the AI-native care layer

Care data, connected.

Nunabot is three products in one stack. An MCP server that lets AI assistants help families advocate for aging loved ones. NunaPipe, a secure bridge for care records between agencies, families, and platforms. And NunaSoft, the operating system for home-care agencies. This is the documentation for all three.

Read the protocol Learn about the pipe

Nunabot MCP

The open protocol surface. Any MCP-aware AI — Perplexity, Claude, Codex — can read loved-one digests, ask questions, and draft advocacy emails on behalf of a caregiver.

See tools and OAuth →

NunaPipe

A Plaid-style bridge for care data. Agencies, hospitals, and partner platforms push structured events — visits, notes, medications — through a single signed endpoint.

See the webhook spec →

NunaSoft

A multi-tenant operating system for home-care agencies. Caregivers clock in from their phone, families get live updates through NunaPipe, agencies keep a clean book of record.

Tour the agency portal →

What it is

The Nunabot MCP server exposes a small, opinionated toolbelt to any AI assistant that speaks the Model Context Protocol. A caregiver mints a token, pastes it into Perplexity, Claude, or Codex, and the assistant can immediately query their loved ones, read digests, and draft messages to doctors.

v1 is draft-only. Tools can read everything in a caregiver's workspace and draft outbound content, but nothing is ever sent automatically. Every send requires explicit caregiver confirmation inside the Nunabot app.

Authentication

Two ways to authenticate — pick one.

Option 1 — Personal access token (fastest)

Caregivers visit /settings in the Nunabot app, click Connect agent, and mint a token. Tokens look like nbmcp_<24 base64url chars>, are stored server-side as SHA-256 hashes (never in plaintext), and can be revoked from the same UI.

authorization headerhttp
Authorization: Bearer nbmcp_5rT3mU9qB1eF2pK4lX8vZ6oS

Option 2 — Full OAuth 2.1 with PKCE and Dynamic Client Registration

For AI hosts that prefer standards compliance, Nunabot implements the full MCP OAuth 2.1 profile — authorization-code flow with PKCE S256, and RFC 7591 Dynamic Client Registration so no human has to pre-register the app.

01
Discover
Client hits /.well-known/oauth-authorization-server.
02
Register
POST /oauth/register — returns a fresh client_id.
03
Authorize
Caregiver approves scopes at /settings/mcp-authorize.
04
Code
Short-lived code nboc_… (60s, single-use).
05
Token
POST /oauth/token with PKCE verifier returns an nbmcp_… bearer.
06
Call
Use the bearer against /api/mcp.

Supported scopes:

  • nunabot.read — list loved ones, read digests, ask questions.
  • nunabot.draft — everything in read, plus draft outbound email and log notes.

Endpoint and transport

A single endpoint: POST https://app.nunabot.com/api/mcp. Standard MCP JSON-RPC 2.0 envelopes. For streaming responses, send Accept: text/event-stream and Nunabot will reply with SSE frames — one event: message per JSON-RPC response, terminated by event: end.

streaming requesthttp
POST /api/mcp HTTP/1.1
Host: app.nunabot.com
Authorization: Bearer nbmcp_…
Content-Type: application/json
Accept: text/event-stream

{"jsonrpc":"2.0","id":1,"method":"tools/call",
 "params":{"name":"ask_about_loved_one",
  "arguments":{"loved_one_id":"lo_mom","question":"how is her sleep?"}}}

Tools

list_loved_ones
Return every loved one in the caregiver's workspace with id, display name, and last-updated timestamp.
get_digest
Fetch the latest rolling digest for a loved one — meds, appointments, open concerns, vitals.
ask_about_loved_one
Natural-language Q&A grounded in one loved one's full record.
ask_across_loved_ones
Fan-out Q&A across up to 20 loved ones in parallel. Perfect for Claude/Codex multi-loved-one batches.
draft_advocacy_email
Compose an email to a doctor, insurer, or facility in the caregiver's voice. Draft only — never sends.
log_note
Append a structured observation to a loved one's timeline. Returns the note id.
generate_nunasoft_query
Translate a natural-language ask into a NunaSoft query spec — entity, fields, filters, time range. Useful for agency admins on Claude/Codex.

Connect snippets

Perplexity

Paste the bearer token into Perplexity's MCP settings.

perplexity mcp configjson
{
  "name": "nunabot",
  "url": "https://app.nunabot.com/api/mcp",
  "auth": { "type": "bearer", "token": "nbmcp_…" }
}

Claude Desktop

~/Library/Application Support/Claude/claude_desktop_config.jsonjson
{
  "mcpServers": {
    "nunabot": {
      "url": "https://app.nunabot.com/api/mcp",
      "headers": { "Authorization": "Bearer nbmcp_…" }
    }
  }
}

Codex CLI

~/.codex/config.tomltoml
# Nunabot MCP — read + draft across loved ones
[mcp_servers.nunabot]
url = "https://app.nunabot.com/api/mcp"
auth_header = "Bearer nbmcp_…"
stream = "sse"

What it is

NunaPipe is the private-link layer between care-data producers and Nunabot's family-facing app. Think of it as Plaid for caregiving: agencies, EHRs, and home- health platforms push structured events at NunaPipe, and Nunabot lights up the right loved-one record for the right family in real time.

