Doramagic Project Pack · Human Manual
notion-mcp-server
Official Notion MCP Server
Project Overview & System Architecture
Related topics: Installation, Configuration & Deployment, Tools, API Surface & v2.0 Data Source Migration
Continue reading this section for the full explanation and source context.
Related Pages
Related topics: Installation, Configuration & Deployment, Tools, API Surface & v2.0 Data Source Migration
Project Overview & System Architecture
Purpose and Scope
The Notion MCP Server is an implementation of a Model Context Protocol (MCP) server that exposes the official Notion API as a set of MCP tools consumable by AI agents such as Claude, Cursor, Zed, and other MCP-compatible clients. The project is distributed as the npm package @notionhq/notion-mcp-server (currently at version 2.3.1 per package.json) and is offered under the MIT license. Source: package.json
Rather than hardcoding individual tool definitions, the server takes a spec-driven approach: an OpenAPI document (scripts/notion-openapi.json) is the single source of truth, and tools are generated at runtime from its paths and operations. This pattern means that adding or modifying Notion API endpoints only requires changes to the OpenAPI spec — no source code updates are needed. Source: CLAUDE.md
Note on maintenance: The README explicitly states that the team is prioritizing the newer, remote-hosted Notion MCP (with OAuth and Markdown-friendly editing tools) and may sunset this local server in the future. This repository is still functional and is the subject of this wiki, but issue/PR activity is limited. Source: README.md
High-Level Architecture
The system is composed of three cooperating layers: an OpenAPI specification, a tool-conversion engine, and an MCP server proxy that handles transport and request dispatch. The flow is summarized in the diagram below.
flowchart TD
A[scripts/notion-openapi.json<br/>OpenAPI spec] -->|loaded & validated| B[src/init-server.ts<br/>MCPProxy factory]
B --> C[OpenAPIToMCPConverter<br/>src/openapi-mcp-server/openapi/parser.ts]
C -->|convertToMCPTools| D[MCPProxy<br/>src/openapi-mcp-server/mcp/proxy.ts]
D -->|ListTools / CallTool handlers| E[MCP Client<br/>Claude, Cursor, etc.]
D -->|HttpClient.executeOperation| F[Notion REST API]
G[Auth template<br/>src/openapi-mcp-server/auth] -->|headers| FComponent responsibilities:
scripts/notion-openapi.json— Defines every Notion API path, operation, parameter, request body, and response schema. The current spec targets the2025-09-03Notion API version, which promoted data sources to the primary abstraction (replacing the old "database" model in v2.0.0). Source: README.mdOpenAPIToMCPConverter(src/openapi-mcp-server/openapi/parser.ts) — Walks every path/operation in the spec and produces a corresponding MCP tool. Each tool'snameis the OpenAPIoperationId(e.g.,retrieve-a-database); itsinputSchemais a JSON Schema derived from the operation's parameters and request body; itsreturnSchemamirrors the response. The converter also exposesconvertToAnthropicTools()andconvertToOpenAITools()for clients that consume those vendor-specific tool shapes. Source: src/openapi-mcp-server/openapi/parser.tsMCPProxy(src/openapi-mcp-server/mcp/proxy.ts) — Wraps the official@modelcontextprotocol/sdkServer, registers each generated tool, and wires up theListTools/CallToolrequest handlers. It annotates tools withreadOnlyHintordestructiveHint, attaches a human-readable title (e.g.,Retrieve A Database), and serializes the HTTP response back to MCPtextcontent. Source: src/openapi-mcp-server/mcp/proxy.ts- Auth layer (
src/openapi-mcp-server/auth/) — Provides types (AuthTemplate,SecurityScheme,Server,TemplateContext) and a Mustache-based renderer (renderAuthTemplate) that substitutes{{args.NOTION_TOKEN}}-style placeholders into the OpenAPI's security scheme at startup. Source: src/openapi-mcp-server/auth/types.ts, src/openapi-mcp-server/auth/template.ts
Tool Generation and Naming Conventions
Tools are produced through a deterministic pipeline that the maintainers describe as the "key pattern" of the codebase. Source: CLAUDE.md
OpenAPIToMCPConverter.convertToMCPTools()iterates overpathsand, for every HTTP operation that matchesisOperation, callsconvertOperationToJsonSchemato merge path/query parameters with the JSON-derived request body into a single object schema.- The resulting
