Filevine MCP — Claude Integration

An open-source MCP (Model Context Protocol) server connecting Claude to Filevine practice management platform. Access cases, contacts, documents, notes, tasks, and custom PI data from Claude with automatic rate limiting and audit logging.

Supported Endpoints: 15 tools covering the Filevine v2 REST API.

Setup

1. Prerequisites

• Node.js 18+
• Filevine account with API access enabled
• Client ID, Client Secret, and Personal Access Token (PAT) from your firm's Filevine settings
• Claude Code, MCP client, or compatible application

2. Get Filevine Credentials

1. Personal Access Token (PAT)

   • Go to Filevine Settings → Access Tokens → Generate PAT
   • Copy and save securely

2. Client Credentials

   • Go to Settings → Client Secrets → Create Client ID + Client Secret
   • Valid for 1 year, can be rotated anytime
   • Copy both values

3. Organization & User IDs (auto-discovered on first auth call)

   • The server will discover these from /v2/users/me on first run

3. Environment Variables

Copy .env.example to .env:

# Filevine OAuth client credentials
FILEVINE_CLIENT_ID=<from Settings → Client Secrets>
FILEVINE_CLIENT_SECRET=<from Settings → Client Secrets>
FILEVINE_PAT=<from Settings → Access Tokens>

# API region (us or ca)
FILEVINE_REGION=us

# Token encryption key (generate new one)
# node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
ENCRYPTION_KEY=<64-character-hex-string>

4. Install & Build

npm install
npm run build

5. Run the Server

# Start the server
npm start

# Or use MCP inspector for debugging
npm run inspect

The server listens on stdio and outputs connection status to stderr.

6. Authenticate

Before using any Filevine tools, call the authenticate tool:

Tool: authenticate
→ Exchanges PAT for access token
→ Discovers org_id and user_id
→ Stores encrypted tokens in ~/.oktopeak-filevine/tokens.enc

Tokens auto-refresh before expiry (3600s TTL). Call logout to clear stored tokens.

Tools (15 Total)

Authentication (3 tools)

| Tool | Purpose | |------|---------| | authenticate | Exchange PAT for access token and cache org/user IDs | | auth-status | Check authentication status and token expiry | | logout | Clear stored tokens |

Cases — Projects (2 tools)

| Tool | Purpose | |------|---------| | list-cases | List cases (active, closed, pending); search by name/number | | get-case | Get full case details by ID |

Contacts (3 tools)

| Tool | Purpose | |------|---------| | search-contacts | Search contacts by name, email, or phone across all cases | | get-contact | Get contact details by ID | | list-case-contacts | List all contacts on a specific case |

Notes (2 tools)

| Tool | Purpose | |------|---------| | list-notes | List case notes; supports general, phone_call, and internal types | | create-note | Create a note (e.g., AI summary, findings, follow-ups) |

Documents (1 tool)

| Tool | Purpose | |------|---------| | list-documents | List case documents with metadata (name, type, size, URL, dates) |

Note: Returns document metadata only — no binary content. Use returned URLs to fetch document content if needed.

Tasks (2 tools)

| Tool | Purpose | |------|---------| | list-tasks | List case tasks by status (open, completed, overdue) | | create-task | Create a new task with title, description, assignee, due date |

Known Issue: The targetDate field may be ignored by the Filevine API as of Aug 2025. Workaround: set tasks via UI.

Custom Data — Collections (2 tools)

| Tool | Purpose | |------|---------| | discover-schema | Map your firm's custom sections (medical records, liens, settlements, etc.) | | get-collection | Fetch custom collection data using discovered selectors |

Why collections matter: Unlike standardized case fields, each firm builds custom "Collection sections" for PI workflows. The discover-schema tool finds your firm's structure.

Example workflow:

1. Call discover-schema → see available sections (e.g., "MedicalRecords", "Liens")
2. Use selector from discovery → get-collection to fetch PI-specific data

Rate Limiting & Performance

Filevine Rate Limits: | Endpoint | Limit | |----------|-------| | Standard | 320 req/endpoint/min | | Billing | 250 req/endpoint/min | | Reports/Vitals | 5 req/endpoint/min | | VineSign | 10 req/user/month |

Implementation:

• Token bucket at 300 req/min (conservative)
• Exponential backoff on 429 Too Many Requests (1s → 2s → 4s → ... → 30s max)
• Automatic wait before rate limit breach

API Details

Request Flow

1. Token Exchange (on first authenticate call)

   POST https://identity.filevine.com/connect/token
   client_id, client_secret, grant_type=personal_access_token, token=PAT
   → access_token (3600s), refresh_token, scopes

2. Org/User Discovery

   GET /v2/users/me
   Authorization: Bearer {access_token}
   → {id: user_id, org_id: org_id}

3. Every API Request (3 required headers)

   Authorization: Bearer {access_token}
   x-fv-orgid: {org_id}
   x-fv-userid: {user_id}

Base URLs

• US: https://api.filevine.io
• CA: https://api.filevine.ca

Set via FILEVINE_REGION environment variable.

