Fooodo / Docs

Insights MCP server

Connect ChatGPT, Claude, Copilot, or Gemini to your Fooodo Insights tenant via the remote Model Context Protocol server.

Fooodo Insights ships a per-tenant remote Model Context Protocol server. It exposes your organisation's operational analytics and a small set of bounded write actions to any AI client that speaks MCP — without API keys, custom integrations, or copy-paste.

Who can use it? Any Fooodo Insights customer with admin, analyst, or viewer access to a tenant that has the mcp_enabled feature flag turned on. The flag is dark by default for every org; contact support@fooodo.com to request enablement and receive your tenant's MCP URL.

Two MCP servers, one product family. This page covers the Insights MCP server, which exposes per-tenant operational analytics over OAuth 2.1. A separate marketing-handbook MCP server runs at /api/mcp on fooodo.com and is public — agents use it to learn what Fooodo is and to submit lead requests. The two surfaces are deliberately separate: handbook content vs. customer data.

Why MCP

MCP is the open standard AI clients use to talk to remote data and tools — the agent's equivalent of OAuth + REST. A single MCP server can be added once and reused by ChatGPT, Claude, Copilot, Gemini, Cursor, Windsurf, Zed, and the growing list of compliant clients.

For Fooodo Insights customers this means:

  • No vendor lock-in. Your analyst can ask the same question from ChatGPT today and Gemini tomorrow without re-configuring anything.
  • Bounded, audited actions. Write tools (e.g. trigger data import, acknowledge alert) require the insights:write scope and an admin or analyst role. Every write is recorded in the audit log with source: "mcp".
  • Tenant isolation. Tools are scoped to the user's organisation at the database level; cross-tenant access is impossible.

Connect from your AI

The Insights MCP server speaks OAuth 2.1 with Dynamic Client Registration, so every client below uses the same one-click flow: paste your tenant URL, click Connect, log in with your Fooodo Insights account, approve the scopes — done.

The snippets below use <INSIGHTS_MCP_URL> as a placeholder. Replace it with the URL Fooodo support sends you after enabling MCP for your tenant.

ChatGPT (Plus / Pro / Enterprise)

  1. Open Settings → Connectors → Add custom connector (Developer Mode must be enabled).
  2. Server URL: <INSIGHTS_MCP_URL>.
  3. Approve the consent page when prompted.

Claude.ai (Pro and above)

  1. Open Settings → Connectors → Add custom connector.
  2. Name: Fooodo Insights. Server URL: <INSIGHTS_MCP_URL>.
  3. Approve the consent page.

GitHub Copilot (VS Code 1.101+, JetBrains, Visual Studio)

Add to your workspace's .vscode/mcp.json:

{
  "servers": {
    "fooodo-insights": {
      "type": "http",
      "url": "<INSIGHTS_MCP_URL>"
    }
  }
}

If you're on Copilot Business/Enterprise, your admin must enable the MCP servers in Copilot policy first.

Gemini CLI

Add to your Gemini CLI configuration:

{
  "mcpServers": {
    "fooodo-insights": {
      "url": "<INSIGHTS_MCP_URL>",
      "oauth": true
    }
  }
}

Gemini Enterprise

In the Google Cloud console, register the server as a custom MCP data store:

FieldValue
Server URL<INSIGHTS_MCP_URL>
AuthenticationOAuth 2.0 (Dynamic Client Registration)
Required scopesinsights:read, insights:write

What the agent can do

The server exposes tools in three tiers. Clients should pick the lowest tier that answers the question — it's cheaper, faster, and deterministic.