NewToolMethod(name,description,inputSchema, optionalreturnSchema) is appended to the tool list. MCPProxy.setupHandlers()registers the tool with the MCP SDK and attaches an annotation block:readOnlyHintis set for safe operations anddestructiveHintfor mutating ones, whileoperationIdToTitleconverts camelCase identifiers (e.g.,createDatabase) into a display title ("Create Database"). Tool names longer than 64 characters are truncated to comply with MCP limits. Source: src/openapi-mcp-server/mcp/proxy.ts
After the v2.0.0 migration to the 2025-09-03 API, the canonical tool surface is 22 tools. Three legacy database tools were renamed: post-database-query → query-data-source, update-a-database → update-a-data-source, and create-a-database → create-a-data-source, with the database_id parameter renamed to data_source_id. Source: README.md
Configuration, Transports, and Known Quirks
The server is launched via the notion-mcp-server binary defined in package.json and supports two authentication mechanisms, both expressed through environment variables. Source: README.md, package.json
| Variable | Purpose | Example |
|---|---|---|
NOTION_TOKEN | Direct integration token; injected as a Bearer credential (recommended). | ntn_**** |
OPENAPI_MCP_HEADERS | Pre-rendered JSON object of headers, useful for advanced setups (e.g., pinning Notion-Version). | {"Authorization": "Bearer ntn_****", "Notion-Version": "2025-09-03"} |
The server also supports both stdio (default for local clients) and HTTP/SSE transports (the 3000/mcp endpoint), and can be run from a local checkout using npx -y --prefix /path/to/local/notion-mcp-server @notionhq/notion-mcp-server for development. Source: README.md
A few community-reported behaviors are worth knowing:
- Double-serialized parameters. Some MCP clients (notably Cursor and Claude Code) send nested object arguments as JSON strings rather than objects. The proxy mitigates this with a
deserializeParamsstep that walks each parameter and re-parses stringified JSON before dispatch, which unblocks affected clients. Source: src/openapi-mcp-server/mcp/proxy.ts - Inline comment retrieval. The
notion-get-commentstool surfaces apage_idparameter, but inline discussions are technically scoped to ablock_id; users needing true inline comments must adapt their workflows. Source: community issue #175 - Guest users are blocked upstream. OAuth-based connections refuse accounts that are workspace guests; this is a Notion API limitation, not a server bug. Source: community issue #227
- Client compatibility. Some clients (e.g., early Gemini CLI builds) have been reported to fail when registering the server; users typically resolve this by ensuring the client targets a recent MCP SDK version. Source: community issue #69
See Also
- Installation & client configuration guide (see README "Installation" section)
- v2.0.0 data source migration notes
- OpenAPI-driven tool generation pattern
- Known community issues and workarounds
Source: https://github.com/makenotion/notion-mcp-server / Human Manual
Installation, Configuration & Deployment
Related topics: Project Overview & System Architecture, Known Issues, Limitations & Community Workarounds
Continue reading this section for the full explanation and source context.
Continue reading this section for the full explanation and source context.
Continue reading this section for the full explanation and source context.
Continue reading this section for the full explanation and source context.
Related Pages
Related topics: Project Overview & System Architecture, Known Issues, Limitations & Community Workarounds
Installation, Configuration & Deployment
Overview
The notion-mcp-server is an MCP (Model Context Protocol) server that exposes the Notion API as a set of MCP tools. It is published as the npm package @notionhq/notion-mcp-server (currently at v2.3.1 per package.json) and ships with a CLI binary notion-mcp-server. The server is generated from a single OpenAPI source-of-truth document — scripts/notion-openapi.json — so configuration and deployment largely revolve around (1) obtaining a Notion integration token, (2) wiring that token into an MCP client, and (3) selecting a transport mode. Source: README.md and CLAUDE.md.
[!NOTE]
The README explicitly states that the maintainers are prioritizing the remote "Notion MCP" offering, and this local MCP server repository may be sunset in the future. Issues against the remote service should be filed with Notion support rather than this repository. Source: README.md.
Prerequisites & Notion-Side Setup
Before installing the server, you must create an internal Notion integration and grant it access to the pages you want the LLM to read or modify.
