@fruition/unroo-client-mcp
v2.0.0
Published
MCP server that lets a client's AI assistant (Claude, ChatGPT, Cursor, etc.) read project context, submit bugs, comment, and pull infrastructure reports via UnRoo (app.unroo.io). Supports stdio (local tools) and connects to the remote HTTP endpoint for we
Readme
@fruition/unroo-client-mcp
MCP server that lets a client's AI assistant (Claude, ChatGPT, Cursor, etc.) read project context, submit bugs, comment, and pull infrastructure reports against the Fruition team's UnRoo workspace.
Two ways to connect
Option 1: Local (Claude Desktop, Claude Code, Cursor, Codex CLI)
Best for tools that run on your machine.
- Get a key. Log in to the UnRoo portal and visit
/portal/access. Click "Generate key" and copy the value (shown once). - Add to your
.mcp.json(or Cursor's MCP settings, or Codex CLI config):
{
"mcpServers": {
"unroo": {
"command": "npx",
"args": ["-y", "@fruition/unroo-client-mcp"],
"env": {
"UNROO_CLIENT_KEY": "<paste your key>"
}
}
}
}- Restart your tool. Tools
list_projects,submit_bug,get_security_report, etc. should appear.
Option 2: Remote / Web (ChatGPT connectors, Claude.ai custom connectors)
Best for web-based AI tools that support remote MCP.
- Log in to the UnRoo portal and visit
/portal/access. Make sure MCP access is enabled. - In ChatGPT or Claude.ai, add a custom connector with this URL:
https://app.unroo.io/api/external/client/mcp- Click "Connect." You'll be redirected to UnRoo to log in and authorize. After approving, the connector has access to your projects, tickets, and reports.
- No package install needed — the platform connects directly to UnRoo.
Tools
| Tool | Purpose |
|---|---|
| list_projects | Projects this client owns |
| get_project_context | Briefing for one project (counts, decisions, KB titles) |
| list_bugs | Bug/task list (optional status, project filters) |
| get_bug | Single bug + client-visible comments |
| get_bug_updates | Incremental check since an ISO timestamp |
| submit_bug | Open a new bug |
| add_comment | Reply on a bug (always client-visible) |
| list_kb_articles | Public KB articles |
| read_kb_article | Full KB article body |
| list_sites | Client's websites — domain, CMS, scan date, findings count |
| get_site_status | Per-site: security findings, backup status, WAF status |
| get_security_report | Security scan findings by severity across all sites |
| get_backup_report | Backup status across all sites |
| get_uptime_status | Uptime status across all sites |
| get_launches | Launch info for the client's projects |
Environment (local mode)
| Var | Default | Notes |
|---|---|---|
| UNROO_CLIENT_KEY | (required) | Per-client API key |
| UNROO_BASE_URL | https://app.unroo.io | Override for staging or local dev |
Webhooks (alternative to polling)
Instead of get_bug_updates, register a webhook from the portal — UnRoo will POST you HMAC-signed events on bug.created / bug.status_changed / comment.client_visible. See the portal "Webhooks" section.
Permissions
The Fruition admin can disable individual features per client:
allow_submit_bugsallow_commentsallow_kb_readallow_infra_read
Disabled features return HTTP 403 with {"error": "Feature 'X' is not enabled for your account."}. The master mcp_enabled toggle on the client account turns everything off at once.
Cross-client isolation
All requests are server-side filtered by the client your key belongs to. There is no way to read another client's data with your key — this is enforced at the route handler in UnRoo, not in this package. OAuth tokens are scoped to a single billing_client_id and cannot access other clients.
Reports & infrastructure data
The infrastructure tools (list_sites, get_site_status, get_security_report, get_backup_report, get_uptime_status, get_launches) return derived summaries only — no raw scan output, no credentials, no origin IPs, no internal notes. This follows the client-intelligence platform doctrine: clients see published/derived data, never raw operational data.
License
UNLICENSED — distribution is at the discretion of Fruition.
