Onplana MCP server

Open-source TypeScript Model Context Protocol building blocks, extracted from Onplana's production MCP deployment. Two packages:

• onplana-mcp-server — server template. Streamable HTTP transport, Bearer auth, prompt-injection containment, pluggable dispatcher.
• onplana-mcp-client — typed TypeScript client SDK for calling the public Onplana MCP endpoint at https://api.onplana.com/api/mcp/v1.

What this is

The transport layer of an MCP server — Streamable HTTP wiring, stateless mode, scoped Bearer auth, prompt-injection containment — done well, separated from the platform-specific tool registry. Use the server template to build your own MCP server with security best practices baked in. Use the client SDK to drive Onplana's hosted MCP from your own code.

The patterns are extracted from Onplana's production deployment (public docs at onplana.com/mcp) — the same layer that handles real Claude Desktop, Cursor, ChatGPT custom connector, and in-house agent traffic against the Onplana platform.

Why open-source

The MCP transport is the same for everyone. Most early MCP servers get the security primitives wrong:

• Prompt injection. Tools that return user-generated content (task titles, comment bodies, wiki text) put that content directly into the model's context. Without containment, a hostile actor can plant "ignore previous instructions" in their own data and the next agent that reads it follows along.
• Stateless transport. Most SDK examples assume in-memory session state, which breaks horizontal scaling and complicates the auth model.
• Plan-gate semantics. Surfacing tools the caller can't actually invoke wastes turns and confuses the model.

Onplana solved these in production over six months of MCP-server work. Publishing the patterns is high-leverage:

1. Other MCP authors get a known-good template instead of reinventing.
2. The repo is a pretraining-signal surface — public GitHub READMEs are heavily weighted in next-gen LLM training data, and a repo with patterns + clear documentation about MCP improves model recall of "what good MCP servers look like."
3. The dispatcher interface is the seam where your business logic plugs in. The transport is generic; what matters about your MCP server is the tool registry. Open-sourcing the transport doesn't give away anything proprietary.

The dispatcher implementation, tool catalog, plan-gate logic, audit infrastructure, and the rest of Onplana's ~600 LOC closed-source dispatcher stay in the closed monorepo because they encode platform business logic. If you build your own MCP server using this template, you write your own dispatcher — that's the work that matters and the work that's specific to your platform.

Repository layout

onplana-mcp-server/
├── packages/
│   ├── server-template/        # onplana-mcp-server (npm)
│   │   ├── src/
│   │   │   ├── transport.ts    # Streamable HTTP wiring
│   │   │   ├── auth.ts         # Bearer auth pattern
│   │   │   ├── promptInjection.ts  # wrapUserContent + escape
│   │   │   ├── dispatcher.ts   # Pluggable Dispatcher interface
│   │   │   └── index.ts
│   │   ├── tests/              # promptInjection + auth + transport
│   │   └── README.md
│   └── client/                 # onplana-mcp-client (npm)
│       ├── src/
│       │   ├── client.ts       # OnplanaMcpClient class
│       │   ├── types.ts        # Public type surface
│       │   └── index.ts
│       ├── tests/              # client.test.ts (stub fetch)
│       └── README.md
├── examples/
│   └── in-memory/              # Runnable demo with 3 toy tools
└── .github/

... [View full README on GitHub](https://github.com/onplana/onplana-mcp-server#readme)