https://github.com/cmdaltctr/niftypm-mcp
A Model Context Protocol (MCP) server that exposes the NiftyPM project management API as a set of tools for AI assistants (OpenCode, Claude, Cursor, etc.).
https://github.com/cmdaltctr/niftypm-mcp
api claude claude-code mcp niftypm opencode
Last synced: about 6 hours ago
JSON representation
A Model Context Protocol (MCP) server that exposes the NiftyPM project management API as a set of tools for AI assistants (OpenCode, Claude, Cursor, etc.).
- Host: GitHub
- URL: https://github.com/cmdaltctr/niftypm-mcp
- Owner: cmdaltctr
- License: mit
- Created: 2026-06-08T18:40:40.000Z (23 days ago)
- Default Branch: main
- Last Pushed: 2026-06-09T11:48:28.000Z (22 days ago)
- Last Synced: 2026-06-09T13:22:37.577Z (22 days ago)
- Topics: api, claude, claude-code, mcp, niftypm, opencode
- Language: TypeScript
- Homepage:
- Size: 196 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# NiftyPM MCP Server
A [Model Context Protocol (MCP)](https://modelcontextprotocol.io) server for the [NiftyPM](https://niftypm.com) project management API.
It lets AI assistants use NiftyPM projects, tasks, documents, files, milestones, messages, labels, portfolios, webhooks, time tracking, custom fields, checklists, and related workspace resources through typed MCP tools.
## Highlights
- Local `stdio` server for desktop MCP clients.
- CLI subcommands: `init` (bootstrap local JSON), `sync` (re-sync from API), direct tool invocation.
- Local auto-sync: automatically updates `niftypm/*.json` files after mutations.
- Optional HTTP stream transport for local testing.
- Cloudflare Workers entry point for hosted/remote use.
- OAuth bearer-token API client with in-memory token refresh on `401`.
- Zod-validated tool parameters.
- Per-domain tool toggles through `ENABLE_*` environment variables, plus
per-tool granularity via `DISABLED_TOOLS`.
## Requirements
- Node.js 20+
- Bun 1.1+
- NiftyPM OAuth credentials:
- `NIFTYPM_CLIENT_ID`
- `NIFTYPM_CLIENT_SECRET`
- `NIFTYPM_ACCESS_TOKEN`
- `NIFTYPM_REFRESH_TOKEN`
## Install
```bash
git clone https://github.com/cmdaltctr/niftypm-mcp.git
cd niftypm-mcp
bun install
```
## Configure
### Configurator UI
The easiest setup path is the static configurator at [`ui/index.html`](ui/index.html):
1. Open `ui/index.html` directly in a browser.
2. Paste your OAuth credentials.
3. Switch between **Simple** (domain-level toggles) and **Advanced** (per-tool toggle table) tabs.
4. Click **Download `.env`**.
5. Rename it to `.env`, place it in the project root, and restart your MCP client.
The configurator runs entirely in your browser. It makes no network requests and does not send secrets anywhere.
The **Simple** tab shows 21 domain-level switches (core + extended + checklists). The
**Advanced** tab gives you per-tool control — disable individual tools
within an enabled domain, down to a single unwanted operation. The
generated `.env` is auto-loaded on server start.
### Manual `.env` setup
You can also copy the example env file and fill in your OAuth credentials by hand:
```bash
cp .env.example .env
```
```dotenv
NIFTYPM_CLIENT_ID=your_client_id_here
NIFTYPM_CLIENT_SECRET=your_client_secret_here
NIFTYPM_ACCESS_TOKEN=your_access_token_here
NIFTYPM_REFRESH_TOKEN=your_refresh_token_here
```
`NIFTYPM_REFRESH_TOKEN` is the OAuth refresh token for automatic `401` recovery. It is required for stable connections — without it, every access-token expiry forces manual re-authorisation.
