Give Claude, ChatGPT, Cursor, and other MCP clients a shared company memory.
OrgX MCP lets agents remember decisions, recall artifacts, review pending approvals, assign work to specialist agents, track initiative health, and render interactive workflows in MCP Apps-compatible clients.
Remember this decision for the team: we are moving onboarding analytics to PostHog.
What did we decide about billing?
Find the launch plan artifact.
Show me agent work waiting for approval.
Assign this research task to an agent.
What is blocked on the Growth Launch initiative?
Remote MCP URL:
https://mcp.useorgx.com/mcp
Use the Memory profile when you want OrgX to act as shared organizational memory for Claude, ChatGPT, Cursor, and AI agents. Use the Full profile when you want planning, task delegation, widgets, and initiative execution.
OrgX MCP is organizational memory for AI agents and AI-native teams. It connects Claude, ChatGPT, Cursor, and other MCP-capable clients to OrgX so users can:
- review pending decisions and approvals,
- inspect agent activity and initiative health,
- query organizational memory,
- scaffold initiative hierarchies,
- assign work to OrgX agents,
- render OrgX widgets in MCP Apps-compatible hosts.
| Tool | Purpose |
|---|---|
orgx_bootstrap |
Establish session context, scopes, and routing guidance. |
orgx_search |
Find entities, decisions, artifacts, and memory. |
orgx_inspect |
Hydrate one entity with execution context. |
orgx_recommend |
Get next-action recommendations or morning brief signals. |
orgx_write |
Create or update durable OrgX records. |
orgx_attach |
Attach proof, URLs, documents, screenshots, or artifacts. |
orgx_act |
Launch, pause, complete, validate, delete, or otherwise act on an entity. |
orgx_plan |
Start, resume, edit, improve, or complete a plan session. |
orgx_spawn |
Guard, classify, spawn, or hand off specialist agent work. |
orgx_decide |
Create, remember, approve, reject, or list decisions. |
orgx_submit_receipt |
Submit durable proof, attribution, quality, or outcome receipts. |
orgx_emit_activity |
Emit append-only execution telemetry. |
consolidate_pr |
Generate and persist a consolidation_pass receipt for a GitHub pull request. |
Full tool contract: server.json at the repo root with OAuth scopes, input
schemas, and OpenAI widget metadata. Legacy tools remain callable during the
sunset window, but new prompts, skills, examples, and manifests should teach the
v2 names above.
Personal memory remembers the user.
Organizational memory remembers decisions, artifacts, teams, ownership, approvals, and execution state.
Every state/action tool ships a matching widget via MCP Apps (Claude) and
Skybridge (ChatGPT). Resources: ui://widget/decisions.html,
ui://widget/initiative-pulse.html, ui://widget/agent-status.html,
ui://widget/scaffolded-initiative.html, ui://widget/task-spawned.html,
ui://widget/morning-brief.html, plus their skybridge variants.
TBD — the orgx-mcp repo is currently unlicensed pending an organization-wide
decision. Reach out to reviewers@useorgx.com if you need terms before we
publish a LICENSE file.
- Privacy Policy: docs/privacy-policy.md and https://github.com/useorgx/orgx-mcp/blob/main/docs/privacy-policy.md
- Support: docs/support.md and https://github.com/useorgx/orgx-mcp/issues
- Security & Data Handling: docs/security-data-handling.md and https://github.com/useorgx/orgx-mcp/blob/main/docs/security-data-handling.md
- GitHub Presence: docs/github-presence.md and https://github.com/useorgx/orgx-mcp
- Anthropic Directory Review Guide: docs/anthropic-directory.md and https://github.com/useorgx/orgx-mcp/blob/main/docs/anthropic-directory.md
- Connector Review Pack: docs/review/connector-directory-pack.md
- LLM Routing Guide: llms.txt and agents.md
- Directory Submission Copy: directory-submissions/
- Reviewer Runbook: docs/anthropic-reviewer-runbook.md
- Release Manager Checklist: docs/anthropic-release-manager-checklist.md
This repository is the canonical source for the OrgX MCP worker.
The canonical public GitHub location is https://github.com/useorgx/orgx-mcp.
External listings, package metadata, review docs, and launch collateral should use
the useorgx organization and must not link to legacy OrgX-ai or orgx-ai
GitHub surfaces.
The copy inside useorgx/orgx at orgx/workers/orgx-mcp is a vendored mirror used for monorepo integration and verification. After worker changes land here, sync them into the monorepo with:
pnpm sync:orgxUse pnpm sync:orgx:check to confirm the monorepo mirror is current before opening or merging a PR.