- Visit
https://www.notion.so/profile/integrationsand create a new internal integration or reuse an existing one. - Copy the secret token (format
ntn_**). Optionally scope the integration to Read content** only for a read-only deployment. - Connect pages/databases to the integration via the Access tab, or by opening a page → ⋯ → Connect to integration.
Source: README.md. Community issue #227 reports that guest users are blocked from connecting — they receive *"You are a guest, so you cannot connect to Notion MCP"*. Workspace owners must upgrade guest accounts to full members before the token will work.
Installation Methods
npm (recommended)
The package can be launched on-demand via npx or installed as a global binary:
npx -y @notionhq/notion-mcp-server
A global install exposes the notion-mcp-server executable declared in package.json:
"bin": { "notion-mcp-server": "bin/cli.mjs" }
Source: package.json.
Local development install
For contributors, the workflow described in README.md is:
npm install
npm run build # tsc -build && node scripts/build-cli.js
npm test # NODE_ENV=test vitest run
npm link # create global symlink for local MCP-client testing
Source: package.json and README.md. The CLAUDE.md file confirms that the architecture flows from scripts/notion-openapi.json → src/init-server.ts → src/openapi-mcp-server/openapi/parser.ts → src/openapi-mcp-server/mcp/proxy.ts → src/openapi-mcp-server/client/http-client.ts. Source: CLAUDE.md.
Configuration
The server reads authentication configuration from environment variables and optionally a custom OpenAPI header template. The following table summarizes every supported configuration knob:
| Option | Purpose | Example / Default | Source |
|---|---|---|---|
NOTION_TOKEN | Notion integration token (recommended) | ntn_**** | README.md |
OPENAPI_MCP_HEADERS | JSON string of arbitrary HTTP headers (advanced) — useful for setting Notion-Version or proxy auth | {"Authorization":"Bearer ntn_****","Notion-Version":"2025-09-03"} | README.md |
| Auth template URL/method/headers/body | Mustache-rendered from OpenAPI securitySchemes | Rendered via renderAuthTemplate() | src/openapi-mcp-server/auth/template.ts |
SecurityScheme (tokenUrl, etc.) | OAuth2 token endpoint descriptors | Defined in types.ts | src/openapi-mcp-server/auth/types.ts |
| Transport (stdio / SSE / streamable HTTP) | command-based stdio for local clients, http://host:3000/mcp for SSE/HTTP | Default stdio when invoked via npx | README.md |
[!NOTE]
Community issue #69 reports compatibility problems when wiring the server into Gemini-CLI. UsingOPENAPI_MCP_HEADERSinstead ofNOTION_TOKENis one workaround when an MCP client forwards headers differently than expected. Source: README.md.
Cursor / Claude Desktop configuration
Add the following to .cursor/mcp.json or ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"notionApi": {
"command": "npx",
"args": ["-y", "@notionhq/notion-mcp-server"],
"env": {
"NOTION_TOKEN": "ntn_****"
}
}
}
}
For Zed, the equivalent key is context_servers inside settings.json. Source: README.md.
Tool annotations and JSON deserialization
The MCPProxy.setupHandlers() method in src/openapi-mcp-server/mcp/proxy.ts enriches each auto-generated tool with annotations such as readOnlyHint or destructiveHint, and a human-friendly title derived from the OpenAPI operationId. Source: src/openapi-mcp-server/mcp/proxy.ts. This corresponds to the v2.1.0 release notes that introduced *"tool annotations for improved LLM tool understanding"*.
The same handler runs a deserializeParams() pass before executing each tool call. This is a defensive fix for MCP clients that double-serialize nested JSON parameters (referenced as issue #176 in source comments). Source: src/openapi-mcp-server/mcp/proxy.ts.
Deployment Modes
Local stdio (default)
The simplest deployment: the MCP client spawns the server as a subprocess over stdio. No network exposure is required. This is the mode used by npx -y @notionhq/notion-mcp-server and matches the command/args JSON in client configs. Source: README.md.
SSE / Streamable HTTP (hosted)
The README documents running the server behind an Express endpoint at http://<host>:3000/mcp. The express and node-fetch dependencies in package.json support this transport. Use this mode when multiple clients share a single server instance or when the client cannot spawn local processes. Source: README.md.
