> ## Documentation Index
> Fetch the complete documentation index at: https://braintrust.dev/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Cursor Cloud MCP JWT validation error fix

export const plans_0 = "Any"

export const deployments_0 = "Braintrust-hosted"

export const data_plane_version_0 = undefined

export const use_case_0 = "Use case - Using the Braintrust MCP server with Cursor Cloud agents that cannot complete the OAuth browser flow"

<Note>
  **Applies to:**

  * Plan - {plans_0}
  * Deployment - {deployments_0}
  * {data_plane_version_0}
  * {use_case_0}
</Note>

## Summary

**Issue:** Cursor Cloud agents throw `[401] Failed to validate Cognito JWT: JWT string does not consist of exactly 3 parts` when connecting to the Braintrust MCP server.

**Cause:** Cursor Cloud runs in a remote environment with no interactive browser session, so the default OAuth flow cannot complete — resulting in a malformed token that fails all validation checks, including Cognito JWT verification.

**Resolution:** Configure `.cursor/mcp.json` with an explicit `Authorization` header using a Braintrust API key to bypass OAuth entirely.

## Resolution steps

### Configure explicit API key auth in `.cursor/mcp.json`

#### Step 1: Create or update `.cursor/mcp.json`

Add the `headers` field with your Braintrust API key. Place this file at the project root for project-level config, or in your home directory for global config.

```json theme={"theme":{"light":"github-light","dark":"github-dark-dimmed"}}
{
  "mcpServers": {
    "braintrust": {
      "url": "https://api.braintrust.dev/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_BRAINTRUST_API_KEY"
      }
    }
  }
}
```

Replace `YOUR_BRAINTRUST_API_KEY` with a key from **Settings** > **API keys** in the Braintrust app.

#### Step 2: Verify the connection

Restart Cursor and confirm the MCP server connects without a 401 error.

> **Note:** `BRAINTRUST_API_KEY` set in your local environment does not carry over to Cursor Cloud agents. The explicit `headers` config is required.

### Alternative: use the Braintrust CLI

If you need read/write access (running evals, modifying prompts, updating datasets), the Braintrust CLI works in cloud environments and has a simpler auth setup.

#### Step 1: Install the CLI

```bash theme={"theme":{"light":"github-light","dark":"github-dark-dimmed"}}
curl -fsSL https://bt.dev/cli/install.sh | sh
```

#### Step 2: Configure MCP via the CLI

```bash theme={"theme":{"light":"github-light","dark":"github-dark-dimmed"}}
bt setup mcp
```

This handles authentication and MCP configuration without requiring a browser session.