A Cloudflare Workers deployment exposes OrgX initiatives, milestones, tasks, org snapshots, and Stripe upgrades over the Model Context Protocol (MCP). The worker reuses the Next.js API routes inside this repo, so shipped business logic stays in one place.
pnpm(matches the repo's package manager)- Cloudflare account with Workers enabled
- The following environment variables must be configured for both the worker and the Next.js app:
MCP_SERVICE_KEY(Vercel) /ORGX_SERVICE_KEY(Worker secret)ORGX_API_URLMCP_JWT_SECRET(Worker secret)ORGX_INTERNAL_SECRET(Worker secret; must match the OrgX web app runtime secret)- Existing Stripe/Supabase secrets (
STRIPE_*,SUPABASE_*)
Note:
OAUTH_CLIENT_IDandOAUTH_CLIENT_SECRETare NOT needed. OAuth clients (like ChatGPT) register dynamically viaPOST /registerand get their credentials stored in the OAuthState Durable Object.
# From the repo root
pnpm install
cp .dev.vars.example .dev.vars # customize once, ignored by git
pnpm dev # runs wrangler dev on http://127.0.0.1:8787wrangler.toml stays out of git; all local secrets live in .dev.vars (same format as wrangler secret put). Example contents:
ORGX_API_URL="http://localhost:3000"
ORGX_SERVICE_KEY="oxk-..."
MCP_JWT_SECRET="your-32-byte-secret"
ORGX_INTERNAL_SECRET="same-secret-as-orgx-web"When running pnpm dev, Wrangler automatically loads .dev.vars, so the worker can mint JWTs and proxy to the local Next.js API.
# From the repo root
pnpm install --frozen-lockfile
pnpm wrangler deploy # prod
pnpm wrangler deploy --env preview # staging (uses [env.preview])Before deploying, seed Cloudflare secrets once per environment:
pnpm wrangler secret put ORGX_SERVICE_KEY --env production
pnpm wrangler secret put MCP_JWT_SECRET --env production
pnpm wrangler secret put ORGX_INTERNAL_SECRET --env productionThese secrets are NOT overwritten by wrangler deploy (unlike vars in wrangler.toml).
CI expects matching GitHub Secrets:
ORGX_SERVICE_KEYMCP_JWT_SECRETORGX_INTERNAL_SECRET
The public MCP entrypoints are:
POST /mcp– streamable HTTP for new MCP clientsGET /sse– SSE for legacy clients
Use https://mcp.useorgx.com/mcp for client setup unless a legacy client
explicitly asks for SSE.
For local MCP clients like Cursor and Claude, point mcp-remote at the streamable HTTP MCP URL.
Hosted config discovery endpoints are metadata-only. Any local installer must prompt
before writing files, keep generated Cursor assets under .cursor/orgx/, and avoid
writing OrgX files under .cursor/commands/, .cursor/rules/, or .claude/.
Add the worker to Cursor's MCP config (macOS/Linux ~/.cursor/mcp.json):
{
"mcpServers": {
"orgx": {
"command": "npx",
"args": [
"mcp-remote",
"https://mcp.useorgx.com/mcp",
"--header",
"Authorization: Bearer <access-token>"
]
}
}
}Quick CLI test:
npx mcp-remote https://mcp.useorgx.com/mcp \
--header "Authorization: Bearer <access-token>" \
--health-checkThe worker implements the full MCP OAuth 2.1 spec with PKCE:
- Dynamic Client Registration:
POST /register- clients like ChatGPT register and receive unique credentials - Authorization:
GET /authorize- redirects to Clerk (OrgX web) for user authentication - Token Exchange:
POST /token- exchanges authorization codes for JWT access tokens - Refresh Tokens: Supported when
offline_accessscope is requested
OAuth client credentials are stored in the OAuthState Durable Object (not environment variables).
Durable Objects (OrgXMcp class) keep each MCP session isolated so both transports can run simultaneously.
Reviewers need:
- a provisioned OrgX test account with representative sample data,
- OAuth callbacks allowlisted for Claude and localhost MCP clients,
- active credentials shared through a secure submission channel outside this repository.
Required callback URLs:
http://localhost:6274/oauth/callbackhttp://localhost:6274/oauth/callback/debughttps://claude.ai/api/mcp/auth_callbackhttps://claude.com/api/mcp/auth_callback
The reviewer environment is prepared inside the OrgX web app, not inside the MCP worker.