Custom OpenAPI builds
Because every tool is derived from scripts/notion-openapi.json, deployments that need to expose additional endpoints (or hide existing ones) only need to modify that file — no source changes are required. The OpenAPIToMCPConverter in src/openapi-mcp-server/openapi/parser.ts walks every path/operation and converts it to an MCP tool named after operationId. Notable behaviors include:
format: binaryparameters are automatically rewritten asformat: uri-referencewith the description *"absolute paths to local files"*. Source: src/openapi-mcp-server/openapi/parser.ts. Community issue #191 tracks the related feature request for local file uploads.- Tool names longer than 64 characters are truncated; display titles are produced by
operationIdToTitle(). Source: src/openapi-mcp-server/mcp/proxy.ts. - Inline schemas with
oneOf/constdiscriminators are preserved so that the Notion-2025-09-03 *data-source* parents (which replaceddatabase_idparents in v2.0.0) are correctly described to the LLM. Source: src/openapi-mcp-server/openapi/parser.ts and README.md.
Common Failure Modes
guestusers blocked — see issue #227; upgrade the account to a workspace member.notion-get-commentsreturns no inline discussions — the OpenAPI spec parameter is namedblock_ideven though the MCP tool surfaces it aspage_id(issue #175). Document this discrepancy when prompting the LLM to fetch inline comments.- No
database_idparameter on query/update tools — v2.0.0 removed these in favor ofdata_source_id. Update any hardcoded prompts to usequery-data-source/update-a-data-source. Source: README.md. - Nested JSON arrives as escaped strings — should already be handled by
deserializeParams()in the proxy. Source: src/openapi-mcp-server/mcp/proxy.ts.
See Also
- Architecture & Tool Generation
- OpenAPI to MCP Conversion Reference
- Authentication & OAuth Flows
- Troubleshooting & FAQ
Source: https://github.com/makenotion/notion-mcp-server / Human Manual
Tools, API Surface & v2.0 Data Source Migration
Related topics: Project Overview & System Architecture, Known Issues, Limitations & Community Workarounds
Continue reading this section for the full explanation and source context.
Related Pages
Related topics: Project Overview & System Architecture, Known Issues, Limitations & Community Workarounds
Tools, API Surface & v2.0 Data Source Migration
Overview
The Notion MCP Server exposes the Notion API as a set of discoverable MCP tools. Every tool the server advertises is generated automatically from a single source of truth: the OpenAPI specification checked in at scripts/notion-openapi.json. As stated in CLAUDE.md, "Tools are auto-generated from the spec - no code changes needed elsewhere" when adding new endpoints.
The current published release is v2.3.1 per package.json, and v2.0.0 introduced a breaking migration to Notion's API version 2025-09-03, which elevated data sources to the primary abstraction for databases. As a result, the public tool surface changed from 19 tools (v1.x) to 22 tools (v2.0+) according to README.md.
Note from maintainers (README.md): A remote "Notion MCP" with OAuth and Markdown-aware editing has been introduced. Active support is being prioritized on the remote server, and this local repository may be sunset in the future.
Tool Generation Pipeline
Tools are produced by walking the OpenAPI document and converting each operation into an MCP tool definition. The conversion logic lives in OpenAPIToMCPConverter, which exposes three output formats via convertToMCPTools(), convertToOpenAITools(), and convertToAnthropicTools().
flowchart LR
A[scripts/notion-openapi.json] --> B[OpenAPIToMCPConverter]
B --> C[Tool definitions<br/>inputSchema + returnSchema]
C --> D[MCPProxy.setupHandlers]
D --> E[MCP ListTools response]
E --> F[CallToolRequest dispatch]
F --> G[HttpClient → Notion API]Key behaviors from parser.ts:
- Name source: Tool names come from the OpenAPI
operationId(e.g.,retrieve-a-database). - Schema generation:
convertOperationToJsonSchema()merges path/query/header parameters and the JSONrequestBodyinto a singleinputSchemawith a$defssection built fromcomponents.schemas. - Binary handling: Any
format: binaryschema is rewritten toformat: uri-referencewith a description noting "absolute paths to local files", anticipating local file uploads. - Reference resolution:
$refvalues are resolved recursively with cycle detection; unresolved references fall back to a$defspointer and a description.