Authentication Headers

The biggest difference from other legal APIs: every request needs 3 headers, not just Authorization. Filevine uses x-fv-orgid and x-fv-userid to scope queries to the correct organization and user context.

Architecture

src/
├── index.ts                      # Server entry point
├── filevine-client.ts            # API client with 3-header middleware
├── auth/
│   ├── authTools.ts              # authenticate, auth-status, logout
│   ├── oauth.ts                  # PAT token exchange + org/user discovery
│   └── token-store.ts            # AES-256-GCM encrypted token storage
├── tools/
│   ├── cases.ts                  # list-cases, get-case
│   ├── contacts.ts               # search-contacts, get-contact, list-case-contacts
│   ├── notes.ts                  # list-notes, create-note
│   ├── documents.ts              # list-documents
│   ├── tasks.ts                  # list-tasks, create-task
│   └── collections.ts            # discover-schema, get-collection
├── resources/
│   ├── auth-status.ts            # Auth status resource (filevine://auth/status)
│   └── compliance.ts             # Compliance notice
├── audit/
│   └── logger.ts                 # Audit logging (JSON-lines)
└── utils/
    └── rate-limiter.ts           # Token bucket + 429 backoff

Token Storage

Tokens are encrypted with AES-256-GCM and stored locally:

• Location: ~/.oktopeak-filevine/tokens.enc
• Encryption: AES-256-GCM with random IV + auth tag
• Key: ENCRYPTION_KEY from .env (64-char hex)

Audit Logging

Every tool call is logged to ~/.oktopeak-filevine/audit.log:

• Timestamp, tool name, arguments (secrets redacted)
• Outcome (success/error), user ID, case ID, result count
• Supports ABA Opinion 512 compliance documentation

Error Handling

Common Errors

| Error | Cause | Fix | |-------|-------|-----| | ENCRYPTION_KEY is not set | Missing env var | Generate key: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))" | | PAT exchange failed (401) | Invalid credentials | Verify Client ID, Secret, PAT from Filevine Settings | | Failed to discover user info | Token doesn't have required scopes | Regenerate PAT and Client Credentials in Filevine | | 429 Too Many Requests | Rate limit hit | Server auto-backs off; normal behavior under load | | Unknown collection selector | Selector not found | Run discover-schema to find available selectors |

Development

TypeScript

• Strict mode enabled
• ES2022 target, Node16 modules
• npm run build → build/ directory

Dependencies

• @modelcontextprotocol/sdk — MCP protocol
• dotenv — Environment loading
• zod — Schema validation for tool parameters
• crypto, fs, http — Node builtins

Debugging

npm run inspect

Opens MCP inspector at http://localhost:3000 — test tools, check parameters, verify responses.

Testing

npm run build
npm start
# In another terminal:
npm run inspect

Resources

Official Filevine

• API Docs: developer.filevine.io
• Support: support.filevine.com/hc/en-us
• Examples: github.com/Filevine/filevine-api-examples (C#, JS, Python)
• Rate Limits: support.filevine.com/hc/en-us/articles/30948396130203

Reference Implementations

• Treillage (Python): github.com/W1ndst0rm/Treillage — Rate limiter + token refresh reference

Compliance & Security

• Data Handling: All Filevine data fetched on-demand — nothing cached locally
• Token Storage: AES-256-GCM encrypted on disk; decryption requires ENCRYPTION_KEY
• Audit Logging: Every tool call logged with redacted secrets
• Rate Limiting: 300 req/min rolling window + 429 backoff protects your account
• Write Access: Only create-note and create-task modify data
• Token Refresh: Auto-refresh 5 min before expiry (3600s TTL)

See src/resources/compliance.ts for full compliance notice.

License

MIT — Oktopeak

Related

• Clio MCP: github.com/oktopeak/clio-mcp — Similar connector for Clio practice management