Authenticated OrgX routes for the dedicated reviewer account:
GET https://useorgx.com/api/review/sessions/<token>/statusPOST https://useorgx.com/api/review/sessions/<token>/bootstrapPOST https://useorgx.com/api/review/sessions/<token>/reset
These routes operate only on the currently authenticated user's dedicated Anthropic Review Workspace. Use the reviewer runbook for the exact bootstrap/reset flow and the prompt matrix Anthropic should exercise.
- Start the worker:
pnpm dev(uses.dev.vars) - Run
npx mcp-remote ... --health-checkto verify the session can list tools - Connect Cursor/Claude by pointing to the worker (
~/.cursor/mcp.json)
This worker ships a deterministic E2E flow you can run live from any MCP client (real OrgX APIs, no mocks):
- Prompt:
thursday-e2e(primary). Scaffolds an initiative, creates a pending decision, approves it, spawns an agent task, and renders the widgets. - Prompt alias:
thursday-e2e-demo(backwards-compat). Same flow asthursday-e2e.
Context survival notes:
- Session auth is persisted in the Durable Object SQLite store so OAuth sign-in survives DO resets/deployments.
- Session context (last selected workspace + last active initiative) is also persisted so follow-up calls can keep working even if the client drops IDs.
- Workspaces can be created directly from MCP with
workspace action=create name="New Workspace"; the new workspace becomes active for follow-up calls by default.
Widget protocol notes:
- ChatGPT Apps SDK templates use
openai/outputTemplate+text/html+skybridge. - MCP Apps hosts use
ui.resourceUri+text/html;profile=mcp-app. - This worker registers both URI variants for each widget and serves the same HTML payload.
User prompt: Show me the pending decisions that need approval today.
Expected behavior: The worker calls orgx_decide action=list_pending, returns seeded decisions for the authenticated workspace, and renders the decisions widget in compatible hosts.
User prompt: Give me the pulse for the Search Copilot Readiness initiative.
Expected behavior: The worker calls orgx_inspect type=initiative, returns milestones, blockers, and activity, and renders the initiative pulse widget in compatible hosts.
User prompt: Plan a launch initiative with two workstreams, one milestone each, and two tasks per milestone.
Expected behavior: The worker calls orgx_plan action=start, then uses orgx_write for durable records as needed.
User prompt: Assign the engineering agent a task to audit the onboarding funnel.
Expected behavior: The worker calls orgx_spawn, records the assignment in OrgX, and returns the task or handoff result.
The v2 public surface uses orgx_plan and orgx_write for new prompts and
skills. The lower-level hierarchy tools below remain callable during the
compatibility window for older clients and bulk migration scripts.
batch_create_entities now returns created IDs in a machine-usable form (and includes them in the plain text response for LLM clients that drop structured payloads).
It also supports caller-provided ref keys and *_ref relationship fields so you can create a full hierarchy in a single call (initiative → workstream → milestone → task):
{
"entities": [
{
"type": "workstream",
"ref": "ws-query",
"title": "AI Query Discovery",
"initiative_id": "e46bb475-..."
},
{
"type": "milestone",
"ref": "ms-queries",
"title": "30+ Queries Mapped",
"initiative_id": "e46bb475-...",
"workstream_ref": "ws-query"
},
{
"type": "task",
"title": "Brainstorm 50 ICP queries",
"initiative_id": "e46bb475-...",
"workstream_ref": "ws-query",
"milestone_ref": "ms-queries"
}
]
}Supported relationship refs (when the corresponding *_id is omitted): initiative_ref, workstream_ref, milestone_ref, command_center_ref, project_ref, objective_ref, run_ref.
For the common case of creating an initiative plus its full hierarchy, use scaffold_initiative:
{
"title": "AI Legibility Foundation",
"auto_plan": false,
"launch_after_create": true,
"workstreams": [
{
"title": "AI Query Discovery",
"milestones": [
{
"title": "30+ ICP Queries Mapped",
"tasks": [
{ "title": "Brainstorm 50 ICP queries" },
{ "title": "Score + prioritize top 30" }
]
}
]
}
]
}When workstreams are provided, scaffold_initiative now preserves that explicit hierarchy and disables initiative auto-planning by default (auto_plan: false) so OrgX does not generate a second overlapping structure on top of the scaffold. If you omit workstreams, auto-planning remains enabled by default so a planner can synthesize the hierarchy later.
launch_after_create still defaults to true, so stream dispatch can begin immediately after the scaffold is created. Set launch_after_create: false to keep the initiative in draft state after scaffold creation.
