Project plans that agents can run, via MCP or in-app.
The plan is the source of truth: tasks, sprints, milestones, dependencies, baselines, and an audit log. Agents read from it and write structured changes back. Two surfaces reach the same plan, an MCP server for external agents (Claude desktop, Cursor, Codex) and Run-with-Agent for the in-app experience.
250 MCP tools · OAuth 2.1 + DCR · idempotent · audited
The assistant-in-a-tab problem
Most project tools bolt an assistant onto the side of the app. You ask it a question, it answers in a chat panel, and the result lives in scrollback. The next person who opens the project cannot see what the assistant concluded, and neither can the next agent. The work product is a conversation, and a conversation is not something a team or a second agent can build on.
The fix is to stop treating the plan as context for a chat and start treating it as the substrate the chat writes to. When an agent moves a task, flags a risk, or drafts a status report, the change lands on the plan itself, with the same permission checks, idempotency, and audit trail a human edit gets. The conversation is disposable. The plan is what persists, and it is what the next worker, human or agent, picks up.
The model: plan as substrate
Two surfaces write into one plan. Both go through the same gate.
What it looks like
Three real interactions. The bracketed lines are tool calls against the plan.
You: Connect to Onplana, what's overdue
on Mobile App v2?
Claude: [list_overdue, project filter]
4 overdue. Top 2: "API rate limit
handling" (Sarah, 6d), "Push
notification config" (Mike, 3d).
Both in Sprint 14.
You: Move them to Sprint 15. Reassign
Sarah's to Mike, she's at capacity.
Claude: [move_task_to_sprint x2,
assign_task]
Done. Both in Sprint 15. Sarah's
task reassigned to Mike.
Audit log: /audit/...[Cursor finishes refresh token
rotation, commits a3f7c2]
Cursor (via MCP):
update_task taskId=tsk_abc
status=DONE
note="Commit a3f7c2: refresh
token rotation"
Onplana:
Task moved to DONE.
2h logged to draft timesheet.PM clicks "Run with Agent" on the
Q4 Launch project.
Goal: "Identify blockers before
standup."
Agent runs (read state):
list_tasks, list_risks, list_overdue
analyze_project_health (AI pass over
comments + state)
Returns a proposal:
3 risks flagged, 2 mitigation tasks
drafted, 4 reassignment suggestions.
PM accepts 2 risks, edits the 3rd,
accepts both mitigations, accepts 1
reassignment, rejects 3. Status report
draft attached.Two surfaces, two sizes
The MCP server registers 250 tools, spanning projects, tasks, sprints, milestones, earned value, risks, issues, governance, change control, timesheets, wikis, whiteboards, workflows, and the Microsoft Graph integrations. Every one is RBAC-checked against the caller's role, plan-gated against the org's tier, idempotent on a client-supplied key, and written to an audit trail. An external agent with the right token can reach all of it.
250 tools is too large a surface for an autonomous in-app agent to navigate well, so Run-with-Agent works through a curated set of ten capabilities, biased toward analysis, drafting, and proposing rather than executing irreversible decisions. It can summarize a project, analyze project health, generate a risk register, calculate earned value, run a schedule health check, break a task into subtasks, and draft documents and workspace tables. Every Run-with-Agent capability is additive by construction: it writes new artifacts and never edits an existing row, and a test fails the build if a capability declares otherwise. It cannot move tasks between sprints, reassign people, approve timesheets, or advance governance gates. Those stay with humans, who accept, edit, or reject each proposal. The docs walk through both halves of the loop: assigning work to an agent and reviewing what it produces.
Removal is recoverable everywhere it matters. There is no tool to delete a project, task, sprint, or milestone, on any surface. Those soft-delete to a recycle bin you restore from. The in-app agent is denied every delete, remove, and withdraw tool outright. A small set of leaf deletes (a comment, a tag, a wiki page) are exposed over MCP, each RBAC-checked and audited. The constraint that makes the surface safe for autonomous agents is the same one humans rely on: nothing structural is gone for good.
Stack and compliance
- Frontend
- React, TypeScript, Vite
- Backend
- Node, Express, Prisma. Postgres with an EAV model for custom fields, scoped-subgraph CPM recalculation, Redis.
- Infrastructure
- Azure Container Apps, Azure DNS
- MCP
- Spec-compliant server. OAuth 2.1 + Dynamic Client Registration, PKCE S256, a 401 + WWW-Authenticate envelope, and agent_bootstrap on the initialize handshake.
- Identity
- SAML 2.0, OIDC, SCIM 2.0, validated end-to-end against Microsoft Entra.
- Imports
- MPXJ for .mpp files from Microsoft Project.
Get started
Connect Claude or Cursor
Point your client at https://mcp.onplana.com/mcp. OAuth 2.1 with Dynamic Client Registration, or a scoped personal access token.
Try it in-app
Create a free account, open a project, and click Run-with-Agent. The free plan includes a one-time AI token bonus to try it on real work.
Start freeRead the docs
The tool catalog, the auth flow, the plan-gating model, and the audit format are documented for builders integrating against the API.
Open docsWhat we don't have yet
A ChatGPT App listing is in progress. There is no native mobile app today, the web app is responsive and works on a phone, but a real iOS or Android client is not built yet. A direct connector to the Project Online Project Web App is constrained by Microsoft's API restrictions on that surface, so the current migration path is MPXJ file import with a transformer, not a live PWA sync. These are real gaps, and they are on the roadmap rather than shipped.
Build with us at onplana.com
Not building an integration? See how project managers and executives work with agents inside Onplana on the propose-ratify page.