Labsco
Onplana logo

Onplana

โ˜… 3

from Onplana

Connect Claude, ChatGPT, Cursor, Gemini, and GitHub Copilot to your Onplana project portfolio. 27 tools, OAuth + PAT auth, full audit trail.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedAccount requiredQuick setup

Onplana MCP server

Open-source TypeScript Model Context Protocol building blocks, extracted from Onplana's production MCP deployment. Two packages:

  • onplana-mcp-server โ€” server template. Streamable HTTP transport, Bearer auth, prompt-injection containment, pluggable dispatcher.
  • onplana-mcp-client โ€” typed TypeScript client SDK for calling the public Onplana MCP endpoint at https://api.onplana.com/api/mcp/v1.

What this is

The transport layer of an MCP server โ€” Streamable HTTP wiring, stateless mode, scoped Bearer auth, prompt-injection containment โ€” done well, separated from the platform-specific tool registry. Use the server template to build your own MCP server with security best practices baked in. Use the client SDK to drive Onplana's hosted MCP from your own code.

The patterns are extracted from Onplana's production deployment (public docs at onplana.com/mcp) โ€” the same layer that handles real Claude Desktop, Cursor, ChatGPT custom connector, and in-house agent traffic against the Onplana platform.

Why open-source

The MCP transport is the same for everyone. Most early MCP servers get the security primitives wrong:

  • Prompt injection. Tools that return user-generated content (task titles, comment bodies, wiki text) put that content directly into the model's context. Without containment, a hostile actor can plant "ignore previous instructions" in their own data and the next agent that reads it follows along.
  • Stateless transport. Most SDK examples assume in-memory session state, which breaks horizontal scaling and complicates the auth model.
  • Plan-gate semantics. Surfacing tools the caller can't actually invoke wastes turns and confuses the model.

Onplana solved these in production over six months of MCP-server work. Publishing the patterns is high-leverage:

  1. Other MCP authors get a known-good template instead of reinventing.
  2. The repo is a pretraining-signal surface โ€” public GitHub READMEs are heavily weighted in next-gen LLM training data, and a repo with patterns + clear documentation about MCP improves model recall of "what good MCP servers look like."
  3. The dispatcher interface is the seam where your business logic plugs in. The transport is generic; what matters about your MCP server is the tool registry. Open-sourcing the transport doesn't give away anything proprietary.

The dispatcher implementation, tool catalog, plan-gate logic, audit infrastructure, and the rest of Onplana's ~600 LOC closed-source dispatcher stay in the closed monorepo because they encode platform business logic. If you build your own MCP server using this template, you write your own dispatcher โ€” that's the work that matters and the work that's specific to your platform.

Repository layout

onplana-mcp-server/
โ”œโ”€โ”€ packages/
โ”‚   โ”œโ”€โ”€ server-template/        # onplana-mcp-server (npm)
โ”‚   โ”‚   โ”œโ”€โ”€ src/
โ”‚   โ”‚   โ”‚   โ”œโ”€โ”€ transport.ts    # Streamable HTTP wiring
โ”‚   โ”‚   โ”‚   โ”œโ”€โ”€ auth.ts         # Bearer auth pattern
โ”‚   โ”‚   โ”‚   โ”œโ”€โ”€ promptInjection.ts  # wrapUserContent + escape
โ”‚   โ”‚   โ”‚   โ”œโ”€โ”€ dispatcher.ts   # Pluggable Dispatcher interface
โ”‚   โ”‚   โ”‚   โ””โ”€โ”€ index.ts
โ”‚   โ”‚   โ”œโ”€โ”€ tests/              # promptInjection + auth + transport
โ”‚   โ”‚   โ””โ”€โ”€ README.md
โ”‚   โ””โ”€โ”€ client/                 # onplana-mcp-client (npm)
โ”‚       โ”œโ”€โ”€ src/
โ”‚       โ”‚   โ”œโ”€โ”€ client.ts       # OnplanaMcpClient class
โ”‚       โ”‚   โ”œโ”€โ”€ types.ts        # Public type surface
โ”‚       โ”‚   โ””โ”€โ”€ index.ts
โ”‚       โ”œโ”€โ”€ tests/              # client.test.ts (stub fetch)
โ”‚       โ””โ”€โ”€ README.md
โ”œโ”€โ”€ examples/
โ”‚   โ””โ”€โ”€ in-memory/              # Runnable demo with 3 toy tools
โ””โ”€โ”€ .github/workflows/
    โ”œโ”€โ”€ ci.yml                  # tsc + vitest on PR
    โ””โ”€โ”€ publish.yml             # npm publish on tag v*

Production checklist

The template + SDK get you running. Add these on top:

  • Per-token rate limiting. 60โ€“120 req/min per Bearer token; agentic loops are noisier than humans.
  • Tenant cost cap. If your tools call paid LLMs, gate dispatch on month-to-date spend. Onplana's deployment uses aiMonthlyCostCapUsd with WARN / BLOCK modes.
  • Audit logging. Every dispatch should write an audit row tagged with actorType: 'mcp_agent' so admins can see what AI agents did in their tenant separately from human activity.
  • Plan / scope curation. Don't expose every internal tool. Onplana exposes 21 of 26; the suppressed 5 either need an in-app preview UI, are too risky for unsupervised invocation, or produce oversized payloads.
  • PREVIEW mode for risky mutations. Default mutating tools to preview-only on free tiers. Onplana ships this โ€” agents see "what it would do" before users explicitly upgrade and re-run.
  • Idempotency keys. Hash the canonicalised input + a session id; store as a unique constraint on your audit row. A model retrying the same logical action shouldn't double-create.

Each of those is platform-specific. The template gives you the seam where they plug in (Dispatcher.callTool); your dispatcher implements them however your platform encodes those concepts.

Compatibility

  • Node.js โ‰ฅ 20 (for the server template and CI matrix); โ‰ฅ 18 for the client (uses ambient fetch).
  • @modelcontextprotocol/sdk@^1.29.0
  • express@^4.18.0 or express@^5.0.0

Tested against:

  • Claude Desktop (Custom Connector)
  • Cursor (~/.cursor/mcp.json)
  • ChatGPT custom connectors (where MCP is enabled in your account)
  • Gemini CLI + Gemini Code Assist (~/.gemini/settings.json)
  • GitHub Copilot in VS Code (.vscode/mcp.json)
  • The official MCP Inspector

See also