qlows MCP - Tender Search & RFP Response

在35個國家(WTO-GPA區域)中尋找公開招標,並在回應RFP時為您的AI提供依據。

文件

qlows

qlows MCP connector

npm LobeHub MCP Registry License: MIT

Bring your live qlows RFP/bid deals — and the public tender corpus across 35 WTO-GPA countries — into Claude, Cursor, Windsurf, Cline, Zed, or any Model Context Protocol client.

qlows-mcp is a tiny local connector. It runs on your machine as a stdio MCP server and securely proxies tool calls to the qlows API (https://app.qlows.com). It stores nothing but your token, contains no backend logic, and is read-only — your AI can pull deal context, never write back.

Quotes. Flows. Close. qlows preps the bid; your AI drafts from real, grounded context. Learn more at https://qlows.com.

Install

One-click install for the common clients (or copy the JSON snippet below):

Add to Cursor Add to VS Code Add to LobeChat Set up in Claude


Quick start (≈ 1 minute)

# 1. Connect your account (opens the browser, you paste a token back)
npx @qlows/mcp login

# 2. Verify it works
npx @qlows/mcp test          # → prints the available tools

# 3. Print the snippet for your AI client
npx @qlows/mcp config

Then add qlows to your client (example: Claude Desktop, ~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "qlows": {
      "command": "npx",
      "args": ["-y", "@qlows/mcp"]
    }
  }
}

Restart the client. If you didn't run login, pass the token instead:

{
  "mcpServers": {
    "qlows": {
      "command": "npx",
      "args": ["-y", "@qlows/mcp"],
      "env": { "QLOWS_TOKEN": "qlw_live_…" }
    }
  }
}

You'll need a qlows account to mint a personal token (free tier works for tender search). Sign up + mint at https://app.qlows.com/mcp.


Try these prompts

After connecting, ask your AI:

  1. "Use the qlows MCP to list my open deals, then summarize the top 3 risks in the most urgent one."
  2. "Search public tenders for Zero-Trust networking in the EU closing in the next 30 days, and give me the qlows link for each."
  3. "Read the deal <deal-id> from qlows and draft the Technical Approach section, grounding every claim in the compliance items and our approved answers."

What you get

All tools are read-only. Personal-data tools need a personal token; the tender tools also work on a free account.

ToolWhat it does
list_dealsYour RFP/bid deals (lightweight metadata)
get_deal_snapshotFull deal snapshot — RFP summary + compliance + Q-routing + intelligence
search_compliance_itemsKeyword search across compliance items
get_q_routing_stateSections + questions + answers + assignment state
get_intelligence_summaryAI summary + tailoring detection
list_questionsFlat question list
list_competitorsPer-deal competitor analysis
search_tendersPublic tender corpus search (FTS + filters)
search_tenders_for_my_companyPersonalised semantic tender search
get_tender_detailFull enriched record for one tender

Plus three prompts (slash-commands) — find_matching_tenders, draft_rfp_section, weekly_pipeline_review — see Skills below.

The connector discovers tools and prompts live from the server, so new qlows capabilities appear without updating this package.


Skills

Three things qlows is built to do inside your AI. Each maps to a prompt (a slash-command your client exposes) plus the read-only tools it drives — all grounded in real qlows data, never invented.

🔎 Find matching tenders

Prompt: find_matching_tenders (args: industry, optional country, optional deadline_within_days). Drives search_tenders and returns each live notice with its canonical qlows_url. Full context: https://qlows.com/platform/qlows-mcp.

"Find open zero-trust networking tenders in Germany closing in the next 30 days, with the qlows link for each."

✍️ Draft an RFP section, grounded

Prompt: draft_rfp_section (args: deal_id, section). Pulls the deal's compliance grid and approved answers via get_deal_snapshot + search_compliance_items, then drafts the section with every claim traced to source — no fabricated capabilities, dates, or past performance.

"Draft the Technical Approach for deal <id>, grounded in the compliance items and our approved answers."

🗂️ Review your pipeline

Prompt: weekly_pipeline_review (no args). Uses list_deals + get_q_routing_state to produce a prioritized to-do list: what's due, what's blocked, and the next action per deal.

"Review my qlows pipeline and tell me which bids need attention first."

The public tender skills work on a free account; the deal skills need a personal token. See the full platform overview.


Commands

CommandDescription
qlows-mcpRun the MCP server over stdio (how clients launch it)
qlows-mcp loginSign in via browser and store a token in ~/.qlows/config.json (0600)
qlows-mcp testList available tools to verify your token
qlows-mcp configPrint config path + a client setup snippet
qlows-mcp helpUsage

Environment variables

  • QLOWS_TOKEN — API token (overrides the stored one).
  • QLOWS_BASE_URL — defaults to https://app.qlows.com; point at http://localhost:3000 for local testing.

How it works

MCP client (Claude/Cursor)  ⇄  qlows-mcp (stdio, local)  ⇄  https://app.qlows.com/api/mcp/<token>/rpc

The connector is a transparent JSON-RPC proxy. It does not implement tools — it forwards initialize, tools/list, tools/call, prompts/*, and resources/* to the qlows server and relays the responses. The token travels in the request to qlows over HTTPS; treat it like a password.


Troubleshooting

  • No qlows token found — run qlows-mcp login, or set QLOWS_TOKEN.
  • Token missing, invalid, or expired — the token was revoked or expired; mint a new one at https://app.qlows.com/mcp and re-run login.
  • Rate limit exceeded — 60 requests/min per token; wait and retry.
  • Client doesn't see qlows — restart the client after editing config; validate the JSON (a stray comma silently breaks it); check the client's MCP logs.

Verify end-to-end with the MCP Inspector:

npx @modelcontextprotocol/inspector npx @qlows/mcp

Privacy & security

  • Read-only: no tool writes back to your qlows account.
  • The connector stores only your token, locally, at ~/.qlows/config.json (permissions 0600). It collects no telemetry.
  • Tokens are SHA-256-hashed at rest on the qlows server and can be revoked instantly at https://app.qlows.com/mcp.
  • Privacy policy: https://qlows.com/privacy

Roadmap

  • One-click browser auto-capture for login (loopback callback).
  • Desktop Extension (.mcpb) bundle for a true one-click Claude Desktop install (the badge above links to setup docs in the meantime).
  • Anthropic Connector Directory listing — the OAuth 2.1 + PKCE endpoint is live on the qlows server; directory submission is tracked as a follow-up.

Development

npm install
npm run build
QLOWS_TOKEN=… QLOWS_BASE_URL=http://localhost:3000 node dist/index.js test

Publishing is automated on v* tags (see .github/workflows/release.yml): npm publish → MCP Registry publish via GitHub OIDC.

##Badges

MCP Badge

License

MIT