console.ggui.ai
console.ggui.ai is the user-facing dashboard for the mcp.ggui.ai hosted MCP server. Sign in with email + password (Cognito) and everything you need to run ggui from any MCP client lives in five screens:
| Screen | Path | What lives here |
|---|---|---|
| Connector keys | / | Mint, list, and revoke ggui_user_* API keys. |
| Blueprints | /blueprints | Your private screen library — view, rename, edit metadata, delete. |
| Credits | /credits | Balance + transaction log. Top up via Stripe. |
| Provider keys | /keys/providers | BYOK — paste your Anthropic / OpenAI / Google / OpenRouter keys. |
| OAuth consent | /oauth/consent | Approval landing for MCP-Apps-aware clients (Claude Desktop, etc.). |
| CLI sign-in | /cli-confirm/[code] | Approval landing for the ggui CLI’s device flow. |
You don’t need to visit /oauth/consent or /cli-confirm/* directly — the MCP host or the CLI navigates you there at the right moment.
Connector keys (/)
Section titled “Connector keys (/)”The home page is the keys table. One row per active key: prefix, name, status, last-used timestamp, Revoke action.
Mint opens a dialog with one optional field (a friendly label). Submit, the key reveals exactly once — copy it before dismissing the dialog. Lose it and you mint a new one; there’s no recovery.
Every authentication path lands here as one row:
- The console UI mint dialog → row labelled whatever you typed.
- An OAuth ceremony from Claude Desktop / claude.ai / Goose / VS Code → row labelled with the client’s
client_namefrom DCR. - The
ggui keys createCLI command → row labelled with whatever--nameyou passed.
This unification is deliberate. The keys list IS the authoritative list of “things that can talk to ggui as you” — there’s no separate “connected clients” surface. Revoke a row and the corresponding client’s next request returns 401.
Blueprints (/blueprints)
Section titled “Blueprints (/blueprints)”Your screen library. A blueprint is a generated UI that’s been promoted from one-shot to “I want this exact screen the next time someone needs it” — see Blueprint-First architecture in the protocol docs for the full pipeline.
The page lists every blueprint scoped to your account:
- View source — the generated component code.
- Rename / edit metadata — change the human label, tags, or description.
- Delete — soft-delete with confirmation.
Blueprints get matched against incoming ggui_push calls before the LLM gets involved — same intent + same sourceTools = instant zero-LLM render. That’s where a lot of the speed and cost saving comes from.
Credits (/credits)
Section titled “Credits (/credits)”Balance, transaction log, top-up.
New accounts get $5 of free credit out of the gate. Every push burns credit proportional to the LLM call (prompt tokens × model rate) plus a small render-storage allocation. The transaction log shows every charge with model + token breakdown.
Top up via Stripe — the checkout button on the credits page mints a Checkout Session and redirects you to Stripe-hosted payment. Successful payment flips your balance immediately via webhook.
If you’d rather not spend credit, paste a provider key at /keys/providers (next section). When a BYOK key is on file for the model the request would have used, ggui calls the model on your tab and only charges credit for orchestration overhead.
Provider keys / BYOK (/keys/providers)
Section titled “Provider keys / BYOK (/keys/providers)”Paste your own provider API keys to bypass the credit pool for model calls:
- Anthropic (
sk-ant-*) - OpenAI (
sk-*) - Google (Gemini API key)
- OpenRouter (
sk-or-v1-*)
Keys are KMS-encrypted at rest and only decrypted in-memory in the per-request Lambda. The console only ever shows the key prefix once it’s been saved — submit the form once, the plaintext is consumed.
Resolution at request time is per-provider: Anthropic call → check Anthropic BYOK key → if present, use it; if not, fall back to credit pool. Mixing is fine — you can BYOK Anthropic and pay-as-you-go for everything else.
Revoke at any time. The next request that would have used the key falls back to the credit pool.
OAuth consent (/oauth/consent)
Section titled “OAuth consent (/oauth/consent)”The browser landing for MCP-Apps-aware clients running through the OAuth ceremony. When Claude Desktop (or any compatible host) asks mcp.ggui.ai to authorize, the server 302s the browser here with the OAuth params.
You see:
- The requesting client’s name (from DCR
client_name). - The scope being requested (
mcp). - Two buttons: Approve / Cancel.
Approve mints a fresh ggui_user_* key labelled after the client and posts it back to the MCP server through a cross-origin form POST. The server completes the OAuth flow and the client’s next /mcp request authenticates with the new key.
Cancel redirects back to the client with error=access_denied per RFC 6749 §4.1.2.1. The MCP server is never contacted; nothing is minted.
You don’t visit this URL directly — the MCP host sends you here at OAuth time.
CLI sign-in (/cli-confirm/[user_code])
Section titled “CLI sign-in (/cli-confirm/[user_code])”The browser landing for the ggui login device flow. The CLI prints a URL like:
https://console.ggui.ai/cli-confirm/AB12-CD34Open it, sign in if you aren’t already, confirm the codes match, click Approve. The CLI’s polling on /v1/auth/poll flips to approved and tokens land at ~/.ggui/auth.json.
Same trust model as the OAuth consent screen — confirm the code matches what the CLI printed before approving.
Account model
Section titled “Account model”One Cognito user owns one ggui account. Everything on the dashboard is scoped to your user via owner-auth on every model — your keys, your blueprints, your credit balance, your provider keys are visible only to you.
There’s no team / organisation surface in the console today. If you need shared agent infrastructure (production hosting, deploys, dashboards), the Guuey platform is the layer for that — it sits on top of the same protocol and reuses the same mcp.ggui.ai server.