Skip to main content
Model Context Protocol (MCP) lets you extend Ona Agent with external tools - GitHub, Linear, browser automation, and more. MCP servers run as separate processes in your environment and communicate with the agent over stdio or HTTP.

Configuration

Create .ona/mcp-config.json in your repository: 
{
  "mcpServers": {
    "github": {
      "name": "github",
      "command": "docker",
      "args": [
        "run", "-i", "--rm",
        "-e", "GITHUB_PERSONAL_ACCESS_TOKEN",
        "ghcr.io/github/github-mcp-server"
      ],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "${exec:printf 'protocol=https\nhost=github.com\n' | git credential fill 2>/dev/null | awk -F= '/password/ {print $2}' 2>/dev/null}"
      },
      "timeout": 30,
      "toolDenyList": ["search_code"]
    },
    "playwright": {
      "name": "playwright",
      "command": "npx",
      "args": ["-y", "@executeautomation/playwright-mcp-server"],
      "timeout": 60
    }
  },
  "globalTimeout": 30
}

Configuration options

FieldDescription
commandExecutable to run the server
argsCommand arguments
envEnvironment variables (supports ${exec:...} and ${file:...})
timeoutPer-server timeout in seconds (default: 30)
toolDenyListTools to block (supports wildcards like delete_*)
workingDirWorking directory for the server
disabledSet true to disable without removing config

Example servers

GitHub

GitHub MCP server docs - Ensure gh auth login is configured so git credentials are available.

Linear

MCP server directory - Search for Linear implementations.

Playwright

@executeautomation/playwright-mcp-server - Browser automation for testing and scraping.

Credentials

Use Ona Secrets to inject credentials: 
{
  "env": {
    "API_TOKEN": "${exec:printenv API_TOKEN}",
    "SERVICE_KEY": "${exec:your-secrets-cli get service/key}"
  }
}
  • Environment variables: ${exec:printenv VAR_NAME}
  • Files: ${file:/path/to/secret}
  • External stores: ${exec:aws secretsmanager get-secret-value ...}
Avoid committing secrets to source control - provision them at runtime.

Organization controls

MCP controls toggle in organization settings showing the option to enable or disable MCP servers
Organization owners can disable MCP in Settings > Agents. When disabled:
  • .ona/mcp-config.json files are ignored
  • Agent operates with built-in tools only
  • External MCP connections are blocked
See Audit logs to review changes.