Registration is handled in proxy.ts inside MCPProxy.setupHandlers():
- Naming: Each tool is exposed as
${apiName}-${method.name}and truncated to 64 characters for display. - Annotations: Read/write hints are derived from the HTTP verb:
GEToperations are markedreadOnlyHint: true; all other methods are markeddestructiveHint: true. A human-readabletitleis generated viaoperationIdToTitle(). - Parameter tolerance:
deserializeParams()(added in v2.1.0 per the release notes) auto-parses stringified JSON values to handle MCP clients that double-serialize nested objects — a fix tracked under issue #176 referenced in the proxy source.
v2.0 Data Source Migration
The v2.0 release aligns the MCP tool surface with Notion's new data source model. The following table summarizes the breaking changes documented in README.md:
| Category | Change |
|---|---|
| Removed tools | post-database-query, update-a-database, create-a-database |
| New tools | query-data-source, retrieve-a-data-source, update-a-data-source, create-a-data-source, list-data-source-templates, move-page, retrieve-a-database |
| Parameter renames | database_id → data_source_id for query/update operations |
| Search filter | ["page", "database"] → ["page", "data_source"] |
| Page parents | New page_id and database_id parents are both accepted |
| Tool count | 19 → 22 |
The README also notes: "retrieve-a-database is still available and returns database metadata including the list of data source IDs. Use retrieve-a-data-source to get the schema and properties of a specific data source." This addresses community issue #87, where users reported the inability to query a Notion database with structured filters and sorts; query-data-source now fills that gap.
Migration impact: No client code changes are required because MCP tools are discovered dynamically on server start. Users that hardcoded tool names in prompts or scripts need only the renames listed above.
Known Limitations & Community-Reported Issues
Several recurring community threads shape the practical boundaries of the current API surface:
- Inline comment retrieval (#175): The
notion-get-commentstool exposespage_id, but the Notion API requiresblock_idfor inline discussions. This is a parameter-shape mismatch in the underlying OpenAPI definition that the auto-generator faithfully propagates. - Local file uploads (#191): Although the parser pre-rewrites
binaryfields touri-reference, end-to-end support for uploading local image and file paths through the MCP tool surface is still an open feature request. - Guest user access (#227): Guests cannot connect to the Notion MCP via OAuth. This is a workspace-level restriction on the Notion side rather than a server bug, but it materially affects freelancers and contractors.
- Client compatibility (#69): Gemini-CLI users have reported errors when registering the Notion MCP. Such failures are typically mitigated by ensuring the
NOTION_TOKEN(orOPENAPI_MCP_HEADERS) environment variable is set and that the client supports the server's transport, as documented in README.md.
When troubleshooting, the HttpClient and auth types modules govern request construction, header injection, and security scheme templating, so issues with missing headers or authentication almost always trace back to environment configuration rather than the generated tools themselves.
See Also
- README.md — Installation, configuration, and v2.0 migration guide
- CLAUDE.md — Architecture overview and contributor guidance
- Notion MCP remote server announcement — OAuth-based successor recommended by maintainers
- Notion API reference — Underlying REST API surface
Source: https://github.com/makenotion/notion-mcp-server / Human Manual
Known Issues, Limitations & Community Workarounds
Related topics: Installation, Configuration & Deployment, Tools, API Surface & v2.0 Data Source Migration
Continue reading this section for the full explanation and source context.
Related Pages
Related topics: Installation, Configuration & Deployment, Tools, API Surface & v2.0 Data Source Migration
Known Issues, Limitations & Community Workarounds
Overview
This page catalogs the most prominent limitations, defects, and workarounds reported both in the source code and in community discussions around the notion-mcp-server project. It is intended as a quick reference for integrators and contributors who need to understand why certain Notion API behaviors cannot be performed through the local MCP server, and which community-reported issues have been mitigated versus which remain open.
A critical piece of context: the local notion-mcp-server repository is in maintenance mode. The README explicitly states that the team is "prioritizing, and only providing active support for, Notion MCP (remote)" and that this local repository "may [be] sunset in the future." Source: README.md:1-15. Issues filed against this repository may therefore be addressed only in the remote product.
