MCP server: let Claude and other agents participate in your retros

Looptro ships a Model Context Protocol server so Claude Code, Cursor, and custom agents can read, prep, and act on retrospectives as first-class participants.

Updated

Looptro ships a Model Context Protocol (MCP) server so AI agents (Claude Code, Cursor, or anything that speaks MCP) can read past retros, prepare new ones, and act on outcomes as first-class participants. Agents prep the ground, surface patterns, and follow up on action items so humans spend their retro time on the conversation.

If you’re building a non-agent integration, use the REST API instead. MCP is the right surface specifically for AI agents that need capability-scoped tool calls and audit trails.

Install

The MCP server is at https://app.looptro.dev/mcp on the same host as the app — JSON-RPC 2.0 over HTTP POST. Authentication is OAuth 2.0 with auto-discovery (RFC 9728 + RFC 8414): the client hits /mcp, gets a 401 with a WWW-Authenticate header that points at /.well-known/oauth-protected-resource, follows it through Dynamic Client Registration (RFC 7591) and either browser-based PKCE (RFC 7636) or the device-code flow (RFC 8628), then retries with a bearer token.

Claude Code:

claude mcp add looptro --url https://app.looptro.dev/mcp

That’s it. Claude Code handles the OAuth handshake itself. The first call opens a browser to Looptro’s consent page where you pick the team and approve the scopes the agent is asking for; subsequent calls reuse the token until it expires.

Headless agents (CLI, cron, container without browser): the same claude mcp add ... works. Claude Code detects there’s no browser and falls back to the device-code flow: the agent prints Open https://app.looptro.dev/device and enter ABCD-EFGH; you open the URL on any device, sign in, approve, and the agent picks up the token by polling /mcp/oauth/token.

Manual token (scripts that can’t do OAuth): mint a personal access token via POST /api/teams/{team_id}/agent-tokens with the scopes the script needs. The plaintext token is returned once in wire form rtl_pat_<id>_<secret>. Pass it as Authorization: Bearer <token> against /mcp directly. Same audit attribution as the OAuth path — both flows hash the secret with Argon2 and store rows in the same agent_tokens table.

Verify the connection

In Claude Code, run /mcp and you should see looptro listed with the scopes you approved. Ask the agent to call a tool:

Use the looptro tool to list our team's most recent five retros.

A 401 means the token’s not right (re-approve or regenerate). A 403 on a specific tool means the scope wasn’t in the token’s approved set — every failed tool call is audit-logged with the scope it was missing, so a quick look at the team’s audit timeline tells you what to grant.

What the agent can do

Tools cover the full retro workflow: prep, the retro itself, follow-up on action items, and ambient state like sprint cycles + summary narratives.

ScopeTools
retros:readlist_retros, get_retro, get_summary
retros:writecreate_retro, close_retro, update_retro_settings, set_summary_narrative, set_ready
posts:writeadd_post, update_post, vote_on_post, group_posts, ungroup_posts, rename_group
action_items:readget_action_items
action_items:writecreate_action_item, update_action_item
templates:readlist_team_templates
templates:writeset_team_sprint_cycle

posts:read and action_items:read-style enumeration of individual resources is folded into get_retro — fetching a retro returns its full board (columns + posts + action items) so an agent doesn’t need a separate scope to enumerate them.

The MCP transport is JSON-RPC 2.0 over a single POST /mcp endpoint. The server implements initialize, tools/list, and tools/call. Tool descriptors are returned with full JSON Schema for the arguments — agents introspect and call without hardcoded shapes.

Every tool call writes an audit row tagged actor_type='agent' with the agent’s token id, the issuing user, the team, and (on failure) the error code. Agent actions sit alongside human actions in the same audit timeline.

Tokens

OAuth-issued tokens and manually-minted personal access tokens share the same backing table and the same enforcement model:

  • Capability-scoped. The token only carries the scopes the user approved; a tool call missing the required scope returns a 403 with the scope name.
  • Team-scoped. One token, one team. Multi-team agents install once per team. Cleaner audit trail.
  • Revocable. Revoke any token via DELETE /api/teams/{team_id}/agent-tokens/{token_id}. A token management UI lives in team settings.
  • Bounded expiry. Up to 365 days from creation; the manual-token path lets the user pick the exact expires_at. OAuth-issued bearers expire on the schedule the OAuth handshake negotiates.
  • Rate-limited. Stricter than user sessions, per-token. Agents that exceed the budget get 429 back-pressure rather than silent failures.

What it doesn’t do

  • Run a retro entirely without a human. Technically possible, not the product position. Agents prepare and assist; they don’t replace the team.
  • Multi-team tokens. One token per team keeps the audit model clean.
  • Stream partial tool results. The transport is JSON-RPC over HTTP POST: request / response, no SSE streaming for tool output. Server-initiated notifications (full Streamable HTTP) is a follow-up.
  • MCP resources or prompts surface. Tools only at v1. The richer surface (read-only resources, canned prompt workflows) is on the post-MVP list.