Lets an external platform's AI agent query tickets, review them, add comments, and resolve / transition them in Workload — over the Model Context Protocol, authenticated by a single bearer API token.
external agent ──MCP/stdio──▶ workload-mcp ──HTTPS (wlt_ bearer)──▶ workload /api ──▶ BOSS
A Workload admin mints tokens at Admin → API tokens → New token. Each token:
@bosslogics.com reviewer gets all epics; an external reviewer is limited to their invited epics.wlt_<48 hex>. Store it securely; revoke from the same screen if it leaks.The server lives in the workload repo under mcp/. It's a small stdio Node app — no database access of its own, just a wrapper over the existing /api endpoints.
cd mcp
npm install
npm run build
cp .env.example .env # then fill in the two values below
WORKLOAD_API_BASE=https://workload.bosslogics.com/api
WORKLOAD_API_TOKEN=wlt_… # the token from step 1
Point your agent host (Claude Desktop, an Agent SDK app, etc.) at the built server:
{
"mcpServers": {
"workload": {
"command": "node",
"args": ["/path/to/workload/mcp/dist/index.js"],
"env": {
"WORKLOAD_API_BASE": "https://workload.bosslogics.com/api",
"WORKLOAD_API_TOKEN": "wlt_…"
}
}
}
}
| Tool | What it does | Scope |
|---|---|---|
list_tickets | List tickets the token can see; filter by epic / status / text. | read |
get_ticket | One ticket's fields, comments, and available transitions. | read |
add_comment | Post a comment (optionally internal-only, or a threaded reply). | comment |
list_transitions | The statuses a ticket can move to. | read |
transition_ticket | Move a ticket to a new status. | resolve |
resolve_ticket | Record a resolution and move the ticket to Done. | resolve |
Every request sends Authorization: Bearer wlt_…. Writes are gated
server-side by the token's scopes, so a read-only token can list and
read but cannot comment or resolve — even though the bound reviewer could in a
browser. Tokens can also carry an expiry and be revoked at any time.
| Response | Meaning |
|---|---|
401 unauthorized | No token sent, or it didn't reach the server. Check the Authorization header. |
401 invalid or expired api token | The token is unknown, revoked, or past its expiry. Mint a new one. |
403 api token missing scope: … | The token lacks the scope for that action (e.g. a read token trying to comment). |
403 invite required / empty results | The bound reviewer can't see that epic. Bind the token to an internal reviewer, or invite the reviewer to the epic. |
https://workload.bosslogics.com/api.
Per-developer environments use https://<you>.workload.dev.bosslogics.com/api.