Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.navisops.com/llms.txt

Use this file to discover all available pages before exploring further.

The Navis Ops MCP server lets AI assistants read and write your workspace data using the Model Context Protocol. It implements the MCP specification version 2025-06-18 over Streamable HTTP transport, and supports both API key and OAuth 2.1 authentication. Everything the server exposes — tools, resources, and prompts — is scoped to the authenticated user via row-level security. No cross-user data access is possible.

Base URL

https://<your-supabase-project>.supabase.co/functions/v1/mcp-server-v2
Replace <your-supabase-project> with your Supabase project reference. You can find the full URL in Settings → Connected Apps when you create an API key or connect an OAuth client.

Authentication

Pass your API key or OAuth access token as a bearer credential in the Authorization header on every request: 
Authorization: Bearer nops_your_api_key_here
For OAuth access tokens, the format is the same — replace the value with your OAuth token. If authentication fails, the server returns 401 Unauthorized with a WWW-Authenticate header pointing at the discovery document. See the authentication overview for details on both methods.

What the server exposes

CategoryCountDetails
Tools52Across 12 domains — see Tools reference
Resources54 static + 1 templated — see Resources reference
Prompts4Named prompt templates — see Prompts reference

Request format

The MCP server uses JSON-RPC 2.0. Every request is an HTTP POST with a Content-Type: application/json body: 
{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/list",
  "params": {}
}
The server also accepts Accept: text/event-stream to receive responses as Server-Sent Events (SSE). Most MCP clients handle this negotiation automatically.

Supported JSON-RPC methods

MethodDescription
initializeStart a session. Allowed before authentication.
tools/listList all available tools.
tools/callCall a specific tool by name.
resources/listList all static resources.
resources/readFetch a resource by URI.
resources/templates/listList URI templates for templated resources.
prompts/listList all named prompt templates.
prompts/getFetch a rendered prompt by name.
pingCheck that the connection is alive.

Session management

The server maintains DB-backed sessions. After a successful initialize call, the server returns a Mcp-Session-Id header. Include this header in subsequent requests. Sessions idle out after one hour. 
curl https://<your-supabase-project>.supabase.co/functions/v1/mcp-server-v2 \
  -H "Authorization: Bearer nops_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "initialize",
    "params": {
      "protocolVersion": "2025-06-18",
      "capabilities": {},
      "clientInfo": {
        "name": "my-client",
        "version": "1.0.0"
      }
    }
  }'
Most MCP client libraries handle session initialization automatically.

Data scoping and security

All tools and resources are scoped to the authenticated user. The server enforces row-level security on every database query — there is no way for an AI assistant to read or modify another user’s data, even if it tries. The only access control knob available is scope: mcp:read grants every read tool, and mcp:write grants reads plus all write tools. There is no per-tool ACL.

Next steps

Tools

All 52 tools organized by domain with scope requirements.

Resources

5 read-only resources for workspace overview, projects, tasks, and calendar.

Prompts

4 named prompt templates for planning, standups, and retrospectives.