Workboard MCP

Workboard MCP

Enables interaction with Workboard through MCP tools, with OAuth authentication, token management, and support for all 63 documented Workboard API operations.

Category
Visit Server

README

Workboard MCP

Containerized MCP server for Workboard, built with SST, ECS Fargate, Hono, Better Auth, Postgres, Drizzle, and generated npx api Workboard clients.

What Is Included

  • SST aws.Service Hono API running on ECS Fargate behind an ALB, fronted by an SST aws.Router.
  • Router WAF protection with AWS managed rules, IP rate limiting, and blocked-request logs.
  • Cloudflare DNS for workboard-mcp.praxismedicines.dev in production and <stage>.workboard-mcp.praxismedicines.dev for non-production stages.
  • Aurora PostgreSQL Serverless v2 with min: 0 ACU and local Postgres dev settings.
  • Drizzle ORM and Drizzle Kit migrations for Better Auth tables and application tables, with schemas split under packages/core/src/db/schema/.
  • A deploy-time SST migrator Lambda that runs checked-in Drizzle migrations during non-dev deploys.
  • Better Auth OAuth Provider for MCP OAuth 2.1, with internal Entra login through the generic OAuth plugin.
  • A post-login Workboard token step that verifies the personal Workboard token and stores it encrypted with AES-256-GCM.
  • Generated Workboard v1 and v2 SDKs under .api/apis/*, plus generated MCP tool metadata for all 63 documented operations.

Local Setup

npm install
cp .env.example .env
npm run generate:workboard

Fill in .env with Entra credentials and strong local secrets.

Start Postgres:

npm run db:local

In another terminal, apply migrations and start Hono:

npm run migrate
npm run dev

The local API listens on http://localhost:3000. sst dev starts the Hono service locally through npm run dev and skips the deployed HTTPS Router, WAF, and custom domain.

Useful Commands

npm run generate:workboard  # refresh Workboard specs, npx api SDKs, and MCP tool metadata
npm run auth:generate       # refresh the generated Better Auth Drizzle schema
npm run db:generate         # refresh auth schema, then create a Drizzle migration
npm run db:check            # verify Drizzle migration snapshots and SQL
npm run migrate             # apply Drizzle migrations for auth and app tables
npm run typecheck
npm test

Deploy Prerequisites

Set SST secrets:

npx sst secret set BetterAuthSecret "..."
npx sst secret set WorkboardTokenEncryptionKey "..."
npx sst secret set EntraClientId "..."
npx sst secret set EntraClientSecret "..."
npx sst secret set EntraTenantId "..."

Append --stage <stage> to those commands when preparing a non-default SST stage.

Set Cloudflare provider environment variables before deploy:

export CLOUDFLARE_API_TOKEN=...
export CLOUDFLARE_DEFAULT_ACCOUNT_ID=...

Deploy:

npx sst deploy

Router URLs are stage-aware. production and prod use https://workboard-mcp.praxismedicines.dev; every other SST stage uses https://<stage>.workboard-mcp.praxismedicines.dev after the stage name is normalized for DNS. Deployed stages also create an HTTPS ALB origin at origin.<public-domain> for CloudFront to reach the ECS service. The ECS service listens on port 3000, and the load balancer health-checks /health.

Register an Entra redirect URI for each stage host: <public-base-url>/api/auth/oauth2/callback/microsoft-entra-id.

Non-dev deploys run the WorkboardDatabaseMigrator Lambda before the ECS service update. It copies the checked-in drizzle/ folder into the function package and applies unapplied migrations with Drizzle's node-postgres migrator. Drizzle migration metadata is stored in drizzle.__drizzle_migrations; the application and auth tables are created by the SQL migrations in the default PostgreSQL schema.

OAuth Flow

MCP clients discover /.well-known/oauth-protected-resource, then use Better Auth’s OAuth Provider endpoints under /api/auth/oauth2/*.

The user flow is:

  1. MCP OAuth redirects to /oauth/login.
  2. /oauth/login starts generic OAuth with Microsoft Entra (microsoft-entra-id).
  3. After Entra, Better Auth resumes /api/auth/oauth2/authorize.
  4. If no Workboard token is stored, Better Auth redirects to /oauth/workboard-token.
  5. The token is verified with Workboard GET /user, encrypted, and stored in Postgres.
  6. Better Auth continues to /oauth/consent, then issues the OAuth code/token for the MCP client.

References

  • Workboard API docs: https://apidocs.myworkboard.com/
  • SST Aurora: https://sst.dev/docs/component/aws/aurora/
  • SST Service: https://sst.dev/docs/component/aws/service/
  • SST Router: https://sst.dev/docs/component/aws/router/
  • SST Router WAF: https://sst.dev/docs/examples/#router-with-waf
  • Better Auth OAuth Provider: https://www.better-auth.com/docs/plugins/oauth-provider
  • Better Auth Drizzle adapter: https://www.better-auth.com/docs/adapters/drizzle
  • Drizzle Kit migrations: https://orm.drizzle.team/docs/drizzle-kit-migrate
  • SST Drizzle migrations in CI/CD: https://sst.dev/docs/examples/#drizzle-migrations-in-cicd
  • MCP tools: https://modelcontextprotocol.io/specification/draft/server/tools

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured