SupaThings-MCP
SupaThings MCP is a macOS-focused Model Context Protocol (MCP) server that reads structured Things 3 data from the local Things SQLite database, writes/updates/navigates using the official Things URL scheme (things:///), and provides semantic “planning” helpers (heading inference/validation, project summaries, and task placement suggestions). It can optionally perform lightweight AppleScript actions when Apple Events are available.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Designed for local stdio MCP usage; no authentication or scope model is described, so authorization likely relies on OS/user and local Things permissions. Tool actions include writes via official things:/// URL scheme, which is safer than arbitrary mutations, but agents still need careful input validation to avoid unintended item changes. README does not describe logging/secret-handling or data minimization beyond token efficiency; dependency hygiene cannot be verified from provided content.
⚡ Reliability
Best When
You run on macOS with Things 3 installed and want MCP-based agent tooling that combines rich local reads with official Things URL-scheme writes.
Avoid When
You need a web API, want cloud hosting, or require strong multi-user authentication/authorization controls beyond local machine permissions.
Use Cases
- • Let AI agents understand Things 3 project structure (areas, projects, headings, todos, tags, schedules) with compact/structured context.
- • Enable AI agents to safely create and update Things items by delegating mutations to official things:/// URL actions.
- • Support agent planning workflows: suggest or validate headings, summarize projects, and propose task placement.
- • Assist with search and filtering across Things items (including logbook, trash, tag-based searches).
- • Use MCP clients (Codex/Claude Code/Gemini CLI) over stdio to call Things tools programmatically.
Not For
- • Server-side/hosted deployments that cannot access a local Things installation and its SQLite database.
- • Cross-platform usage (designed for macOS).
- • Authentication-requiring, multi-tenant scenarios where per-user access controls are needed.
- • Use cases needing an HTTP REST/SDK interface rather than MCP stdio integration.
Interface
Authentication
No authentication/authorization mechanism is documented. The server appears intended for local use by whatever MCP client runs it on the user’s machine; effective access control is likely the OS user context and Things local installation permissions.
Pricing
No pricing model is provided in the supplied content (npm presence implied).
Agent Metadata
Known Gotchas
- ⚠ Requires macOS + local Things 3 installation and access to local SQLite data.
- ⚠ AppleScript actions depend on Apple Events permissions; when unavailable, those tools fail gracefully (agent should not rely on them).
- ⚠ Recurring template rows are excluded from read queries (agent may not see them).
- ⚠ Adding missing headings to existing projects is constrained by Things capabilities (agent should validate/plan around this).
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for SupaThings-MCP.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.