<account-id>" } | The account plus its recent activity timeline in one call. |
Role gating
Tool availability follows your role in the workspace (reader < member < admin < owner — you sign up as owner):
list_products,describe_product,help,search_docs,search_skills— any role.install_product,invite_teammate— admin / owner.uninstall_product— owner only.
Lower-role tools simply don't appear in the tool list; details in Teams & roles.
Policies & support
- Privacy policy: https://hdls.ai/privacy
- Terms of service: https://hdls.ai/terms
- Support / contact: https://hdls.ai/contact
How isolation, OAuth token rotation, sandboxing, and rate limits are enforced — each with a way to verify it yourself — is documented in Security, isolation & trust.