Secure MCP server for WorkBoard OKR and strategy execution platform

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for crunchtools from gravatar.com crunchtools

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: AGPL-3.0-or-later
    SPDX License Expression
  • Author: crunchtools.com
  • Tags fastmcp , mcp , okr , workboard
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

MCP WorkBoard CrunchTools

A secure MCP (Model Context Protocol) server for WorkBoard OKR and strategy execution platform.

Overview

This MCP server is designed to be:

  • Secure by default - Comprehensive threat modeling, input validation, and token protection
  • No third-party services - Runs locally via stdio, your API token never leaves your machine
  • Cross-platform - Works on Linux, macOS, and Windows
  • Automatically updated - GitHub Actions monitor for CVEs and update dependencies
  • Containerized - Available at quay.io/crunchtools/mcp-workboard built on Hummingbird Python base image

Naming Convention

Component Name
GitHub repo crunchtools/mcp-workboard
Container quay.io/crunchtools/mcp-workboard
Python package (PyPI) mcp-workboard-crunchtools
CLI command mcp-workboard-crunchtools
Module import mcp_workboard_crunchtools

Why Hummingbird?

The container image is built on the Hummingbird Python base image from Project Hummingbird, which provides:

  • Minimal CVE exposure - Built with a minimal package set, dramatically reducing attack surface
  • Regular updates - Security patches applied promptly
  • Optimized for Python - Pre-configured with uv package manager
  • Production-ready - Proper signal handling and non-root user defaults

Features

User Management (4 tools)

  • workboard_get_user - Get a user by ID or the current authenticated user
  • workboard_list_users - List all users (Data-Admin role required)
  • workboard_create_user - Create a new user (Data-Admin role required)
  • workboard_update_user - Update an existing user

Goal Management (2 tools)

  • workboard_get_goals - Get all goals for a user
  • workboard_get_goal_details - Get details for a specific goal

Installation

With uvx (Recommended)

uvx mcp-workboard-crunchtools

With pip

pip install mcp-workboard-crunchtools

With Container

podman run -e WORKBOARD_API_TOKEN=your_token \
    quay.io/crunchtools/mcp-workboard

Configuration

Getting a WorkBoard API Token

  1. Log in to your WorkBoard instance
  2. Navigate to Admin Settings > API Configuration
  3. Generate a JWT API token
  4. Copy the token immediately - store it securely

Add to Claude Code

claude mcp add mcp-workboard-crunchtools \
    --env WORKBOARD_API_TOKEN=your_token_here \
    -- uvx mcp-workboard-crunchtools

Or for the container version:

claude mcp add mcp-workboard-crunchtools \
    --env WORKBOARD_API_TOKEN=your_token_here \
    -- podman run -i --rm -e WORKBOARD_API_TOKEN quay.io/crunchtools/mcp-workboard

Usage Examples

Get Current User

User: Who am I in WorkBoard?
Assistant: [calls workboard_get_user with no args]

List All Users

User: List all WorkBoard users
Assistant: [calls workboard_list_users]

Get User Goals

User: Show me goals for user 12345
Assistant: [calls workboard_get_goals with user_id=12345]

Get Goal Details

User: Get details on goal 67890 for user 12345
Assistant: [calls workboard_get_goal_details with user_id=12345, goal_id=67890]

Security

This server was designed with security as a primary concern. See SECURITY.md for:

  • Threat model and attack vectors
  • Defense in depth architecture
  • Token handling best practices
  • Input validation rules

Key Security Features

  1. Token Protection

    • Stored as SecretStr (never accidentally logged)
    • Environment variable only (never in files or args)
    • Sanitized from all error messages

  2. Input Validation

    • Pydantic models for all inputs
    • Positive integer validation for IDs
    • Email validation for user creation

  3. API Hardening

    • Hardcoded API base URL (prevents SSRF)
    • TLS certificate validation
    • Request timeouts
    • Response size limits

  4. Automated CVE Scanning

    • GitHub Actions scan dependencies weekly
    • Automatic issues for security updates
    • Dependabot alerts enabled

Development

Setup

git clone https://github.com/crunchtools/mcp-workboard.git
cd mcp-workboard
uv sync

Run Tests

uv run pytest

Lint and Type Check

uv run ruff check src tests
uv run mypy src

Build Container

podman build -t mcp-workboard .

License

AGPL-3.0-or-later

Contributing

Contributions welcome! Please read SECURITY.md before submitting security-related changes.

Links

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for crunchtools from gravatar.com crunchtools

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: AGPL-3.0-or-later
    SPDX License Expression
  • Author: crunchtools.com
  • Tags fastmcp , mcp , okr , workboard
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.7.0

0.6.1

0.5.0

0.4.0

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mcp_workboard_crunchtools-0.1.0.tar.gz (27.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mcp_workboard_crunchtools-0.1.0-py3-none-any.whl (24.4 kB view details)

Uploaded Python 3

File details

Details for the file mcp_workboard_crunchtools-0.1.0.tar.gz.

File metadata

File hashes

Hashes for mcp_workboard_crunchtools-0.1.0.tar.gz
Algorithm Hash digest
SHA256 3c3a560e6e99494d4527dd6a158e590ab63800a5b24142939997f7941366c206
MD5 d0e8cc1ca180a57b33869d952d072bca
BLAKE2b-256 311f602ec6d5760c81710bb444a5b9f6d0af3a6b00c75e639c8da558062e536a

See more details on using hashes here.

Provenance

The following attestation bundles were made for mcp_workboard_crunchtools-0.1.0.tar.gz:

Publisher: publish.yml on crunchtools/mcp-workboard

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file mcp_workboard_crunchtools-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for mcp_workboard_crunchtools-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 1e8d13d547d1195231f129cc3e0261a444063ea9b14983aca40b8f146e904344
MD5 56e94f781f2f99c2530fc599e3468d6f
BLAKE2b-256 2079ed6fc6a5f09bc59f04f56edf198452b93c09b04141b6f0bbfde1d0bc5606

See more details on using hashes here.

Provenance

The following attestation bundles were made for mcp_workboard_crunchtools-0.1.0-py3-none-any.whl:

Publisher: publish.yml on crunchtools/mcp-workboard

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page