Project Status & Deprecation Notice
The project's primary distribution (@notionhq/notion-mcp-server v2.3.1 per package.json) still ships, but the README warns users to migrate to the remote Notion MCP for OAuth-based installation and AI-agent-optimized tools. Source: package.json:2-22, README.md:1-15. The implication for issue triage is significant: many "bugs" reported against the local server (e.g. #69 Gemini-CLI errors, #227 guest-user lockout) stem from differences between the local stdio/HTTP server and the remote product, and the maintainers redirect users to Notion support for them.
Version 2.0.0 Breaking Changes (Data Source Migration)
The largest cluster of breaking changes in the project's history accompanies the migration to the Notion API 2025-09-03 version, which promotes data sources as the primary database abstraction. Source: README.md:23-58.
Three legacy tools were removed, and three parameters changed. The table below summarizes the migration path and the only configuration action an integrator must take:
| Old Tool (v1.x) | New Tool (v2.0) | Parameter Change |
|---|---|---|
post-database-query | query-data-source | database_id → data_source_id |
update-a-database | update-a-data-source | database_id → data_source_id |
create-a-database | create-a-data-source | Uses parent.page_id |
retrieve-a-database remains available and returns metadata including the list of data source IDs; integrators should chain it with retrieve-a-data-source to obtain the schema of a specific source. Source: README.md:54-58. The total tool count moved from 19 to 22. Because the OpenAPI spec (scripts/notion-openapi.json) is the single source of truth and the converter generates MCP tools dynamically, no manual code edits are required during migration. Source: CLAUDE.md:5-23.
Tool-Generation & Bug-Mitigation Pipeline
The architecture surfaces bugs quickly because tools are not hand-written — they are auto-derived from the OpenAPI document. Source: CLAUDE.md:13-23.
flowchart LR
A[scripts/notion-openapi.json] --> B[src/init-server.ts]
B --> C[OpenAPIToMCPConverter]
C --> D[MCPProxy.setupHandlers]
D --> E[Tool Registration]
F[MCP Client Request] --> G[deserializeParams]
G --> H[HttpClient.executeOperation]
H --> I[Notion API]Two notable mitigations are visible in this pipeline:
- Tool annotations: Released in v2.1.0 (PR #169), each tool now exposes
readOnlyHintordestructiveHintplus a human-friendlytitlederived from theoperationId, helping LLMs avoid destructive operations. Source: src/openapi-mcp-server/mcp/proxy.ts:1-40. - Double-serialization workaround: Some MCP clients (Cursor, Claude Code) pre-serialize nested object parameters as JSON strings, producing invalid requests.
deserializeParamsrecursively detects JSON-shaped strings and parses them before forwarding to the HTTP client. Source: src/openapi-mcp-server/mcp/proxy.ts:42-80. This resolves the bug described in community issue #176.
Community-Reported Limitations
Several limitations recur in the community and cannot be fully fixed inside the local server:
- Local file upload is unsupported (issue #191, 12 comments). The OpenAPI parser maps
format: binaryparameters toformat: uri-referenceand rewords the description to "absolute paths to local files," but the actual file-upload endpoint behavior depends on the upstream Notion API. Source: src/openapi-mcp-server/openapi/parser.ts:24-58. - Guest users are blocked (issue #227). OAuth-based flows reject guest accounts with the message "You are a guest, so you cannot connect to Notion MCP." This is enforced by the upstream Notion API, not the local server, and the recommended workaround is to request a member upgrade from the workspace owner.
- Gemini-CLI incompatibility (issue #69, 21 comments). Google's Gemini CLI does not negotiate the same MCP handshake that Claude/Cursor use, producing transport errors. The maintainer position is to use a client that supports the standard MCP protocol, or migrate to the remote Notion MCP. Source: README.md:1-15.
notion-get-commentsparameter mismatch (issue #175, 7 comments). The tool exposespage_ideven though inline discussions are scoped to ablock_id. The OpenAPI spec labels the field generically ("Identifier for a Notion block or page") which confuses LLMs. Source: src/openapi-mcp-server/openapi/parser.ts:60-105. Workaround: pass the block UUID directly.- No first-class database query tool (issue #87, 5 comments). The
searchtool returns only a flat result set and cannot filter by property values such as priority or status. The community workaround is to callretrieve-a-data-sourceto fetch the schema, then iteratequery-data-sourcewith compound filters. Source: README.md:54-58.
