MCP Integration
MCP is the AI-native entry point into Stellary and the main way to connect Cursor, Claude Code, Claude Desktop, or any other Model Context Protocol client to live delivery data. Instead of mirroring the REST resource tree manually, an external client can connect to the built-in /mcp endpoint and operate through the same tool surface used by agents and runtime orchestration.
This page documents the real MCP server behavior implemented in the backend today: transport, identity model, tool registry exposure, queued missions, proposal handling, and plugin-backed extensions.
In Stellary, MCP is not an afterthought or a thin wrapper around docs examples. It is a first-class runtime surface wired directly into project delivery, cockpit supervision, agent execution, and installed workspace plugins.
Overview
The MCP server is built directly into the NestJS backend. There is no separate daemon to run, no sidecar to deploy, and no custom bridge process to maintain.
Endpoint: https://app.stellary.co/mcpTransport: Streamable HTTPMethods: GET and POSTAuth header: Authorization: Bearer <token>Session requirement: none
GET is useful for discovery / protocol negotiation.POST carries the actual MCP requests.The implementation creates a fresh stateless transport per request, specifically to stay compatible with MCP clients that do not persist a session identifier.
Need the broader product setup first? Start with Getting Started for workspace, token, and agent setup, or use the API Reference when you need to provision resources before an AI client enters the loop.
MCP vs REST
Use MCP when the caller is an AI client or an agent loop. Use REST when you need deterministic resource CRUD, explicit HTTP contracts, or traditional backend-to-backend integration.
| Use case | Prefer MCP | Prefer REST |
|---|---|---|
| Interactive AI assistant in Cursor or Claude | Yes | No |
| Agent mission loop with queued work | Yes | No |
| Explicit project provisioning from code | No | Yes |
| Deterministic integration testing of routes | No | Yes |
| Installed plugin tools in an AI workflow | Yes | Usually no |
If you need to create workspaces, projects, or billing flows before the AI layer comes into play, start from the API Reference and then attach MCP on top.
Transport
Client
mcpCursor, Claude Desktop, Claude Code, or another MCP-compatible client connects over Streamable HTTP.
Built-in server
/mcpStellary handles GET and POST directly in the backend and recreates a transport per request.
Workspace tools
liveThe same endpoint can expose board tools, cockpit tools, agent queue tools, and plugin-backed tools.
The transport is intentionally stateless. In practice, that means you can connect clients like Cursor without relying on a persistent Mcp-Session-Id.
Identity model
Stellary MCP has two primary operating modes: a human user connecting an AI client, or a dedicated workspace agent connecting with its own token.
User client
JWT / PATBest for Cursor, Claude Desktop, Claude Code, or any interactive MCP client acting as a human user on boards and cockpit data.
Workspace agent
Agent tokenBest for dedicated agents, queued missions, workspace-context tools, and installed plugin tools such as GitHub or Slack.
Transport gate only
MCP_TOKENUseful as a transport-level bearer gate, but it does not resolve a user or agent identity for the current Stellary tools.
This distinction matters because some tools need a workspace context. Human JWT/PAT clients can use the core board and cockpit flows, while agent tokens unlock workspace-context tools such as queued missions, mission documents, and plugin integrations.
Authentication
The controller resolves bearer tokens in layers. First it tries a normal user JWT, then a personal access token, and only then falls back to the optional static MCP_TOKEN.
| Bearer type | Resolved identity | Best for | Important nuance |
|---|---|---|---|
| User JWT | Human user | Browser-backed sessions and short-lived client setup | Good for exploration, but less convenient than PATs in external tools |
| Personal access token | Human user | Cursor, Claude Code, scripts, stable non-browser clients | Recommended default for human MCP use |
| Agent token | Workspace agent | Queued missions, plugin tools, workspace-context automation | Best fit for external agent loops and MCP-only agents |
MCP_TOKEN | Anonymous MCP context | Transport gating and limited local/dev setups | Current Stellary tools still mostly need a user or agent identity |
Tool access is then enforced by project access, workspace permissions, agent tool whitelists, project scope, and autonomy policy. For agent tokens, write behavior depends on the configured autonomy mode.
Client setup
Every MCP client needs the same essentials: the https://app.stellary.co/mcp endpoint, Streamable HTTP, and an Authorization: Bearer header.
Cursor
{ "mcpServers": { "stellary": { "url": "https://app.stellary.co/mcp", "headers": { "Authorization": "Bearer YOUR_TOKEN_HERE" } } }}Claude Code
claude mcp add stellary \ --transport streamable-http \ https://app.stellary.co/mcp \ --header "Authorization: Bearer YOUR_TOKEN_HERE"Claude Desktop and similar clients
{ "mcpServers": { "stellary": { "url": "https://app.stellary.co/mcp", "headers": { "Authorization": "Bearer YOUR_TOKEN_HERE" } } }}After connection, the first productive move is usually to call list_projects, then switch to exact IDs for the rest of the session.
If you still need to create a personal access token or an agent before connecting a client, follow Getting Started and the API token routes first.
Common workflows
In practice, the Stellary MCP server is usually used in three patterns: interactive workspace exploration, queued agent execution, and plugin-backed operational actions.
Interactive project assistant
humanUse Cursor, Claude Code, or Claude Desktop as a human user to inspect projects, cards, documents, and cockpit signals inside one workspace.
