Product availability
Marrow provides open account creation, Console, direct HTTP, TypeScript, Python, CLI, hosted MCP, and local stdio compatibility. Choose the credential for the surface you are using; one credential never silently substitutes for another.
| Surface | Credential |
|---|---|
| Account creation with email, Google, or Apple | Browser account flow |
| Account sign-in | Browser Console session |
| Credits and usage | Browser Console session or CLI session |
| API-key creation and lifecycle | Browser Console session or CLI session |
| URL and file context | Customer API key with ingest |
| Processing status | Customer API key with ingest |
| Context retrieval | Customer API key with query |
| Agent memory and native memory commands | Customer API key with memory.read or memory.write |
| CLI account connection | CLI session |
| TypeScript client | Customer API key with the route's required scope |
| Python client | Customer API key with the route's required scope |
| Hosted MCP | Interactive authorization or a customer API key with memory.read and/or memory.write |
| Local stdio MCP compatibility | Customer API key with memory.read and/or memory.write |
Invitations are optional. An invitation link can prefill an invited email address, but it is not required; account creation is also available directly from the Account page.
API-key scopes
Create keys with the record and context scopes your app needs:
marrow api-keys create --name "Server-side app" \
--scope ingest \
--scope query
memory.read and memory.write are explicit opt-in scopes for agent memory
and native memory exchange:
marrow api-keys create --name "Target-native app" \
--scope ingest \
--scope query \
--scope memory.read \
--scope memory.write
Grant native memory scopes only to apps and agents that need those operations.
Agent and native memory are available across direct HTTP, TypeScript, Python,
CLI, hosted MCP, and local stdio MCP. Hosted MCP is the recommended MCP path
for clients that support remote Streamable HTTP. marrow mcp is the
compatibility path for clients that require a local stdio server. Both MCP
transports expose the same 15 tools and the same hosted account state.
Each read or write remains scoped to the authenticated account and the
credential's memory.read or memory.write permission. Accepted message
writes enter the account's processing queue; event and queue status make read
eligibility visible. Claim correction and withdrawal are synchronous,
revision-guarded history mutations. Reads return citations or an explicit
evidence gap, and claim history preserves corrections, withdrawals, and
supersession.
Interactive MCP authorization creates a connected application in Console.
The connection authorizes the full hosted 15-tool resource for that account.
Disconnecting it revokes that application's access without changing browser
sessions or customer API keys. Use a customer API key when a server-managed
client needs narrower memory.read or memory.write authority.
Activation path
- Create an account or sign in from the Marrow Account page.
- Continue to Console and review the account-reported credit balance.
- Create a copy-once API key with
ingestandqueryin Console. - Store the key server-side as
MARROW_API_KEY. - Submit one supported URL or file.
- Wait for the processing job to reach a terminal state.
- Retrieve context from the server-side path.
- Handle citations, warnings, and insufficient evidence.
For MCP, connect to https://mcp.marrow.id. Use interactive authorization for
a person connecting an MCP client to their Marrow account. Use a scoped
customer API key for a server-managed client whose team owns credential
rotation. Do not put either credential in a URL or prompt.
Signing in does not mint a customer API key. Customer API keys do not sign in to account-management routes. Browser sessions, CLI sessions, customer API keys, and service credentials are separate authority classes.