The tool returns a nested hierarchy with IDs (plus created[], failed[], ref_map, and launch outcome metadata for chaining).
orgx_search supports hierarchy filters so clients can read one branch without reconstructing the tree client-side:
initiative_idforworkstream,milestone,task,stream,decisionworkstream_idformilestone,task,stream,decisionmilestone_idfortask
The fields parameter also accepts generic aliases such as title and summary; OrgX maps them to the correct storage columns per entity type (for example, workstream uses name under the hood).
Ordering defaults to newest-created first for top-level browse queries. Use order_by (created_at, updated_at, sequence, due_date, priority, status, title, name, or natural) with order_direction (asc or desc) when a specific sort is needed. Initiative-scoped hierarchy reads keep natural sequence order by default so scaffolded workstreams, milestones, and tasks stay in execution order.
Contract note: the canonical behavior for initiative creation and hierarchy reads lives in the OrgX API. This worker must mirror that contract, especially auto_plan defaults, supported hierarchy filters, and generic field alias handling.
The following entity types persist a context JSON array: initiative, workstream, milestone, task.
Each entry is a pointer with an optional relevance note (pointers, not payloads):
{
"type": "task",
"title": "Write /use-cases/solo-technical-founders page",
"context": [
{
"type": "url",
"uri": "https://...",
"label": "Research doc",
"relevance": "Query targets + competitor gaps"
},
{
"type": "entity",
"entity_type": "milestone",
"entity_id": "ab0e929c-...",
"relevance": "Use audit output"
},
{
"type": "plan_session",
"session_id": "plan-abc123",
"section": "## Content Strategy",
"relevance": "Decision rationale"
}
]
}To hydrate these pointers for execution, use orgx_inspect for one entity or
orgx_search with id + hydrate_context=true for generic reads.
complete_plan supports attach_to to automatically add a plan_session pointer into target entities’ context[]:
{
"session_id": "plan-abc123",
"implementation_summary": "Shipped batch scaffolding improvements",
"attach_to": [
{ "entity_type": "initiative", "entity_id": "e46bb475-..." },
{
"entity_type": "task",
"entity_id": "task-xyz",
"section": "## Content Strategy"
}
]
}The MCP worker uses GitHub Actions for automated deployment and registry publishing.
Deployments are triggered automatically:
| Trigger | Environment | Registry Publish |
|---|---|---|
Push to main (**) |
Production | No |
| GitHub Release published | Production | Yes |
| Manual workflow dispatch | Configurable | Optional |
Set these secrets in your GitHub repository settings:
| Secret | Description | How to Get |
|---|---|---|
CLOUDFLARE_API_TOKEN |
Cloudflare API token with Workers permissions | Cloudflare Dashboard |
CLOUDFLARE_ACCOUNT_ID |
Your Cloudflare account ID | Cloudflare Dashboard → Workers |
ORGX_SERVICE_KEY |
Service key for OrgX API | OrgX Admin Settings |
MCP_JWT_SECRET |
JWT signing secret (32+ bytes) | Generate with openssl rand -hex 32 |
ORGX_INTERNAL_SECRET |
Shared web app / MCP worker identity secret | Generate with openssl rand -hex 32; must match the web app runtime |
MCP_REGISTRY_PUBKEY |
Ed25519 public key for registry | Generated below |
MCP_REGISTRY_PRIVATE_KEY |
Ed25519 private key (hex) for registry | Generated below |
Use the release script to bump versions and create tags:
# From the repo root
# Patch release (1.0.0 -> 1.0.1)
pnpm release:patch
# Minor release (1.0.0 -> 1.1.0)
pnpm release:minor
# Major release (1.0.0 -> 2.0.0)
pnpm release:major
# Or specify exact version
pnpm release 2.0.0Then push and create the GitHub release:
# Push commit and tag
git push && git push origin mcp-v1.0.0
# Create GitHub release (triggers deploy + registry publish)
gh release create mcp-v1.0.0 --generate-notes --title "OrgX MCP v1.0.0"Trigger deployment manually from GitHub Actions:
- Go to Actions → "MCP Worker Deploy"
- Click "Run workflow"
- Select options:
- Environment: production/preview
- Publish to registry: yes/no
OrgX MCP server is listed in the official MCP Registry at com.useorgx/orgx-mcp. This section documents how to update the registry listing.