Configuration & Compatibility Workarounds
For the local server, two environment-variable strategies are documented and both must be set in the MCP client config. Source: README.md:80-130.
- Recommended — set
NOTION_TOKENto the integration secret (e.g.ntn_****). - Advanced — set
OPENAPI_MCP_HEADERSto a JSON string containingAuthorizationandNotion-Versionheaders, which lets integrators pin the API version.
For local development, the README documents an npm link workflow that creates a global symlink so Cursor and other clients can run the in-progress build. Source: README.md:130-160. The auth template renderer (renderAuthTemplate) relies on Mustache, with HTML escaping explicitly disabled to keep URLs intact. Source: src/openapi-mcp-server/auth/template.ts:1-20. Any user-defined args are passed through TemplateContext.args, so secrets injected this way should be treated as sensitive. Source: src/openapi-mcp-server/auth/types.ts:1-23.
See Also
- Notion MCP (remote) documentation: <https://developers.notion.com/docs/mcp>
- Issue tracker: <https://github.com/makenotion/notion-mcp-server/issues>
- Release notes: see the GitHub Releases page for v2.0.0, v2.1.0, and v2.3.0 changelogs.
Source: https://github.com/makenotion/notion-mcp-server / Human Manual
Doramagic Pitfall Log
Source-linked risks stay visible on the manual page so the preview does not read like a recommendation.
May increase setup, validation, or first-run risk for the user.
May increase setup, validation, or first-run risk for the user.
May increase setup, validation, or first-run risk for the user.
May increase setup, validation, or first-run risk for the user.
Doramagic Pitfall Log
Found 14 structured pitfall item(s), including 2 high/blocking item(s). Top priority: Configuration risk - Configuration risk requires verification.
1. Configuration risk: Configuration risk requires verification
- Severity: high
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Recommended check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | https://github.com/makenotion/notion-mcp-server/issues/256
2. Configuration risk: Configuration risk requires verification
- Severity: high
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Recommended check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | https://github.com/makenotion/notion-mcp-server/issues/232
3. Installation risk: Installation risk requires verification
- Severity: medium
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Recommended check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | https://github.com/makenotion/notion-mcp-server/issues/309
4. Installation risk: Installation risk requires verification
- Severity: medium
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Recommended check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | https://github.com/makenotion/notion-mcp-server/issues/310
5. Installation risk: Installation risk requires verification
- Severity: medium
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Recommended check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | https://github.com/makenotion/notion-mcp-server/issues/306
6. Installation risk: Installation risk requires verification
- Severity: medium
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Recommended check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | https://github.com/makenotion/notion-mcp-server/issues/307
7. Configuration risk: Configuration risk requires verification
- Severity: medium
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Recommended check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | https://github.com/makenotion/notion-mcp-server/issues/298
8. Capability evidence risk: Capability evidence risk requires verification
- Severity: medium
- Finding: README/documentation is current enough for a first validation pass.
- User impact: May increase setup, validation, or first-run risk for the user.
- Recommended check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: capability.assumptions | github_repo:946169991 | https://github.com/makenotion/notion-mcp-server
9. Runtime risk: Runtime risk requires verification
- Severity: medium
- Finding: Project evidence flags a runtime risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Recommended check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | https://github.com/makenotion/notion-mcp-server/issues/296
10. Maintenance risk: Maintenance risk requires verification
- Severity: medium
- Finding: Project evidence flags a maintenance risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Recommended check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: evidence.maintainer_signals | github_repo:946169991 | https://github.com/makenotion/notion-mcp-server
11. Security or permission risk: Security or permission risk requires verification
- Severity: medium
- Finding: no_demo
- User impact: May increase setup, validation, or first-run risk for the user.
- Recommended check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: downstream_validation.risk_items | github_repo:946169991 | https://github.com/makenotion/notion-mcp-server
12. Security or permission risk: Security or permission risk requires verification
- Severity: medium
- Finding: no_demo
- User impact: May increase setup, validation, or first-run risk for the user.
- Recommended check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: risks.scoring_risks | github_repo:946169991 | https://github.com/makenotion/notion-mcp-server
Source: Doramagic discovery, validation, and Project Pack records