Model Context Protocol · OAuth 2.1
Your Fitness Data, In Any AI
LoseStreak ships a Model Context Protocol server so Claude, ChatGPT, Cursor, OpenCode, and any other MCP-compatible agent can read your HealthKit-synced workouts, weight, meals, and competitions — and log new entries on your behalf, with per-scope consent.
https://mcp.losestreak.com/mcpSource
Apple HealthKit
Apple Workouts, Strava, Peloton, Garmin, Nike Run Club — and any other app that writes to HealthKit. 80+ activity types. iOS reads it on-device, background delivery.
Bridge
LoseStreak MCP
Cloudflare Worker. OAuth 2.1 with PKCE. Per-tool rate limits. Audit log. Hosted at mcp.losestreak.com/mcp.
Agent
Your AI of choice
Claude Desktop, Claude Code, ChatGPT, Cursor, OpenCode, or any MCP 2025-06-18 client. Connect once, your fitness data becomes a tool the model can call.
What Your Agent Can Read
Every tool runs under your account, gated by Postgres Row-Level Security. Per-tool rate limits keep cost predictable.
get_workouts HealthKit-synced workouts: type, duration, calories, distance, heart rate.
health:readget_weight_history Daily weigh-ins (kg + lbs) over any date range.
health:readget_meals Meal log with name, calories, macros, timestamp, source.
health:readget_daily_summary Pre-computed totals: calories in/out, workouts, weight, sleep.
health:readlist_competitions / get_competition / get_battle_feed / get_verdict Competitions, real-time battle activity, AI-generated verdicts.
competitions:readget_friends / search_users / list_friend_requests Your friend graph and pending requests.
friends:readget_profile / get_badges Public profile, level, XP, streaks, earned badges.
profile:readscan_food_image Send a meal photo, get back name + calories + macros + a 5-minute scan_id you can hand to log_meal.
health:read (Gemini-backed)What Your Agent Can Write
Only the scopes you approve. Writes are tagged with the client that posted them so there's no ambiguity in the battle feed.
log_meal Log a meal via scan_id, free-text description, or manual macros. Server echoes what was saved.
health:writelog_weight Log today's weigh-in (or correct an earlier day). 20–500 kg, one entry per day — same-day re-log overwrites.
health:writepost_battle_comment Comment on a competition's battle feed. Max 280 chars. Tagged "via Claude" (or whichever client posted it).
competitions:writesend_friend_request / accept_friend_request / decline_friend_request / remove_friend Manage your friend graph by username or relationship id.
friends:writeAttachable Resources
Drop a verdict or a weekly recap into the chat as markdown context.
verdict://{competition_id} Full AI verdict as markdown — winner / loser sections and the roast text. Attach to a chat as context.
competition://{id}/summary Readable competition summary: title, mode, dates, participants, standings, recent activity.
weekly-recap://current Last 7 days as a single markdown doc — workouts, meal totals, weight delta, active competitions, badge unlocks.
Seven Scopes, You Decide
The consent screen lists every scope individually with a plain-English example. No blanket permissions.
profile:read Your profile, level, badges.
health:read Workouts, weight, meals, daily summaries.
health:write Log meals and weight on your behalf.
competitions:read Competitions, battle feeds, verdicts.
competitions:write Post battle comments.
friends:read Your friends and pending requests.
friends:write Send / accept / decline / remove friends.
Tested With
Any spec-compliant MCP client works — these are the ones we test against.
Claude Desktop
Settings → Connectors → Add custom connector
Claude Code
/mcp add losestreak https://mcp.losestreak.com/mcp
ChatGPT
Connectors → add custom MCP
Cursor
Settings → MCP → add server
OpenCode
Built-in MCP support
Any MCP client
Spec-compliant — 2025-06-18 MCP
Built For Trust
Health data is the most sensitive thing in your account. Here's what keeps the MCP layer honest.
OAuth 2.1 with PKCE
Spec-compliant authorization server (RFC 7591 DCR, RFC 8414, RFC 9728, RFC 8707 audience binding).
Per-scope consent
You approve each scope on the consent screen. Refresh keeps the same scope set; new scopes require re-authorization.
Audit log in the iOS app
Every tool call appears in Profile → Settings → Integrations with tool name, status, and timestamp.
Per-tool rate limits
5–200/hour depending on the tool; 2000/hour global safety net. Returns retry_after on hit.
Revoke anytime
One tap revokes a client. The grant is killed; replay of an old refresh token kills the entire grant (theft detection).
RLS enforced
Every tool call mints a 60-second Supabase JWT scoped to your user_id. Postgres Row-Level Security is the final gate.
Three Steps to Connect
If your client supports MCP, this takes about a minute.
Open your client's connector settings
In Claude Desktop: Settings → Connectors → Add custom connector. In Claude Code: /mcp add. Cursor, ChatGPT, and OpenCode have equivalent flows.
Paste the URL
https://mcp.losestreak.com/mcp — exactly that, including the /mcp path. The well-known endpoint won't resolve correctly without it.
Sign in and approve scopes
Enter your LoseStreak email, get a 6-digit code, pick the scopes to grant. You can revoke any time from Profile → Settings → Integrations in the iOS app.
Get the app, get the agent.
An active LoseStreak subscription unlocks MCP access. Download the iOS app, sync HealthKit, then connect your AI of choice.