Tier 1 — Data tools (fast, deterministic, read-only)

ToolReturns
get_period_summaryAggregated metrics for a date range — sales, COGS, EBIT, gross margin, top campaigns
get_weekly_sales_dataWeek-by-week sales with active campaigns and cost data
get_channel_statsPer-channel performance metrics (dine-in, delivery, ghost kitchen, etc.)
get_daily_performanceDay-by-day sales by channel and restaurant
get_product_performanceProduct/menu-item ranking by margin and volume
get_cfo_pnl_dataP&L breakdown — revenue, COGS, labor, OpEx, EBIT — for the CFO dashboard view

Tier 2 — Specialist agents (single-domain LLM analysis)

ToolReturns
consult_financial_analystFinancial-only "why" analysis grounded in the period's data
consult_marketing_strategistMarketing-only causal-uplift and campaign-attribution analysis
consult_market_researchMarket context — seasonality, holidays, consumer-behaviour trends

Tier 3 — Orchestrator (cross-domain synthesis)

ToolReturns
ask_orchestratorRoutes a cross-domain question across all specialist agents and synthesises one answer

Search & fetch (ChatGPT Deep Research, generic clients)

ToolReturns
searchList of insights and agent-action history matching a query — {id, title, url, snippet}
fetchFull content of a document by id from search{id, title, text, url, metadata}

Write tools (require insights:write + admin/analyst role)

ToolDoes
trigger_data_importTriggers a configured scheduled file fetch immediately (async — returns a job_id)
acknowledge_alertMarks an alert as acknowledged
resolve_alertResolves an alert
generate_reportGenerates a PDF report (async)
regenerate_insightsRe-runs the insights generator for the org (async)
get_job_statusPolls an async job's status

Prompts

weekly_business_review, margin_diagnosis — slash-command prompts for ChatGPT Apps and other prompt-aware clients.

Security and limits

  • OAuth 2.1 + PKCE, public clients, rotating refresh tokens. Access tokens are HS256 JWTs valid for one hour. Refresh tokens are valid for 60 days, stored as SHA-256 hashes, single-use on rotation.
  • Per-organisation gating via the mcp_enabled feature flag — dark by default for every org. Enablement is a support ticket, not a self-serve toggle, so customers can stage rollout.
  • Per-tier rate limits per user. Data tools 60/min; specialist and orchestrator 10 per 5 min; write tools 5 per 5 min.
  • Revocation. Users can revoke any client at any time from their account settings (/account/connected-apps on the Insights side). Admins can revoke org-wide.
  • Audit trail. Every write tool call is recorded in the audit log with source: "mcp", including the client name, the user, and the input payload.
  • Tenant isolation at the database layer. Every query is scoped to the user's organisation before it leaves the application; the server cannot return cross-tenant data.

For agent developers

  • Discovery URL: <INSIGHTS_MCP_URL>/.well-known/oauth-authorization-server (and /mcp suffixed, per RFC 8414 §3.1).
  • Protected-resource metadata: <INSIGHTS_MCP_URL>/.well-known/oauth-protected-resource/mcp (per RFC 9728).
  • Dynamic Client Registration: POST <INSIGHTS_MCP_URL>/register — open registration, but every authorisation still requires interactive consent.
  • Scopes: insights:read (default) and insights:write (for write tools).
  • Transport: Streamable HTTP, MCP protocol version 2025-06-18.

Standards followed: MCP 2025-06-18, RFC 6749 (OAuth 2.0), RFC 7636 (PKCE), RFC 7591 (Dynamic Client Registration), RFC 8414 (Authorization Server Metadata), RFC 9728 (Protected Resource Metadata).

Fooodo Insights

The decision-intelligence layer for multi-location chains — what it is, what it isn't, and the architecture under it.

On this page

Why MCPConnect from your AIChatGPT (Plus / Pro / Enterprise)Claude.ai (Pro and above)GitHub Copilot (VS Code 1.101+, JetBrains, Visual Studio)Gemini CLIGemini EnterpriseWhat the agent can doTier 1 — Data tools (fast, deterministic, read-only)Tier 2 — Specialist agents (single-domain LLM analysis)Tier 3 — Orchestrator (cross-domain synthesis)Search & fetch (ChatGPT Deep Research, generic clients)Write tools (require insights:write + admin/analyst role)PromptsSecurity and limitsFor agent developers