How do I install Oura?

Oura is a local plugin. Install it using npm package: oura-mcp-unofficial and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Oura need?

Oura requires the following credentials or environment variables: OURA_CLIENT_ID, OURA_CLIENT_SECRET, OURA_REDIRECT_URI, OURA_TOKEN_PATH, OURA_PRIVACY_MODE, OURA_CACHE, OURA_CACHE_PATH. You can find setup instructions on the server detail page.

What AI apps work with Oura?

Oura uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Oura MCP Server

by davidmosiah

Developer ToolsModerate5.2LocalNew

Free

Privacy-first, unofficial Oura MCP server for AI health, sleep, activity and heart-rate agents.

About

Privacy-first, unofficial Oura MCP server for AI health, sleep, activity and heart-rate agents.

Security Report

5.2

Moderate5.2Moderate Risk

This is a well-designed OAuth-based MCP server for personal Oura health data with strong privacy and security practices. OAuth tokens are stored securely with restricted permissions, never logged or returned to the client, and the server defaults to privacy-preserving modes. Minor findings include broad exception handling and a low-severity local file permission issue on Windows, but these do not materially impact security posture. Permissions (file_read, file_write, env_vars, network_http) are appropriately scoped to the server's purpose. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.

5 files analyzed · 7 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

File System Read

Reads files on your machine. Normal for tools that analyze or process local data.

File System Write

Writes or modifies files on your machine. Check that this is expected for the tool.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

What You'll Need

Set these up before or after installing:

Oura OAuth client ID. Optional when configured with oura-mcp-server setup.Optional

Environment variable: OURA_CLIENT_ID

Oura OAuth client secret. Prefer oura-mcp-server setup so this secret is stored in ~/.oura-mcp/config.json instead of MCP client config.Required

Environment variable: OURA_CLIENT_SECRET

Redirect URI configured in the Oura Developer Dashboard. Optional when configured with oura-mcp-server setup.Optional

Environment variable: OURA_REDIRECT_URI

Optional local path for OAuth tokens. Defaults to ~/.oura-mcp/tokens.json.Optional

Environment variable: OURA_TOKEN_PATH

Optional payload mode: summary, structured, or raw. Defaults to structured. raw means full Oura API payloads, not continuous 24/7 raw sensor telemetry.Optional

Environment variable: OURA_PRIVACY_MODE

Optional SQLite cache toggle. Set to true or sqlite to enable.Optional

Environment variable: OURA_CACHE

Optional local SQLite cache path. Defaults to ~/.oura-mcp/cache.sqlite.Optional

Environment variable: OURA_CACHE_PATH

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-davidmosiah-ouramcp": {
      "env": {
        "OURA_CACHE": "your-oura-cache-here",
        "OURA_CLIENT_ID": "your-oura-client-id-here",
        "OURA_CACHE_PATH": "your-oura-cache-path-here",
        "OURA_TOKEN_PATH": "your-oura-token-path-here",
        "OURA_PRIVACY_MODE": "your-oura-privacy-mode-here",
        "OURA_REDIRECT_URI": "your-oura-redirect-uri-here",
        "OURA_CLIENT_SECRET": "your-oura-client-secret-here"
      },
      "args": [
        "-y",
        "oura-mcp-unofficial"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

oura-mcp-server

Local-first MCP server that connects AI agents to your Oura Ring readiness, sleep, activity and HRV data.

Unofficial project. Not affiliated with, endorsed by or supported by Ōura Health Oy. Oura is a trademark of its respective owner. Use this only with your own Oura account and in line with the Oura Cloud API terms.

Built by David Mosiah for people who use Claude, Cursor, Hermes, OpenClaw or other MCP-compatible agents to think about readiness, sleep and recovery — without copy-pasting numbers from the Oura app.

Part of Delx Wellness, a registry of local-first wellness MCP connectors.

Why this exists

Oura Ring produces some of the most refined personal health signals — readiness scores, sleep stages, HRV, daily activity, SpO2, body temperature trends. But it lives behind an OAuth API with per-scope authorization, and the data is split across multiple endpoints (daily readiness vs. detailed sleep periods vs. heart-rate streams).

This package handles the OAuth dance locally, normalizes responses across endpoints, and exposes Oura through the Model Context Protocol. Tokens never leave your machine. Privacy-mode defaults keep raw payloads opt-in.

Setup in 60 seconds

You'll need an Oura app (create one here) with redirect URI http://127.0.0.1:3000/callback.

npx -y oura-mcp-unofficial setup    # interactive: paste client id + secret
npx -y oura-mcp-unofficial auth     # opens browser, captures the OAuth code
npx -y oura-mcp-unofficial doctor   # verifies you're ready

Recommended scopes:

daily heartrate personal sleep workout spo2

Then add this to your MCP client config:

{
  "mcpServers": {
    "oura": {
      "command": "npx",
      "args": ["-y", "oura-mcp-unofficial"]
    }
  }
}

For Claude Desktop, run setup --client claude and the snippet is written for you.

