MCP-Server for REI3 Tickets

lgndluke

Hello everyone,

I just wanted to share, that I spend some time creating a Model Context Protocol Server for REI3 tickets.

For anyone who's not familiar with the Model Context Protocol (MCP), it basically enables AI Language Models to interact with other services or tools in specified ways.

In case of REI3 tickets my MCP Server is currently able to:

Create new tickets.
Create worklog entries for existing tickets.

To interact with REI3 the predefined API calls, which ship with REI3 tickets, are used.

Thought I'd share this here, maybe there are some people who'll find this useful.
REI3 Tickets MCP GitHub

I believe this could be particularly useful in fast-paced environments where people frequently come into the office with urgent requests like "I need X fixed by deadline Y". In those situations, using voice-based AI to create tickets could streamline the process and improve efficiency. But also alot of other applicable scenarios are possible.

Thanks for reading.

Best regards,
Luke

lsw-fabian

Hi @lgndluke and welcome to the forum,

I do really appricate your addition to the REI3 ticket system. With one of the next releases, we will introduce more pre-defined APIs into tickets (e.g: Close ticket, Adjust criticality) - maybe these will be useful for your app too.

I will try it out in the next days and will come back to you :)

lgndluke

Hey Fabian,

I'm already looking forward to the new Ticket APIs and I'll most definitely implement them into the MCP project as soon as they are available.

By the way, do you think it would be possible to implement an API for fetching past ticket worklog entries, e.g.: via ticket key? That way users wouldn't have to manually "feed" context about a ticket into the AI, but could do something like "Gather information about ticket X" and the AI could fetch the information itself.

Furthermore, I could also imagine an write_email_to_user API to maybe come in handy.

One quick side note for your tests of the MCP Server.
I've noticed the quality of the results heavily varies depending on the used AI Language Model.
Reasoning models, which typically perform best at complex tasks, for example ended up causing this weird phenomenon, where their "thinking" stage would sometimes cause multiple function calls to the MCP-Server, which resulted in multiple worklog or ticket creations, when only one would have sufficed. (e.g.: as for simple prompts like "Create a ticket for X")
That said, my testing isn't yet comprehensive enough to confidently recommend a specific model as the "best performer" for the REI3 Tickets MCP.

And lastly, if you need any help setting things up, let me know.
Either here in this community post, or directly via a GitHub Issue.

Best regards,
Luke

lsw-fabian

Sorry for my late reply. Yesterday i had some time and i was testing your application. Even though my test system was a bit on the slow side, i was able to get it running in less than 2 hours. For me it does work pretty well, thanks to your installation guide. Great work!

Regarding APIs:
Currently we want to implement 3 new APIs for closing a ticket, fetching ticket information by ticket key and getting worklogs by the ticket key.

lgndluke

Hey Fabian,

that's great news! I've already implemented placeholder tools for the upcoming API implementations.
(I've seen you've made the placeholders accessible in the latest REI3 tickets update.)

Best regards,
Lukas

lgndluke

Hey everyone,

I just wanted to provide a quick update on the REI3 Tickets MCP server project.

The MCP server now supports HTTP transport, meaning it is able to act as a fully functional server, rather than a sub-process of the MCP-Client (which is/was the case with 'stdio' transport). Additionally, there's now an optional web management utillity (enable/disable via config.ini) to simplify Tickets API (re)configuration. Changes are hereby applied instantly, no need to restart the MCP server. And lastly, the project now features a Dockerfile incl. setup script for Windows based systems for easier deployment.

Best regards,
Lukas

lsw-fabian

lgndluke sounds great! Will try it out this weekend :)

lgndluke

Hey @gabriel,

I was thinking about adding optional authentication capabilities to the REI3 Tickets MCP Server that administratives could configure/enable using the config.ini file.

This would enforce that users who want to connect to the REI3 Tickets MCP Server using their MCP Client of choice (e.g. AnythingLLM, GitHub Copilot, etc.) would have to either specify a valid bearer token when using token verification, or would automatically get redirected to an external identity provider (based on OAUTH or OpenID Connect) to authenticate. I know that REI3 Professional for example offers OAUTH capabilities, but unfortunately can't access/test them.

More information about FastMCP Server Authentication can be found here: FastMCP Server Auth

Adding such an authentication proxy mechanism to the Tickets MCP Server would require either a "/.well-known/jwks.json" or a "/.well-known/openid-configuration" to be exposed by REI3 at some endpoint. Unfortunately, I wasn't able to find any of those in my searches.

Can you tell me, does REI3 offer such endpoints?

Best regards,
Luke

lgndluke

Nevermind, I just found this remark about authentication and authorization:

"OAuth2: Users are forwarded to an OAuth2 identity provider, authenticate with it and are returned to REI3 to log in via OpenID Connect."

-> Meaning, REI3 itself doesn't expose the "/.well-known/openid-configuration" endpoint, but acts as a client. In that case implementing a OIDCProxy could potentially work, as if I'm not mistaken the provided access-token for client A (e.g.: REI3 Web-App) and client B (e.g.: REI3 Tickets MCP) at time X should be the same for user Y ...

gabriel

Yes, r3 only acts as an OpenID client. Though the auth code provided by the OpenID identity provider is not the same as a r3 access token. Once redirected to r3, after authentication via OpenID, the code is used to retrieve an access token for access to r3 resources.

See login.js:

// check for Open ID authentication redirect
const params = new URLSearchParams(window.location.search);
if(params.has('state') && params.has('code')) {
	// attempt Open ID authentication against r3 backend, if local state matches
	if(this.openIdAuthDetails.state === atob(params.get('state'))) {
		this.authenticateByOpenId(
			this.openIdAuthDetails.oauthClientId,
			params.get('code'),
			this.openIdAuthDetails.codeVerifier
		);
	}
	// ...
}

The authentication via OpenID code still occurs via websocket request from the r3 frontend:

authenticateByOpenId(oauthClientId,code,codeVerifier) {
	ws.send('auth','openId',{
		code:code,
		codeVerifier:codeVerifier,
		oauthClientId:oauthClientId
	},true).then(
		res => {
			// ...
		},
		err => this.handleError('authUser',err)
	);
	// ...
}

The code must be validated by the r3 backend to finish the OAuth2.0 flow 'Authorization Code Flow with Proof Key for Code Exchange'.

So if your plan is to get access tokens for an API user via OpenID authentication, we are missing a component: The option to execute a REST authentication call via OpenID code.

If you want to test OAuth features, just drop me your current contact via our contact form and I´ll prepare a dev license for your.