Planner

Connect the Planner MCP server

Streamable-HTTP MCP endpoint with OAuth self-discovery. Add it once; Claude handles registration and sign-in. Each user gets an isolated account — no shared state.

TL;DR

# Claude Code — add (user scope = every project), then authenticate via /mcp
claude mcp add -s user --transport http planner https://planner.monopoly-gold.com/_mcp

-s user makes planner available in every project. Drop it to scope the server to the current directory only.

Claude.ai (web): Settings → Connectors → Add custom connector, same endpoint — steps below.

Claude Code

Prerequisites: the claude CLI installed (Claude Code) and a Google account to sign in with. The OAuth callback briefly binds local port 3118 — keep it free.

1. Register the server (command above). It lands in your user config:

Added HTTP MCP server planner with URL: https://planner.monopoly-gold.com/_mcp to user config
File modified: ~/.claude.json

2. Trigger auth from inside Claude Code: launch claude (the interactive REPL), type the slash-command /mcp, then pick planner → Authenticate in the menu. /mcp is a REPL command, not a shell command — it won't work outside claude. A browser tab opens the OAuth flow.
3. Sign in with Google. The tab redirects to localhost:3118/callback and the CLI captures the token automatically.
4. Confirm the connection:

claude mcp list

planner: https://planner.monopoly-gold.com/_mcp (HTTP) - ✔ Connected

Before authenticating, that line reads ! Needs authentication — your cue to run /mcp.

First time? ✔ Connected means the token works — but a brand-new account is created pending, so the first tool call returns 403 pending_approval until an admin approves you. That's expected, not a bug — see the approval gate below. No re-auth once approved.

Claude.ai (web)

1. Settings → Connectors → Add custom connector.
2. Name Planner, URL https://planner.monopoly-gold.com/_mcp → Add.
3. Click Connect on the new entry, then sign in with Google.
4. The connector flips to Connected; Planner tools appear in the chat tool list.

Verify

Connection up ≠ tools usable until your account is approved (see below). Once approved, smoke-test from a chat — ask Claude to list your projects, which calls list-projects:

> list my planner projects
  → planner:list-projects  returns your projects (empty array on a fresh account)

First connection = approval gate

Sign-in creates your account in pending state. Until an admin approves it, tool calls are rejected:

403 pending_approval — account created, awaiting approval

The admin gets a Telegram notification with approve/reject buttons. After approval, the existing connection starts working — no re-auth, no re-add. This blocks drive-by sign-ups from touching data.

Authentication model

No passwords, no API keys to paste. The MCP client discovers everything from the endpoint and runs a standard OAuth 2.1 authorization-code flow with PKCE; the identity provider is Google (OIDC).

Inspect discovery yourself — it's public and unauthenticated:

curl -s https://planner.monopoly-gold.com/.well-known/oauth-protected-resource | jq

{
  "resource": "https://planner.monopoly-gold.com/_mcp",
  "authorization_servers": ["https://planner.monopoly-gold.com"],
  "bearer_methods_supported": ["header"],
  "scopes_supported": ["mcp"],
  "resource_name": "Planner MCP",
  "resource_documentation": "https://planner.monopoly-gold.com/api/capabilities"
}

Data isolation

Each account is a separate tenant. The goal tree, projects, evidence and history are scoped to their owner at the storage layer — not per-tool, so every tool, REST route and resource is isolated by construction. A direct ID from another tenant resolves to nothing.

Troubleshooting