mcp
Health Warn
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 6 GitHub stars
Code Warn
- network request — Outbound network request in package-lock.json
- fs module — File system access in package.json
- network request — Outbound network request in package.json
- network request — Outbound network request in src/client.ts
- process.env — Environment variable access in src/helpers.ts
- network request — Outbound network request in src/helpers.ts
- process.env — Environment variable access in src/index.ts
- network request — Outbound network request in src/types.ts
Permissions Pass
- Permissions — No dangerous permissions requested
No AI report is available for this listing yet.
Connect your agents to every app through a single MCP.
One MCP Server
Website · Docs · Dashboard · Changelog · X · LinkedIn
Connect your AI agents to 500+ apps through a single MCP server. Search for actions, read documentation, and execute API calls across platforms, without having to manage OAuth tokens or API keys.
npm install -g @withone/cli
one init
That's it. The One CLI will prompt you for your API key (get one from the One dashboard) and configure the MCP server for your environment: Claude Desktop, Cursor, Claude Code, Windsurf, or any MCP-compatible agent.
Capabilities
- 500+ platforms. Gmail, Slack, Shopify, HubSpot, Stripe, Linear, QuickBooks, and more.
- Natural language execution. "read my last gmail email", "send a message to #general on Slack"
- Code generation. "build a form to send emails using Gmail", "create a dashboard that lists my Linear projects"
- No tool bloat. Only 4 tools exposed regardless of how many platforms or actions you connect. Actions are search-based, so your agent's context window stays clean.
- Fine-grained access control. Restrict which actions, connections, and permission levels (read, write, admin) your agent has access to.
- Secure by default. All requests proxied through One, secrets automatically redacted, no platform API keys to manage.
Examples
Execute actions directly:
"Get my last 5 emails from Gmail"
"Send a Slack message to #general: 'Meeting in 10 minutes'"
"Get all products from my Shopify store"
Generate integration code:
"Create a React form component that sends emails using Gmail"
"Build a dashboard that displays Linear users and their assigned projects with filtering"
"Create a paginatable table that fetches and displays QuickBooks invoices with search and sort"
Tools
The server exposes four MCP tools:
| Tool | Description |
|---|---|
list_one_integrations |
List available platforms and active connections, each with the access it confers (full, methods, or specific actions) |
search_one_platform_actions |
Search for actions on a specific platform |
get_one_action_knowledge |
Get detailed documentation for an action |
execute_one_action |
Execute an API action on a connected platform |
Remote MCP Server
Prefer not to run anything locally? One hosts a remote MCP server at https://mcp.withone.ai/mcp. Point any MCP client that supports remote (HTTP) servers at that URL and authenticate with One via OAuth. There's no npm install and no ONE_SECRET to manage. You approve access in One's consent screen, where you can scope exactly which connections, actions, and permission levels the agent gets. Those choices are surfaced back to the agent through each connection's access field, so it knows what it can run without searching.
Clients with native remote support
Add https://mcp.withone.ai/mcp as a remote (custom) MCP server and complete the OAuth prompt.
Clients without native remote support (Claude Desktop, etc.)
Bridge to the remote server with mcp-remote:
{
"mcpServers": {
"one": {
"command": "npx",
"args": ["mcp-remote", "https://mcp.withone.ai/mcp"]
}
}
}
The first run opens a browser to authenticate and authorize. After that, the same four tools are available.
Manual Installation
If you prefer to configure the server manually instead of using one init, install the package directly:
npm install @withone/mcp
Then set the required environment variable:
ONE_SECRET=your-one-secret-key
Identity Scoping
Scope connections to a specific identity (e.g., a user, team, or organization):
ONE_IDENTITY=user_123
ONE_IDENTITY_TYPE=user
| Variable | Description | Values |
|---|---|---|
ONE_IDENTITY |
The identifier for the entity (e.g., user ID, team ID) | Any string |
ONE_IDENTITY_TYPE |
The type of identity | user, team, organization, project |
When set, the MCP server will only return connections associated with the specified identity. This is useful for multi-tenant applications where you want to scope integrations to specific users or entities.
Access Control
Fine-tune what the MCP server can see and do:
ONE_PERMISSIONS=read
ONE_CONNECTION_KEYS=conn_key_1,conn_key_2
ONE_ACTION_IDS=action_id_1,action_id_2
ONE_KNOWLEDGE_AGENT=true
| Variable | Type | Default | Description |
|---|---|---|---|
ONE_PERMISSIONS |
read | write | admin |
admin |
Filter actions by HTTP method. read = GET only, write = GET/POST/PUT/PATCH, admin = all methods |
ONE_CONNECTION_KEYS |
* or comma-separated keys |
* |
Restrict visible connections and platforms to specific connection keys |
ONE_ACTION_IDS |
* or comma-separated IDs |
* |
Restrict visible and executable actions to specific action IDs |
ONE_KNOWLEDGE_AGENT |
true | false |
false |
Remove the execute_one_action tool entirely, forcing knowledge-only mode |
All defaults preserve current behavior. If no access control env vars are set, the server starts with full access and all tools available.
Whatever you configure here is surfaced back to the agent: list_one_integrations stamps each connection with an access field so the agent knows up front what it can run there, without spending a turn searching. It is one of:
access |
When |
|---|---|
{ "policy": "full" } |
No action allowlist and ONE_PERMISSIONS=admin — every action is runnable. |
{ "policy": "methods", "methods": ["GET", ...] } |
No action allowlist, but ONE_PERMISSIONS is read/write — only these HTTP methods are runnable. |
{ "policy": "actions", "actions": [{ "actionId", "title", "method" }] } |
ONE_ACTION_IDS is set — exactly these actions (the ones on that connection's platform) are runnable, so no search is needed. |
Manual Configuration
If you used one init, the configuration below is already done for you. These examples are for reference or manual setups.
Standalone
npx @withone/mcp
Claude Desktop / Cursor
Add the following to your MCP config:
- Claude Desktop: MacOS:
~/Library/Application\ Support/Claude/claude_desktop_config.json· Windows:%APPDATA%/Claude/claude_desktop_config.json - Cursor: Open the Cursor menu and select "MCP Settings"
{
"mcpServers": {
"one": {
"command": "npx",
"args": ["@withone/mcp"],
"env": {
"ONE_SECRET": "your-one-secret-key"
}
}
}
}
Docker
docker build -t one-mcp-server .
docker run -e ONE_SECRET=your_one_secret_key one-mcp-server
All environment variables listed above can be passed as -e flags.
Security
All requests to third-party platforms are authenticated and proxied through One's API. The MCP server never handles OAuth tokens or platform API keys directly. The ONE_SECRET key is the sole credential required, and it is automatically redacted from all response payloads returned to clients. Sensitive headers are stripped from logged and returned request configurations.
License
MIT
Support
For support, please contact [email protected] or visit https://withone.ai
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found