PTO MCP Server
Minimal MCP server for PTOAi to expose user context to Agent Builder via Supabase.
Requirements
- Node 18+
- Supabase URL + Service Role Key
Setup
npm install
Create an env file (or export vars):
export SUPABASE_URL=...
export SUPABASE_SERVICE_ROLE_KEY=...
export MCP_TRANSPORT=http
export PORT=8787
export MCP_ALLOWED_ORIGINS=https://platform.openai.com,https://chatgpt.com
export MCP_HTTP_STATELESS=true
export MCP_OAUTH_COOKIE_SECRET=...
export MCP_OAUTH_REDIRECT_ORIGINS=https://chatgpt.com,https://chat.openai.com
export MCP_PUBLIC_URL=https://mcp-0brh.onrender.com
export SUPABASE_ANON_KEY=...
Run:
npm run dev
HTTP mode (recommended for Agent Builder)
The server runs on:
http://localhost:8787/mcp
Use this URL when connecting your Agent Builder MCP tool.
MCP_HTTP_STATELESS defaults to true, which is generally required for Agent Builder.
Set it to false if you have a client that supports MCP session IDs.
OAuth (recommended for production)
The server exposes OAuth endpoints:
/.well-known/oauth-authorization-server/oauth/authorize/oauth/token/oauth/register
Set MCP_OAUTH_COOKIE_SECRET and SUPABASE_ANON_KEY.
By default the OAuth login page uses Supabase email/password.
If you want to use your own login page, set MCP_OAUTH_LOGIN_URL and it will redirect there.
Supabase refresh-token storage (required for long-lived OAuth)
Create a table to store refresh tokens so MCP can auto-refresh access tokens:
create table if not exists public.mcp_oauth_sessions (
user_id uuid primary key references auth.users (id) on delete cascade,
refresh_token text not null,
updated_at timestamptz not null default now()
);
Health check:
http://localhost:8787/health
Stdio mode (local testing)
MCP_TRANSPORT=stdio npm run dev
Tools
get_profileget_start_intake_latestget_followup_latestget_weekly_planssave_weekly_plan
All tools require access_token from a signed-in Supabase session.
You can also pass a bearer token via the Authorization header.