Why a pipe

  • Neutral shape. One event schema — institution_id, subject_ref, event_type, payload — lets us onboard any partner without redesigning the app.
  • Signed and replayable. Every request carries X-NunaPipe-Signature: sha256=…, computed over the raw body with a per-partner secret. Replays are cheap; forgeries are not.
  • Fire-and-forget on the partner side. Partners never block their own workflow waiting on Nunabot. If NunaPipe is down, events are queued and retried with exponential backoff.

Event envelope

POST https://app.nunabot.com/api/nunapipe/partner/eventsjson
{
  "institution_id": "nunasoft-sunrise-home-care",
  "subject_ref":    "client_8c1f",
  "event_type":     "visit.completed",
  "occurred_at":    "2026-04-16T21:04:00Z",
  "payload": {
    "caregiver_name": "María R.",
    "duration_min":   92,
    "note_excerpt":   "Mom ate a full lunch, mood upbeat…"
  }
}

Signature

Compute HMAC-SHA256(raw_body, partner_secret) and send the hex digest prefixed with sha256=. Nunabot verifies in constant time and rejects anything older than 5 minutes (clock-skew tolerant).

pseudocodets
const sig = "sha256=" + hmacSha256Hex(secret, rawBody);
headers["X-NunaPipe-Signature"] = sig;
headers["X-NunaPipe-Institution"] = institutionId;

Event types (v1)

visit.started
A caregiver clocked in at a client's home.
visit.completed
Clock-out. Includes duration, note excerpt, and media count.
note.created
A caregiver observation was logged — vitals, mood, medication confirmation.
medication.logged
A dose was administered, refused, or skipped. Includes med name and time.
incident.flagged
A fall, ER visit, or other high-severity event that family should see immediately.
Family share is opt-in per client. An agency using NunaSoft toggles family share on a client record, which provisions a per-client shared secret and starts forwarding that client's events to NunaPipe. Toggle it off and events stop at the agency boundary.

Becoming a partner

NunaSoft agencies get NunaPipe for free — it's wired into clock-in and clock-out. Outside partners (EHRs, hospital discharge systems, other agency platforms) can email partners@nunabot.com for a sandbox secret and a signed integration agreement.

What it is

NunaSoft is the operating system for home-care agencies. Each agency is a tenant with its own slug — nunasoft.com/sunrise-home-care — and its own admin dashboard, caregiver roster, client list, visit schedule, and message thread.

Who uses it

  • Agency admins manage clients, caregivers, and schedules from the web dashboard. They own the book of record.
  • Caregivers open the agency URL on their phone, sign in, and use the mobile portal at /me — pick a shift, clock in, log a note, clock out.
  • Families don't use NunaSoft directly. They use the Nunabot app, and data flows to them through NunaPipe when family share is on.

Data model

Every record is namespaced to a tenant — no cross-tenant reads, ever.

Firestore path shapetext
tenants/{tenant_id}/
  staff/{uid}             # caregivers & admins
  clients/{client_id}     # +family_share_enabled, +secret_hash
  visits/{visit_id}       # scheduled + in-progress + completed
  notes/{note_id}         # observations, vitals, med confirmations
  media/{media_id}        # photos taken during a visit
  messages/{msg_id}       # threads per client

Caregiver portal

NunaSoft's /me route is a phone-first webapp. Caregivers see their open shifts, pick one, clock in with a single tap, write a note, attach a photo, and clock out. Each action emits a NunaPipe event if the client has family share on — no extra work for the caregiver.

Family share toggle

toggle in admints
// admin flips family share for a client
await enrollFamilyShare(tenantId, clientId);
// → generates secret, stores sha256 hash on client row,
// → sends secret one-time to admin via secure download

// every clock-out after this call
emitFamilyShareEvent({
  tenantId, clientId,
  type: "visit.completed",
  payload: { duration_min, note_excerpt }
});

Why it matters

  • Families stop calling the agency for updates. They already have them in Nunabot.
  • Agencies get a differentiator without writing a family app. NunaPipe is the family app.
  • Nunabot gets first-party, signed, structured care data — the foundation that makes the MCP tools actually useful.
One stack, three audiences. Families use Nunabot. Agencies run on NunaSoft. AI assistants speak through the MCP. The pipe is the connective tissue.