mcp

mcp
Guvenlik Denetimi
Uyari
Health Uyari
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 6 GitHub stars
Code Uyari
  • network request — Outbound network request in package-lock.json
  • fs module — File system access in package.json
  • network request — Outbound network request in package.json
  • network request — Outbound network request in src/client.ts
  • process.env — Environment variable access in src/helpers.ts
  • network request — Outbound network request in src/helpers.ts
  • process.env — Environment variable access in src/index.ts
  • network request — Outbound network request in src/types.ts
Permissions Gecti
  • Permissions — No dangerous permissions requested

Bu listing icin henuz AI raporu yok.

SUMMARY

Connect your agents to every app through a single MCP.

README.md
One MCP — Connect your agents to every app through a single MCP.

One MCP Server

Website  ·  Docs  ·  Dashboard  ·  Changelog  ·  X  ·  LinkedIn

npm version

Connect your AI agents to 500+ apps through a single MCP server. Search for actions, read documentation, and execute API calls across platforms, without having to manage OAuth tokens or API keys.

npm install -g @withone/cli
one init

That's it. The One CLI will prompt you for your API key (get one from the One dashboard) and configure the MCP server for your environment: Claude Desktop, Cursor, Claude Code, Windsurf, or any MCP-compatible agent.

Capabilities

  • 500+ platforms. Gmail, Slack, Shopify, HubSpot, Stripe, Linear, QuickBooks, and more.
  • Natural language execution. "read my last gmail email", "send a message to #general on Slack"
  • Code generation. "build a form to send emails using Gmail", "create a dashboard that lists my Linear projects"
  • No tool bloat. Only 4 tools exposed regardless of how many platforms or actions you connect. Actions are search-based, so your agent's context window stays clean.
  • Fine-grained access control. Restrict which actions, connections, and permission levels (read, write, admin) your agent has access to.
  • Secure by default. All requests proxied through One, secrets automatically redacted, no platform API keys to manage.

Examples

Execute actions directly:

"Get my last 5 emails from Gmail"

"Send a Slack message to #general: 'Meeting in 10 minutes'"

"Get all products from my Shopify store"

Generate integration code:

"Create a React form component that sends emails using Gmail"

"Build a dashboard that displays Linear users and their assigned projects with filtering"

"Create a paginatable table that fetches and displays QuickBooks invoices with search and sort"

Tools

The server exposes four MCP tools:

Tool Description
list_one_integrations List available platforms and active connections, each with the access it confers (full, methods, or specific actions)
search_one_platform_actions Search for actions on a specific platform
get_one_action_knowledge Get detailed documentation for an action
execute_one_action Execute an API action on a connected platform

Remote MCP Server

Prefer not to run anything locally? One hosts a remote MCP server at https://mcp.withone.ai/mcp. Point any MCP client that supports remote (HTTP) servers at that URL and authenticate with One via OAuth. There's no npm install and no ONE_SECRET to manage. You approve access in One's consent screen, where you can scope exactly which connections, actions, and permission levels the agent gets. Those choices are surfaced back to the agent through each connection's access field, so it knows what it can run without searching.

Clients with native remote support

Add https://mcp.withone.ai/mcp as a remote (custom) MCP server and complete the OAuth prompt.

Clients without native remote support (Claude Desktop, etc.)

Bridge to the remote server with mcp-remote:

{
  "mcpServers": {
    "one": {
      "command": "npx",
      "args": ["mcp-remote", "https://mcp.withone.ai/mcp"]
    }
  }
}

The first run opens a browser to authenticate and authorize. After that, the same four tools are available.

Manual Installation

If you prefer to configure the server manually instead of using one init, install the package directly:

npm install @withone/mcp

Then set the required environment variable:

ONE_SECRET=your-one-secret-key

Identity Scoping

Scope connections to a specific identity (e.g., a user, team, or organization):

ONE_IDENTITY=user_123
ONE_IDENTITY_TYPE=user
Variable Description Values
ONE_IDENTITY The identifier for the entity (e.g., user ID, team ID) Any string
ONE_IDENTITY_TYPE The type of identity user, team, organization, project

When set, the MCP server will only return connections associated with the specified identity. This is useful for multi-tenant applications where you want to scope integrations to specific users or entities.

Access Control

Fine-tune what the MCP server can see and do:

ONE_PERMISSIONS=read
ONE_CONNECTION_KEYS=conn_key_1,conn_key_2
ONE_ACTION_IDS=action_id_1,action_id_2
ONE_KNOWLEDGE_AGENT=true
Variable Type Default Description
ONE_PERMISSIONS read | write | admin admin Filter actions by HTTP method. read = GET only, write = GET/POST/PUT/PATCH, admin = all methods
ONE_CONNECTION_KEYS * or comma-separated keys * Restrict visible connections and platforms to specific connection keys
ONE_ACTION_IDS * or comma-separated IDs * Restrict visible and executable actions to specific action IDs
ONE_KNOWLEDGE_AGENT true | false false Remove the execute_one_action tool entirely, forcing knowledge-only mode

All defaults preserve current behavior. If no access control env vars are set, the server starts with full access and all tools available.

Whatever you configure here is surfaced back to the agent: list_one_integrations stamps each connection with an access field so the agent knows up front what it can run there, without spending a turn searching. It is one of:

access When
{ "policy": "full" } No action allowlist and ONE_PERMISSIONS=admin — every action is runnable.
{ "policy": "methods", "methods": ["GET", ...] } No action allowlist, but ONE_PERMISSIONS is read/write — only these HTTP methods are runnable.
{ "policy": "actions", "actions": [{ "actionId", "title", "method" }] } ONE_ACTION_IDS is set — exactly these actions (the ones on that connection's platform) are runnable, so no search is needed.

Manual Configuration

If you used one init, the configuration below is already done for you. These examples are for reference or manual setups.

Standalone

npx @withone/mcp

Claude Desktop / Cursor

Add the following to your MCP config:

  • Claude Desktop: MacOS: ~/Library/Application\ Support/Claude/claude_desktop_config.json · Windows: %APPDATA%/Claude/claude_desktop_config.json
  • Cursor: Open the Cursor menu and select "MCP Settings"
{
  "mcpServers": {
    "one": {
      "command": "npx",
      "args": ["@withone/mcp"],
      "env": {
        "ONE_SECRET": "your-one-secret-key"
      }
    }
  }
}

Docker

docker build -t one-mcp-server .
docker run -e ONE_SECRET=your_one_secret_key one-mcp-server

All environment variables listed above can be passed as -e flags.

Security

All requests to third-party platforms are authenticated and proxied through One's API. The MCP server never handles OAuth tokens or platform API keys directly. The ONE_SECRET key is the sole credential required, and it is automatically redacted from all response payloads returned to clients. Sensitive headers are stripped from logged and returned request configurations.

License

MIT

Support

For support, please contact [email protected] or visit https://withone.ai

Yorumlar (0)

Sonuc bulunamadi