FAQ

About the connector

Does my AI assistant see my password?

No. Authentication happens in a browser window against Consilio Identity, not inside the client. Your AI assistant only ever receives an OAuth access token scoped to the MCP audience (https://mcp.ai.consilio.com). Passwords stay between you and the identity provider.

Can my assistant modify my matters?

No. Every tool Aurora MCP exposes is read-only. There is no write path by design — no tool creates, updates, deletes, exports, or shares anything upstream. See Security model for the full surface.

What can the assistant actually see?

Whatever you can see in the Consilio portal — nothing more. Aurora MCP runs every request as the signed-in user, so the visibility rules are identical to the portal’s.

What happens if my Consilio access changes?

If your portal access is revoked, your MCP access disappears at the same instant — no separate off-boarding step is required. If a matter is closed or your role changes mid-session, the next tool call reflects the new permissions immediately because the gateway re-authorises every request.

Does Aurora MCP work offline?

No. It’s a Remote MCP server that calls live Consilio APIs. If the upstream is down, the tools return an error; they don’t serve cached data.

How is this different from a “Claude plug-in”?

Aurora MCP implements the Model Context Protocol — an open protocol for tool-bearing servers. While it works perfectly with Claude, it also works with GitHub Copilot, Cursor, and any other MCP-speaking client. There’s no product-specific “plugin” lock-in.

Can I host Aurora MCP myself?

Aurora MCP is operated by Consilio as a managed service. For isolated-tenant or on-prem arrangements, contact your Consilio account team.

Which Consilio accounts work with Aurora MCP?

Any account that can sign in to the Consilio portal at auth.ai.consilio.com. There is no separate enrolment, no new credential to issue, and no additional licence to purchase to use the connector itself — usage falls under your existing Consilio engagement.

Are tool calls billable or rate-limited?

Tool calls are subject to per-tenant policy enforced at Consilio’s API gateway. If your organisation has a usage cap, the gateway returns a 429 Too Many Requests once the cap is reached; the assistant surfaces this verbatim. Talk to your Consilio account team if you need limits revisited.

What models and clients are supported?

Any Streamable HTTP MCP client that implements OAuth 2.1 with PKCE and RFC 9728 Protected Resource Metadata discovery. We test against claude.ai, Claude Desktop, Claude Code, Cursor, and GitHub Copilot.

Does Aurora MCP train on my data?

No. The MCP server does not persist prompt content or tool outputs and does not feed any Consilio model. Your AI provider’s terms separately govern what their models do with your prompt — that’s between you and them and is unchanged by using this connector.

Where are tokens stored?

Access tokens never reach the Aurora MCP server. They terminate at Consilio’s API gateway, which validates them and forwards only signed identity headers to the MCP process. See Security model for the full token lifecycle.

Troubleshooting

”401 Unauthorized” from the connector

The token didn’t reach the gateway, expired mid-call, or was rejected by audience binding. Refresh the connector in your client and re-authorise. If it recurs, capture the timestamp and email support@consilio.com — the gateway logs will show the exact rejection reason.

”No matters returned” but I know I have matters

Two common causes:

Portal access not provisioned. Confirm you can see the matter in portal.consilio.com first. Aurora MCP can’t show you anything you can’t see in the portal.
The query was too narrow. Try the alpha-code (e.g. A12345) or a broader free-text search.

First call is slow

The MCP server reranks ambiguous matter searches with a small language model; first calls inside a fresh container can take a couple of seconds while the model warms up. Subsequent calls are fast.

My client doesn’t support OAuth 2.1 + PKCE

You will not be able to connect. The MCP spec mandates PKCE for public clients and Aurora MCP enforces it at the gateway. Update your client.

Support

Issues / feature requests — open an issue in the aurora-mcp repository.
Security issues — email infosec.clientrequests@consilio.com (do not file a public issue). Acknowledged within 1 business day; coordinated disclosure and remediation timelines follow Consilio’s internal incident-response policy.
General product support — email support@consilio.com with the word MCP in the subject. First response within 2 business days (Mon–Fri, 9:00–17:00 US ET). P1 / production-impact tickets are triaged the same business day. Escalation path for unresolved tickets: reply on the ticket thread requesting escalation, then re-email support@consilio.com with subject prefix ESCALATION: <ticket id>.

When emailing support, please include:

The MCP client you were using (claude.ai, Claude Desktop, Claude Code, Cursor, GitHub Copilot, etc.) and its version.
The timestamp of the failing call (UTC if possible).
The request-id from the error response, if you have it.
The tool name and approximate arguments (matter alpha-code, query text). Do not paste full document contents — the request-id is enough for us to find the trace.