### How to obtain the refresh token
Use NiftyPM's OAuth authorisation-code flow:
1. Create or use a NiftyPM OAuth app and note its client ID, client secret, and redirect URI.
2. Open the app's authorisation URL in a browser and approve access.
3. Copy the `code` value from the callback URL sent to your redirect URI.
4. Exchange that code for tokens with `POST https://openapi.niftypm.com/oauth/token`.
Example token exchange:
```bash
curl -X POST https://openapi.niftypm.com/oauth/token \
-H "Authorization: Basic $(printf '%s:%s' "$NIFTYPM_CLIENT_ID" "$NIFTYPM_CLIENT_SECRET" | base64)" \
-H "Content-Type: application/json" \
-d '{
"grant_type": "authorization_code",
"code": "AUTHORIZATION_CODE_FROM_CALLBACK",
"redirect_uri": "YOUR_REDIRECT_URI"
}'
```
The response includes both `access_token` and `refresh_token`. Store them as `NIFTYPM_ACCESS_TOKEN` and `NIFTYPM_REFRESH_TOKEN`.
### Manual `.secrets/` option
For OpenCode or local setups, you may store credentials in `.secrets/` files instead of `.env`:
```text
.secrets/client_id
.secrets/client_secret
.secrets/access_token
.secrets/refresh_token
.secrets/team_token (optional — needed for checklist write operations)
```
### Checklist setup (optional)
Checklist tools use NiftyPM's internal API (`api.niftypm.com`) which requires a **team token** — a separate credential from the OAuth access token. Without it, checklist reads work but writes (create/update/delete) return 401.
To obtain the team token:
1. Log into your NiftyPM workspace in a browser.
2. Open DevTools Console (F12 → Console).
3. Run this one-liner:
```javascript
JSON.parse(decodeURIComponent(document.cookie.match(/nifty_auth=([^;]+)/)[1])).teamToken;
```
4. Save the output using one of these methods:
**Option A — `.secrets/` file** (recommended for local/OpenCode setups):
```bash
echo "PASTE_TOKEN_HERE" > .secrets/team_token
```
**Option B — `.env` or environment variable:**
```bash
# In .env:
NIFTYPM_TEAM_TOKEN=PASTE_TOKEN_HERE
```
The team token has a long expiry (months). If checklist operations start returning 401, repeat the extraction.
The UI configurator remains the easiest path because it generates a complete `.env` by copy-paste and download. See [Configuration and Deployment](docs/guides/configuration.md) for more deployment details.
## Run locally
```bash
bun run start
```
Watch mode:
```bash
bun run dev
```
HTTP stream mode:
```bash
TRANSPORT=http PORT=8080 bun run start
```
## Deploy to Cloudflare Workers
```bash
bun run cf:dev
bun run cf:deploy
```
Worker access is protected by `MCP_AUTH_SECRET`. Store production values with `wrangler secret put`.
## Tool domains
The server groups tools by NiftyPM resource domain:
- Projects, portfolios/subteams, members
- Task groups, tasks, subtasks, labels, custom fields
- Checklists and checklist items (requires team token — see [Checklist setup](#checklist-setup-optional))
- Documents, files, messages, chat
- Milestones, time tracking, webhooks
- Apps, templates, invite links, current user, auth helpers
For detailed tool names and examples, see [Tool Guide](docs/guides/tools.md).
## Project Planning Workflow
The most effective way to populate complex projects is using a **JSON-first planning workflow**. Instead of making ad-hoc tool calls, define your project structure (milestones, labels, tasks, dependencies) in a JSON file first. This serves as the source of truth, allowing you to validate relationships and ensure tasks have required fields (like story points and real subtasks) before making any API calls to NiftyPM.
For details on executing this four-phase pipeline, see the [Workflow Guide](docs/guides/workflow.md).
## AI Agent Skills
The `SKILLS/` folder contains drop-in agent skill instructions that teach AI coding assistants (Claude Code, OpenCode, Cursor, etc.) how to use this MCP server effectively — including the JSON-first project planning workflow, the four-phase execution pipeline, and NiftyPM best practices.