-
mcp-publisher CLI - Install via:
# macOS/Linux curl -L "https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher sudo mv mcp-publisher /usr/local/bin/ # Or via Homebrew brew install modelcontextprotocol/tap/mcp-publisher
-
Domain verification - Must verify ownership of
useorgx.com
-
Generate Ed25519 keypair:
# From the repo root ./scripts/generate-registry-keys.shThis creates files in
keys/(gitignored):mcp-registry.pem- Private key (keep secure!)http-well-known.txt- Public key for HTTP verification
-
Set up HTTP domain verification:
# Set the public key as a Cloudflare secret wrangler secret put MCP_REGISTRY_PUBKEY # Paste the base64 public key from keys/http-well-known.txt # Deploy the worker pnpm wrangler deploy # Verify it works (must be reachable on apex for com.useorgx/*) curl https://useorgx.com/.well-known/mcp-registry-auth # Should return: v=MCPv1; k=ed25519; p=<your-pubkey> # (Optional) Also available on: # curl https://www.useorgx.com/.well-known/mcp-registry-auth # curl https://mcp.useorgx.com/.well-known/mcp-registry-auth
-
Login to registry:
# Read private key hex PRIVKEY=$(grep -v '^#' keys/private-key-hex.txt | tr -d '[:space:]') # Login with HTTP verification mcp-publisher login http --domain=useorgx.com --private-key="$PRIVKEY"
When updating server.json (e.g., adding new tools), publish to the registry:
# From the repo root
# Validate first (always do this!)
./scripts/publish-to-registry.sh --dry-run
# Publish for real
./scripts/publish-to-registry.shRun this after deploys (or metadata/auth changes) to verify core MCP + registry endpoints:
# From the repo root
pnpm smoke:endpointsChecks include:
/healthz/.well-known/oauth-authorization-server/.well-known/oauth-protected-resource/.well-known/mcp-registry-authon bothmcp.useorgx.comanduseorgx.com
The server.json file describes OrgX MCP for the registry:
{
"$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
"name": "com.useorgx/orgx-mcp",
"title": "OrgX MCP — Organizational Memory for AI Agents",
"description": "Organizational memory and agent orchestration MCP. Remember decisions, artifacts, tasks, and project context across Claude, ChatGPT, Cursor, and other agents.",
"version": "1.0.4",
"remotes": [
{ "type": "streamable-http", "url": "https://mcp.useorgx.com/mcp" },
{ "type": "sse", "url": "https://mcp.useorgx.com/sse" }
],
"tools": [...],
"resources": [...],
"prompts": [...]
}Key points:
nameusescom.useorgx/*namespace (requiresuseorgx.comdomain verification)- Both
streamable-httpandssetransports are listed - Tools, resources, and prompts document all server capabilities
- Update
versionwhen making changes
"Domain verification failed"
- Check that
MCP_REGISTRY_PUBKEYsecret is set correctly - Verify endpoint:
curl https://useorgx.com/.well-known/mcp-registry-auth - The registry CLI does not follow redirects.
https://useorgx.com/.well-known/mcp-registry-authmust return200directly (no 3xx towww). - Ensure keypair hasn't been regenerated without updating the secret
"Schema validation failed"
- Run
mcp-publisher validateto see detailed errors - Check
server.jsonagainst the schema
"Rate limited"
- The registry is in preview; retry after a few minutes
See docs/privacy-policy.md for the repository-level policy covering the hosted MCP worker. Public link: https://github.com/useorgx/orgx-mcp/blob/main/docs/privacy-policy.md
- Primary web support channel: https://github.com/useorgx/orgx-mcp/issues
- Support guidance: docs/support.md
See docs/security-data-handling.md for the operational security summary, OAuth callback allowlist requirements, and reviewer handling guidance.
Submission and reviewer checklist: docs/anthropic-directory.md Reviewer runbook: docs/anthropic-reviewer-runbook.md Release manager checklist: docs/anthropic-release-manager-checklist.md
Pre-submit repo check:
pnpm directory:preflightOperational reviewer check:
- confirm the reviewer workspace is baseline-ready via
https://useorgx.com/api/review/sessions/<token>/status - if needed, bootstrap or reset the dedicated reviewer workspace before handing credentials to Anthropic
- OrgX MCP requires an OrgX account and authenticated workspace for most meaningful operations.
- Write-capable tools mutate OrgX state and must be used with deliberate user intent.
account_upgradereturns a checkout or contact URL; it does not silently purchase a plan.- Widget rendering depends on an MCP Apps-compatible host. Non-widget hosts still receive structured tool output.