Skip to main content
Model Context Protocol (MCP) lets you extend Ona Agent with external tools - GitHub, Linear, browser automation, and more. MCP servers run as separate processes in your environment and communicate with the agent over stdio or HTTP.

Configuration

Create .ona/mcp-config.json in your repository: 
{
  "mcpServers": {
    "github": {
      "name": "github",
      "command": "docker",
      "args": [
        "run", "-i", "--rm",
        "-e", "GITHUB_PERSONAL_ACCESS_TOKEN",
        "ghcr.io/github/github-mcp-server"
      ],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "${exec:printf 'protocol=https\nhost=github.com\n' | git credential fill 2>/dev/null | awk -F= '/password/ {print $2}' 2>/dev/null}"
      },
      "timeout": 30,
      "toolDenyList": ["search_code"]
    },
    "playwright": {
      "name": "playwright",
      "command": "npx",
      "args": ["-y", "@executeautomation/playwright-mcp-server"],
      "timeout": 60
    }
  },
  "globalTimeout": 30
}

Configuration options

FieldDescription
commandExecutable to run the server
argsCommand arguments
envEnvironment variables (supports ${exec:...} and ${file:...})
timeoutPer-server timeout in seconds (default: 30)
toolDenyListTools to block (supports wildcards like delete_*)
workingDirWorking directory for the server
disabledSet true to disable without removing config

Example servers

GitHub

GitHub MCP server docs - Ensure gh auth login is configured so git credentials are available.

Linear

MCP server directory - Search for Linear implementations.

Playwright

@executeautomation/playwright-mcp-server - Browser automation for testing and scraping.

Credentials

Use Ona Secrets to inject credentials: 
{
  "env": {
    "API_TOKEN": "${exec:printenv API_TOKEN}",
    "SERVICE_KEY": "${exec:your-secrets-cli get service/key}"
  }
}
  • Environment variables: ${exec:printenv VAR_NAME}
  • Files: ${file:/path/to/secret}
  • External stores: ${exec:aws secretsmanager get-secret-value ...}
Avoid committing secrets to source control - provision them at runtime.

Organization controls

MCP controls toggle in organization settings showing the option to enable or disable MCP servers

MCP controls in organization settings

Organization owners can disable MCP in Settings > Agents. When disabled:
  • .ona/mcp-config.json files are ignored
  • Agent operates with built-in tools only
  • External MCP connections are blocked
See Audit logs to review changes.