Queued mission runner
agentRun a dedicated workspace agent outside the app, claim queued missions, and push card status updates back into delivery.
Plugin-backed operations
pluginsCombine board context with GitHub, Slack, Email, or Discord tools from the same MCP surface for real operational workflows.
For the product surfaces behind those workflows, see Board & Cards, Documents & Context, and the Agents guide.
Tool surface
MCP tools are assembled from three places in the backend: legacy cockpit tools, the shared core tool registry, and installed workspace plugins. The result is one endpoint, but not one flat usage pattern.
Board Read
coreExplore projects, members, labels, cards, subtasks, and delivery context before deciding on a write.
list_projects | get_project_details | list_cards | get_card_details | get_card_commentsBoard Write & Collaboration
coreCreate or update cards, move work across columns, assign owners, comment, and keep checklists or subtasks in sync.
create_card | create_cards_bulk | move_card | update_card | assign_card | add_commentCockpit & Supervision
coreRead workspace steering signals, sprint context, monitoring data, and pending proposals from the cockpit layer.
get_pilotage_state | get_cockpit_dashboard | get_agent_status | list_pending_proposalsAgent Runtime
agentRun external agent loops, claim queued missions, complete or fail runs, and keep the card lifecycle synchronized with the app.
stellary_init | get_next_mission | wait_for_mission | complete_mission | fail_missionName-based convenience exists for several board tools and uses exact-or-fuzzy matching under the hood. Still, for serious runs and agent loops, you should discover IDs first and then reuse them explicitly.
If you want to understand the human-facing surfaces these tools operate on, read the board guide and the documents guide alongside this page.
Plugin tools
Plugin definitions are auto-registered into the same MCP surface when the plugin is installed and enabled in a workspace. Their tool IDs are prefixed by plugin slug.
Examples:github:list_reposgithub:create_prslack:post_messageemail:send_emaildiscord:post_messageThe codebase currently ships plugin definitions for GitHub, Slack, Email, and Discord. Those tools require a workspace context plus decrypted plugin configuration, so they are typically consumed through agent tokens.
Agent missions
MCP becomes especially powerful when paired with dedicated workspace agents. In that model, the app queues missions and the external MCP client becomes the execution loop.
- Assign an active agent to a card in Stellary.
- Launch a mission from the app.
- If the agent is
mcpOnly, the mission is queued instead of executed locally. - The external MCP client claims work with
get_next_missionor long-polls withwait_for_mission. - Claiming a mission marks it as running and moves the card toward the in-progress column when possible.
- The client finishes with
complete_missionorfail_mission, which updates mission state and posts a card comment.
For agent tokens, stellary_init is the recommended bootstrap call. It returns autonomy mode, rules, skills, and the filtered tool list actually available to that agent.
Recommended agent loop:1. stellary_init2. get_next_mission or wait_for_mission3. read card context and documents4. execute tools with exact IDs5. complete_mission or fail_missionApprovals
Proposal behavior is driven by the tool policy layer. Only agent tokens participate in autonomy-policy proposal checks; a human using MCP acts directly as themselves.
| Agent autonomy mode | Read tools | Write and collaboration tools |
|---|---|---|
autonomous | Execute directly | Execute directly |
supervised | Execute directly | Safe tools execute directly; tools marked approval_required return a persisted proposal |
approval | Execute directly | Every non-read tool becomes a proposal |
MCP-only agents are forced to autonomous in the current backend, because their job is to pick up and execute queued work from an external client rather than wait for local polling.
Local development
In local development, if NODE_ENV is not production and MCP_TOKEN is not set, the controller lets unauthenticated requests reach the MCP transport. This makes local wiring easier, but it does not magically grant access to workspace data.
backend/.env example:# MCP_TOKEN=your-secret-token
Without MCP_TOKEN in local dev:- /mcp remains reachable- current workspace tools still mostly require a user or agent identityIn production, or whenever MCP_TOKEN is configured, a bearer token is required before the transport is even reached.
Troubleshooting
401 invalid or expired token
Check the bearer format first. Then verify whether you are using a user JWT, a PAT, or an agent token that still exists and has not been revoked.
Tool says it requires a user token
You are probably connected with MCP_TOKEN or an anonymous local-dev request. Switch to a user JWT or a personal access token.
Tool says it requires a workspace context
That usually means you are trying to call an agent-only or plugin-backed tool from a human JWT/PAT session. Use an agent token tied to a workspace agent instead.
Plugin tool is visible but fails
The workspace plugin may not be installed or enabled, or its encrypted configuration may be missing. Plugin tools also require an agent/workspace context in the current MCP flow.
Fuzzy matching picks the wrong resource
Start with list_projects, list_cards, or another discovery tool, then reuse the exact IDs. That is the safest pattern for long-lived agent loops.
Related guides
These pages help connect MCP to the rest of the Stellary operating model, from resource provisioning to workspace agents and broader MCP strategy.
Getting Started
Create a workspace, project, token, and first agent before wiring an MCP client.
API Reference
Use REST when you need deterministic provisioning, auth flows, or resource-level CRUD.
Agents Guide
See how workspace agents, proposals, autonomy modes, and missions behave inside the product.
Why MCP Changes AI Coding Tools
Read the broader market context around MCP, context access, and AI tooling in 2026.