{"id":"yutakobayashidev-ava","name":"ava","homepage":"https://ava-dusky-gamma.vercel.app","repo_url":"https://github.com/yutakobayashidev/ava","category":"devtools","subcategories":[],"tags":["mcp","slack","oauth2","nextjs","typescript","stripe","task-tracking","observability","ai-agents"],"what_it_does":"Ava is an open-source system that helps teams externalize and share development progress by automatically reporting tasks and status updates to Slack. It provides an MCP-compatible HTTP server (served at /mcp) exposing tools for starting/updating/completing tasks and managing blocked/paused state, with OAuth 2.1 (PKCE) protection for MCP clients. It also includes Slack authentication (OIDC), a web dashboard, and Stripe subscription management (checkout/portal and webhook synchronization).","use_cases":["Automatically report task start/progress/blockers/pauses/resume/completion to Slack threads","Enable AI coding agents (via MCP) to manage development task reporting without manual status updates","Generate daily task summaries for a team using a Slack slash command (/daily-report)","Provide a lightweight dashboard for viewing task status and history","Run a privacy-first progress sharing workflow that avoids sending full code/secret material to Slack"],"not_for":["Use as a general-purpose issue tracker or full project management system","Environments where Slack integration or OAuth/SSO onboarding is not acceptable","Teams requiring a formally published, externally verifiable uptime/SLA for production reliability"],"best_when":"You want AI-assisted, low-friction progress reporting to Slack with an MCP tool interface for agents and you can run and configure the service (DB, Slack app, OpenAI key, Stripe if monetized).","avoid_when":"You need a hosted SaaS with minimal setup, or you cannot expose an HTTPS endpoint with OAuth-protected access and Slack bot permissions.","alternatives":["Self-hosted Slack bot + GitHub webhooks for status updates","Linear/Jira automation plus Slack notifications","MCP-compatible task management tools focused only on agent tool APIs (without Slack/Stripe/dashboard bundling)","Notion/Clubhouse-style daily updates automated via scheduled prompts and Slack webhooks"],"af_score":53.0,"security_score":71.8,"reliability_score":21.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:33:33.239975+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"/mcp","has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":true},"auth":{"methods":["OAuth 2.1 (Authorization Code + PKCE) with dynamic client registration for MCP clients (/api/oauth/register, /oauth/authorize, /api/oauth/token)","Slack OpenID Connect login for user authentication","Slack bot installation (workspace-level bot OAuth flow)","Stripe webhook signature verification for payment events"],"oauth":true,"scopes":true,"notes":"The README describes OAuth 2.1 + PKCE protection for MCP clients and Slack OIDC for user login; Slack bot scopes are explicitly listed. Exact OAuth scope granularity for MCP tools is not fully specified in the provided excerpt."},"pricing":{"model":"Stripe subscription (per month, Japanese yen prici","free_tier_exists":false,"free_tier_limits":null,"paid_tiers":["Basic Plan: 500円/月 (lookup key: basic_monthly)"],"requires_credit_card":true,"estimated_workload_costs":null,"notes":"Pricing is described as Stripe subscription management in the app; specific additional tiers/limits beyond the Basic plan are not shown in the provided excerpt."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":53.0,"security_score":71.8,"reliability_score":21.2,"mcp_server_quality":78.0,"documentation_accuracy":72.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":45.0,"rate_limit_clarity":10.0,"tls_enforcement":80.0,"auth_strength":85.0,"scope_granularity":65.0,"dependency_hygiene":50.0,"secret_handling":70.0,"security_notes":"The design claims privacy-first Slack summaries (not sending full code/secrets/log details) and uses OAuth 2.1 (Authorization Code + PKCE) plus Slack OIDC. Slack signing secret is used for slash command verification and Stripe webhooks are verified by signature. However, the provided excerpt does not include details on TLS requirements enforcement, fine-grained authorization for each MCP tool, secret redaction/logging practices, or dependency/Vuln management status.","uptime_documented":0.0,"version_stability":30.0,"breaking_changes_history":20.0,"error_recovery":35.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["The README recommends allowing self-signed certificates for local development (NODE_TLS_REJECT_UNAUTHORIZED=0), which should not be used in production agent runs.","Agents must complete the OAuth 2.1 + PKCE flow in the browser to gain MCP access; this may be a one-time onboarding friction for automated agent deployments."]}}