PTO MCP Server

Minimal MCP server for PTOAi to expose user context to Agent Builder via Supabase.

Requirements

• Node 18+

• Supabase URL + Service Role Key

Setup

npm install

Create an env file (or export vars):

export SUPABASE_URL=...
export SUPABASE_SERVICE_ROLE_KEY=...
export MCP_TRANSPORT=http
export PORT=8787
export MCP_ALLOWED_ORIGINS=https://platform.openai.com,https://chatgpt.com
export MCP_HTTP_STATELESS=true
export MCP_OAUTH_COOKIE_SECRET=...
export MCP_OAUTH_REDIRECT_ORIGINS=https://chatgpt.com,https://chat.openai.com
export MCP_PUBLIC_URL=https://mcp-0brh.onrender.com
export SUPABASE_ANON_KEY=...

Run:

npm run dev

HTTP mode (recommended for Agent Builder)

The server runs on:

http://localhost:8787/mcp

Use this URL when connecting your Agent Builder MCP tool.

MCP_HTTP_STATELESS defaults to true, which is generally required for Agent Builder. Set it to false if you have a client that supports MCP session IDs.

OAuth (recommended for production)

The server exposes OAuth endpoints:

• /.well-known/oauth-authorization-server

• /oauth/authorize

• /oauth/token

• /oauth/register

Set MCP_OAUTH_COOKIE_SECRET and SUPABASE_ANON_KEY. By default the OAuth login page uses Supabase email/password. If you want to use your own login page, set MCP_OAUTH_LOGIN_URL and it will redirect there.

Supabase refresh-token storage (required for long-lived OAuth)

Create a table to store refresh tokens so MCP can auto-refresh access tokens:

create table if not exists public.mcp_oauth_sessions (
  user_id uuid primary key references auth.users (id) on delete cascade,
  refresh_token text not null,
  updated_at timestamptz not null default now()
);

Health check:

http://localhost:8787/health

Stdio mode (local testing)

MCP_TRANSPORT=stdio npm run dev

Tools

• get_profile

• get_start_intake_latest

• get_followup_latest

• get_weekly_plans

• save_weekly_plan

All tools require access_token from a signed-in Supabase session. You can also pass a bearer token via the Authorization header.