Copy the `SKILLS/s-niftypm/` folder to the appropriate location for your AI client:
| AI Client | Destination path |
| --------------- | ---------------------------------------------------------- |
| **Claude Code** | `~/.claude/skills/s-niftypm/` |
| **OpenCode** | `~/.config/opencode/skills/s-niftypm/` |
| **Cursor** | `~/.cursor/rules/` (then wrap `SKILL.md` in a `.mdc` rule) |
| **Other** | Check your client's docs for a skills/rules directory |
Example (Claude Code / OpenCode):
```bash
# From inside the cloned repo
cp -r SKILLS/s-niftypm ~/.claude/skills/
# or for OpenCode
cp -r SKILLS/s-niftypm ~/.config/opencode/skills/
```
Once installed, your AI agent will automatically load the `s-niftypm` skill when working with NiftyPM MCP tools and follow the JSON-first planning workflow by default.
## Example tool calls
Create a task:
```json
{
"tool": "niftypm_create_task",
"arguments": {
"name": "Prepare fellowship report",
"task_group_id": "task_group_id_here",
"description": "Draft the report outline."
}
}
```
Create a related subtask by passing the parent task ID as `task_id`:
```json
{
"tool": "niftypm_create_task",
"arguments": {
"name": "Collect reviewer feedback",
"task_group_id": "task_group_id_here",
"task_id": "parent_task_id_here"
}
}
```
## CLI Usage
The `niftypm-mcp` binary supports CLI subcommands in addition to starting the MCP server. This is useful for bootstrapping local project JSON files, re-syncing from the live API, and calling tools directly from the command line.
### `niftypm-mcp init`
Interactive wizard that lists all accessible NiftyPM projects, lets you select one, fetches all entities, and writes a structured JSON file to `niftypm/.json` in the current working directory.
```bash
cd /path/to/your/project
niftypm-mcp init
```
### `niftypm-mcp sync`
Re-syncs an existing local JSON file from the live NiftyPM API. Reads `meta.niftypm_project_id` from the local file, fetches all entities, and rewrites the file with fresh data.
```bash
cd /path/to/your/project
niftypm-mcp sync
```
### Direct tool invocation
Any registered MCP tool can be called directly from the CLI. Arguments are parsed as `--key value` pairs:
```bash
niftypm-mcp niftypm_list_tasks --project_id "abc123"
niftypm-mcp niftypm_create_task --name "Fix bug" --task_group_id "abc123"
niftypm-mcp niftypm_list_tasks --project_id "abc123" --completed
```
- Repeated flags produce arrays: `--label lab1 --label lab2`
- Boolean flags: `--completed` (true), `--no-archived` (false)
### Local auto-sync
When the MCP server starts in `stdio` mode, it scans `niftypm/*.json` in the current working directory. If local JSON files are found, the server automatically updates the affected section after every mutation (POST/PUT/DELETE). This provides an offline backup that stays in sync with live NiftyPM data.
- **No configuration needed** — just run `niftypm-mcp init` in your project directory.
- **Targeted refetch** — only the affected entity type is re-fetched, not the entire project.
- **Atomic writes** — files are written to a temp file then renamed to prevent corruption.
- **Silent disable** — if no `niftypm/` directory or JSON files are found, auto-sync is silently disabled.
- **Workers-safe** — auto-sync is only active in Node.js stdio mode, never in Cloudflare Workers.
## Documentation
- [CLI Guide](docs/guides/cli.md)
- [Configuration and Deployment](docs/guides/configuration.md)
- [Tool Guide](docs/guides/tools.md)
- [API Coverage](docs/guides/api-coverage.md)
- [Migration Guide](docs/guides/migration.md)
- [Workflow Guide](docs/guides/workflow.md)
## Development
```bash
bun run vitest run
bun run build
```
## Project layout
```text
src/ MCP server, API client, and tool registrations
test/ Vitest tests
docs/guides/ User-facing guides and reference docs
docs/api/ Upstream OpenAPI source files
docs/security/ Security audit notes
```
## Licence
MIT. See [LICENSE](LICENSE).