Try it with your agent

Three things to ask first:

Use oura_connection_status to check setup, then run oura_daily_summary.
Give me a 5-line operating brief for today.

Call oura_weekly_summary with response_format=json. Identify my biggest
readiness/sleep bottleneck and give me a next-week plan.

Use the oura_daily_checkin prompt, focus=sleep.
Don't claim Oura can prove anything it can't.

Data availability

This package uses the official Oura Cloud API v2. When this README says raw, it means the upstream Oura JSON for a supported endpoint — not raw device sensor streams.

Data	Available	Notes
Daily readiness score + contributors	✓	Requires `daily` scope
Daily sleep score + sleep periods	✓	Requires `daily` and/or `sleep` scope
Sleep stages + timing	✓	When Oura returns scored sleep
Daily activity (steps, calories, MET)	✓	Requires `daily` scope
Heart-rate time series	✓	When ring/membership/scope expose it
HRV (overnight, via daily summaries)	✓	Surfaced through readiness contributors
SpO2 (daily averages during sleep)	✓	Requires `spo2` scope; supported devices
Workouts + sessions + tags	✓	Requires `workout`/`session`/`tag` scopes
Personal info (DOB, sex, height, weight)	✓	Requires `personal` scope
Continuous sensor telemetry	—	Not exposed by Oura Cloud API

Tools

Start with these:

oura_connection_status — verify local setup before calling Oura
oura_daily_summary — readiness, sleep, activity and SpO2 brief for today
oura_weekly_summary — scorecard, comparison vs prior week, next-week plan

Auth & diagnostics

oura_capabilities, oura_agent_manifest, oura_privacy_audit, oura_cache_status
oura_get_auth_url, oura_exchange_code, oura_revoke_access

Profile

oura_get_personal_info

Daily collections (paginated, with after/before filters and privacy-mode override)

oura_list_daily_readiness, oura_list_daily_sleep, oura_list_daily_activity, oura_list_daily_spo2

Detailed collections

oura_list_sleep, oura_list_workouts, oura_list_heartrate, oura_list_sessions, oura_list_tags

Prompts

oura_daily_checkin — practical daily health and readiness check-in
oura_weekly_review — review trends across activity, sleep and heart context
oura_heart_context_investigation — investigate heart-rate records (privacy-aware)

Resources

oura://capabilities, oura://agent-manifest
oura://personal-info
oura://latest/readiness
oura://summary/daily, oura://summary/weekly

Privacy & security

OAuth tokens are stored in ~/.oura-mcp/tokens.json with 0600 permissions and are never returned by tools.
The server never prints access or refresh tokens.
OURA_PRIVACY_MODE defaults to structured. Raw Oura JSON is opt-in via raw mode or per-call override.
Personal info (DOB, sex, height, weight) is only accessible when the user grants the personal scope.
The MCP client never sees access or refresh tokens.
This is not medical advice. The server exposes user-authorized data for personal AI workflows, not diagnosis or treatment.

Configuration

setup writes most of these into ~/.oura-mcp/config.json (0600). Manual env override is supported:

OURA_CLIENT_ID=…
OURA_CLIENT_SECRET=…
OURA_REDIRECT_URI=http://127.0.0.1:3000/callback

# Optional
OURA_SCOPES="daily heartrate personal sleep workout spo2"
OURA_PRIVACY_MODE=structured        # summary | structured | raw
OURA_CACHE=sqlite                   # optional read-through cache
OURA_TOKEN_PATH=~/.oura-mcp/tokens.json
OURA_CACHE_PATH=~/.oura-mcp/cache.sqlite

Hermes / remote setup

npx -y oura-mcp-unofficial setup --client hermes --no-auth
npx -y oura-mcp-unofficial auth                      # run locally if browser auth is needed
npx -y oura-mcp-unofficial doctor --client hermes
hermes mcp test oura

After Hermes config changes, use /reload-mcp or hermes mcp test oura. Don't restart the gateway for normal data access.

If browser OAuth has to happen on a different machine than Hermes, run auth locally and copy ~/.oura-mcp/tokens.json to the server with chmod 600.

Requirements

Node.js 20+
An Oura app at https://cloud.ouraring.com/oauth/applications with redirect URI http://127.0.0.1:3000/callback

Development

git clone https://github.com/davidmosiah/ouramcp.git
cd ouramcp
npm install
npm test
npm run build

Test with MCP Inspector:

npx @modelcontextprotocol/inspector node dist/index.js

License

MIT — see LICENSE.

Disclaimer

This software is provided as-is. It is not a medical device, does not provide medical advice, and should not be used for diagnosis or treatment. Always consult qualified professionals for medical concerns.