Griptonite
FreeNot checkedEnables users to interact with the Griptonite indoor climbing app, allowing them to log climbs, browse routes and grades, and retrieve activity feeds and rankin
About
Enables users to interact with the Griptonite indoor climbing app, allowing them to log climbs, browse routes and grades, and retrieve activity feeds and rankings.
README
An MCP server for Griptonite, the indoor climbing app. Log attempts and sends, browse routes and grades, and pull your climbing log into any MCP client — Claude Desktop, Claude Code, Cursor, and friends. Built in the same spirit as the popular Garmin MCP servers: a thin, auth-aware wrapper around a fitness backend that has no official public API.
Unofficial. Not affiliated with or endorsed by Griptonite / Cascom Ltd. Reverse-engineered from the app's backend for personal use. Respect Griptonite's Terms of Service and don't hammer their API.
What it can do
| Tool | What it does |
|---|---|
auth_status |
Check whether you're signed in and when the token expires |
get_login_url |
Get an OAuth login URL to start the sign-in flow |
list_venues |
Find climbing gyms/venues (optional search) |
list_routes |
List routes/problems, filter by venue and grade |
get_route |
Full detail for one route (e.g. an id from an NFC tag) |
list_grades |
Grade systems Griptonite knows (V-scale, Font, ...) |
get_profile |
A climber profile (defaults to you) |
get_feed |
Recent activity feed (your + crew sends) |
get_notifications |
Your notifications |
list_workouts / list_competitions / list_challenges |
Training + events |
get_gym_rankings |
Leaderboard for the gyms you've joined |
get_world_rankings |
Global ranking across all climbers |
get_competition_rankings |
Standings for a competition |
get_completed_climbs |
Every climb you've sent, with tries |
get_projects |
Climbs you're currently projecting, with tries |
get_all_logs |
All logged entries (sends + attempts) with tries |
log_climb |
Log a send / flash / onsight / attempt / project on a route |
log_attempt |
Shortcut for logging an unsuccessful try |
raw_request |
Call any API path with your token (discovery / wiring) |
list_known_endpoints |
Show the confirmed API surface |
How it works
Griptonite's backend lives at https://api.griptonite.io and is a Django REST
Framework API guarded by OAuth2 (authorization-code, scope appuser). The
endpoint names in config.py were confirmed by probing the live API — paths
that answer 401 Unauthorized exist; 404s don't. Confirmed groups include routes, grades, venues, feed, venues/rankings (gym leaderboards), profiles/rankings (world), and routes/completed / routes/projects / routes/logs (your climbs). Auth follows the app's own
browser login: you sign in once, hand back the code, and the server caches a
bearer token (default ~/.griptonite/token.json, gitignored) and refreshes it
transparently.
Install
git clone https://github.com/<your-username>/griptonite_mcp.git
cd griptonite_mcp
pip install -e . # or: pip install -e ".[dev]" for tests
Requires Python 3.10+.
Authenticate (once)
Griptonite has no public API, so there's no API key to paste. Instead you sign in through the browser once and hand the tool the one-time code, exactly like the mobile app does. Run:
griptonite-auth # or: python -m griptonite_mcp.auth
It prints a login URL. Open it, sign into Griptonite, and copy the code from
the redirect back into the terminal. The token is cached (and auto-refreshed)
from then on, so you only do this once.
Catching the code (important)
After you log in, Griptonite redirects to https://www.griptonite.io/?code=...
— but www.griptonite.io instantly redirects to griptonite.io, and that
redirect strips the ?code out of the address bar. That's expected. Grab the
code from the Network tab instead:
- Open your browser's DevTools (F12) and click the Network tab.
- Tick Preserve log (so redirect entries aren't cleared).
- Log in via the printed URL.
- Filter the list by typing
code, and click the request named?code=...(the request towww.griptonite.io). Its Request URL ishttps://www.griptonite.io/?code=LONGCODE&state=....- No such row? Click the
authorizerequest and read its responselocationheader — the code is there.
- No such row? Click the
- Copy that whole URL (or just the
codevalue) and paste it at the prompt.
