> ## Documentation Index
> Fetch the complete documentation index at: https://docs.navisops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Navis Ops MCP Server reference

> The Navis Ops MCP server lets AI assistants read and write your workspace. Covers the base URL, authentication, JSON-RPC format, and session management.

The Navis Ops MCP server lets AI assistants read and write your workspace data using the [Model Context Protocol](https://modelcontextprotocol.io). It implements the MCP specification version 2025-06-18 over Streamable HTTP transport, and supports both API key and OAuth 2.1 authentication. Everything the server exposes — tools, resources, and prompts — is scoped to the authenticated user via row-level security. No cross-user data access is possible.

## Base URL

```
https://<your-supabase-project>.supabase.co/functions/v1/mcp-server-v2
```

Replace `<your-supabase-project>` with your Supabase project reference. You can find the full URL in **Settings → Connected Apps** when you create an API key or connect an OAuth client.

## Authentication

Pass your API key or OAuth access token as a bearer credential in the `Authorization` header on every request:

```bash theme={null}
Authorization: Bearer nops_your_api_key_here
```

For OAuth access tokens, the format is the same — replace the value with your OAuth token.

If authentication fails, the server returns `401 Unauthorized` with a `WWW-Authenticate` header pointing at the discovery document. See the [authentication overview](/api-reference/authentication/overview) for details on both methods.

## What the server exposes

| Category  | Count | Details                                                                          |
| --------- | ----- | -------------------------------------------------------------------------------- |
| Tools     | 52    | Across 12 domains — see [Tools reference](/api-reference/mcp/tools)              |
| Resources | 5     | 4 static + 1 templated — see [Resources reference](/api-reference/mcp/resources) |
| Prompts   | 4     | Named prompt templates — see [Prompts reference](/api-reference/mcp/prompts)     |

## Request format

The MCP server uses JSON-RPC 2.0. Every request is an HTTP POST with a `Content-Type: application/json` body:

```json theme={null}
{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/list",
  "params": {}
}
```

The server also accepts `Accept: text/event-stream` to receive responses as Server-Sent Events (SSE). Most MCP clients handle this negotiation automatically.

### Supported JSON-RPC methods

| Method                     | Description                                     |
| -------------------------- | ----------------------------------------------- |
| `initialize`               | Start a session. Allowed before authentication. |
| `tools/list`               | List all available tools.                       |
| `tools/call`               | Call a specific tool by name.                   |
| `resources/list`           | List all static resources.                      |
| `resources/read`           | Fetch a resource by URI.                        |
| `resources/templates/list` | List URI templates for templated resources.     |
| `prompts/list`             | List all named prompt templates.                |
| `prompts/get`              | Fetch a rendered prompt by name.                |
| `ping`                     | Check that the connection is alive.             |

## Session management

The server maintains DB-backed sessions. After a successful `initialize` call, the server returns a `Mcp-Session-Id` header. Include this header in subsequent requests. Sessions idle out after one hour.

```bash theme={null}
curl https://<your-supabase-project>.supabase.co/functions/v1/mcp-server-v2 \
  -H "Authorization: Bearer nops_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "initialize",
    "params": {
      "protocolVersion": "2025-06-18",
      "capabilities": {},
      "clientInfo": {
        "name": "my-client",
        "version": "1.0.0"
      }
    }
  }'
```

Most MCP client libraries handle session initialization automatically.

## Data scoping and security

All tools and resources are scoped to the authenticated user. The server enforces row-level security on every database query — there is no way for an AI assistant to read or modify another user's data, even if it tries.

The only access control knob available is scope: `mcp:read` grants every read tool, and `mcp:write` grants reads plus all write tools. There is no per-tool ACL.

## Next steps

<CardGroup cols={3}>
  <Card title="Tools" icon="wrench" href="/api-reference/mcp/tools">
    All 52 tools organized by domain with scope requirements.
  </Card>

  <Card title="Resources" icon="book-open" href="/api-reference/mcp/resources">
    5 read-only resources for workspace overview, projects, tasks, and calendar.
  </Card>

  <Card title="Prompts" icon="message" href="/api-reference/mcp/prompts">
    4 named prompt templates for planning, standups, and retrospectives.
  </Card>
</CardGroup>
