dunkirk.sh / canvas-mcp
a fancy canvas mcp server!
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

TypeScript 63.2%
HTML 36.8%
2 1 0

Clone this repository

https://tangled.org/dunkirk.sh/canvas-mcp https://tangled.org/did:plc:krxbvxvis5skq7jj6eot23ul/canvas-mcp
git@knot.dunkirk.sh:dunkirk.sh/canvas-mcp git@knot.dunkirk.sh:did:plc:krxbvxvis5skq7jj6eot23ul/canvas-mcp

For self-hosted knots, clone URLs may differ based on your setup.

Download tar.gz
README.md

Canvas MCP Server#

A proper MCP (Model Context Protocol) server that connects Canvas LMS to AI assistants like Claude Desktop.

Features#

  • Proper MCP Protocol: Implements Streamable HTTP transport with JSON-RPC
  • Personal Access Token Auth: Students set up in 2 minutes (no admin access needed)
  • Multi-Institution Support: Works with any Canvas instance
  • Encrypted Storage: Canvas tokens encrypted at rest with AES-256-GCM
  • Session Persistence: Sessions survive server restarts (stored in SQLite)
  • Built with Bun: Fast, modern TypeScript using @modelcontextprotocol/sdk

Quick Start#

# Install dependencies
bun install

# Generate encryption key
bun run generate-key

# Copy and configure environment
cp .env.example .env
# Add the generated encryption key to .env

# Run development server
bun dev

Visit http://localhost:3000 to connect your Canvas account.

How It Works#

  1. Web Interface: Students enter Canvas domain + Personal Access Token
  2. Verification: Server validates token by calling Canvas API
  3. Token Storage: Canvas token encrypted and stored server-side
  4. MCP Token: User receives an MCP connection token for their AI client
  5. MCP Protocol: AI client connects to /mcp endpoint with Bearer token
  6. Canvas Proxy: Server proxies tool calls to Canvas using stored token

MCP Tools#

  • list_courses: List Canvas courses with enrollment filtering
  • search_assignments: Search assignments across courses
  • get_assignment: Get detailed assignment information

Client Configuration#

After connecting your Canvas account, add this to Claude Desktop config:

{
  "mcpServers": {
    "canvas": {
      "url": "https://canvas.dunkirk.sh/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_MCP_TOKEN_HERE"
      }
    }
  }
}

Architecture#

  • MCP Server: @modelcontextprotocol/sdk with Streamable HTTP transport
  • Web Dashboard: Bun.serve with HTML/CSS/JS (no frameworks)
  • Database: SQLite with encrypted Canvas tokens and persistent sessions
  • Transport: JSON-RPC over HTTP POST at /mcp endpoint

Security#

  • Canvas tokens encrypted with AES-256-GCM before storage
  • MCP tokens hashed with Argon2id (cannot be retrieved after creation)
  • Sessions stored in database (survive restarts)
  • HTTPS enforced in production
  • No Canvas tokens exposed to MCP clients

Deployment#

Deployed at: https://canvas.dunkirk.sh

The canonical repo is hosted on tangled at knot.dunkirk.sh/canvas-mcp

© 2026-present Kieran Klukas