The code is single-use and expires in about a minute, so grab it promptly. If
you miss it, just re-run griptonite-auth. The tool detects a stripped/empty
paste and re-prompts with this reminder.
Why not a localhost redirect? The OAuth client is registered to redirect only to
griptonite.io, so the usual "spin up a local server and auto-capture" trick isn't available — hence the one-time manual copy.
Add to Claude Desktop
Add to claude_desktop_config.json (Settings → Developer → Edit Config):
{
"mcpServers": {
"griptonite": {
"command": "python",
"args": ["-m", "griptonite_mcp"]
}
}
}
Then restart Claude Desktop and ask things like "log a V4 flash on route
Wiring the log endpoint
Reads are fully mapped. The write path for logging a climb
(log_climb / log_attempt) is the one piece that couldn't be confirmed
without capturing an authenticated request, because the mobile app doesn't
expose it publicly. The server's default is POST /routes/log — the singular /routes/log path
is confirmed to exist — with the route id sent in the body. That's still a best
guess until someone captures the real request; it's trivial to correct:
- Sign into Griptonite in a browser or proxy the app (Charles / mitmproxy / browser DevTools → Network).
- Log a climb in the app and find the request it fires.
- Set the real path and, if needed, adjust the JSON field names:
For field names, tweak theexport GRIPTONITE_LOG_ENDPOINT="/routes/log" # or the real path you capturedpayloaddict inlog_climb(server.py) or thelog_climbmethod inclient.py. - Meanwhile you can experiment live with the
raw_requesttool, e.g.raw_request("POST", "/routes/123/ticks", body={...}).
Example prompts
Once it's wired into your MCP client, try:
- "What have I sent at my home gym this month, and how many tries did each take?"
- "Show my current projects ordered by number of attempts."
- "Where do I rank in my gym right now? And globally?"
- "Log a V4 flash on route
<id>." - "Find blue V3–V5 routes at venue
<id>I haven't tried yet."
Configuration
All optional; sensible defaults are baked in. Copy .env.example to .env.
| Variable | Default | Purpose |
|---|---|---|
GRIPTONITE_CLIENT_ID |
(discovered) | OAuth client id |
GRIPTONITE_REDIRECT_URI |
https://www.griptonite.io/ |
OAuth redirect |
GRIPTONITE_API_BASE |
https://api.griptonite.io |
API base URL |
GRIPTONITE_TOKEN_PATH |
~/.griptonite/token.json |
Token cache location |
GRIPTONITE_LOG_ENDPOINT |
/routes/log |
Climb-log write path |
Develop
pip install -e ".[dev]"
pytest # unit tests (no network / creds needed)
python scripts/discover_endpoints.py # re-probe the live API surface
Project layout
griptonite_mcp/
config.py # env-driven settings + confirmed endpoint constants
auth.py # OAuth2 auth-code flow, PKCE, token cache, refresh
client.py # async httpx client with 401-refresh-retry
server.py # FastMCP server + tool definitions
scripts/
discover_endpoints.py # re-map the API surface
tests/
test_client.py # request building, error handling, auth URL
Contributing
Issues and PRs welcome — especially confirming API endpoints/payloads. See CONTRIBUTING.md and the CHANGELOG.
Disclaimer
This is an unofficial, community project and is not affiliated with, endorsed by, or supported by Griptonite / Cascom Ltd. It talks to the same backend the official app uses, discovered by observing public network behaviour. Use it for your own data, respect Griptonite's Terms, and don't hammer the API. If Griptonite ships an official API, prefer that.
License
MIT — see LICENSE.
Install Griptonite in Claude Desktop, Claude Code & Cursor
unyly install griptonite-mcpInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add griptonite-mcp -- uvx --from git+https://github.com/mcarch-drdoof/griptonite_mcp griptonite-mcpFAQ
Is Griptonite MCP free?
Yes, Griptonite MCP is free — one-click install via Unyly at no cost.
Does Griptonite need an API key?
No, Griptonite runs without API keys or environment variables.
Is Griptonite hosted or self-hosted?
A hosted option is available: Unyly runs the server in the cloud, no local setup required.
How do I install Griptonite in Claude Desktop, Claude Code or Cursor?
Open Griptonite on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare Griptonite with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
