OnBrand by SlideSpeak

Overview

OnBrand by SlideSpeak is a standalone remote MCP service and dashboard that gives AI agents governed brand knowledge: Brand Guides, Brand Kit assets, color tokens, logo guidance, and presentation design prompts.

Installation

This repository is not published as an npm package or OCI image in the inspected source. The documented launch path builds and runs the service from source with Docker Compose:

cp .env.example .env
docker compose up --build

The production-style compose file can be started with:

docker compose -f deploy/docker-compose.yml up --build

The Docker image runs database migrations and then starts the Bun HTTP server with bun packages/mcp-server/src/server/http.ts.

Configuration

OnBrand requires a compatible OAuth provider, Postgres database, and S3-compatible AWS bucket. Core runtime settings include DATABASE_URL, BASE_URL, OAuth issuer/authorization/token/JWKS endpoints, OAUTH_DASHBOARD_CLIENT_ID, read/write scopes, DASHBOARD_SESSION_SECRET, and S3 bucket/credential variables. Optional settings include OAUTH_REGISTRATION_ENDPOINT, OAUTH_BACKCHANNEL_TOKEN_ENDPOINT, OAUTH_OWNER_ID_CLAIM, ASSET_DOWNLOAD_EXPIRES_IN_SECONDS, DASHBOARD_DEV_SERVER_URL, and the deploy compose host port ONBRAND_HTTP_PORT.

Transport

The service exposes Streamable HTTP MCP at:

http://localhost:8080/mcp

It also exposes /health, /dashboard, /.well-known/oauth-protected-resource/mcp, and /.well-known/oauth-authorization-server. Client setup examples from the README:

codex mcp add onbrand --url http://localhost:8080/mcp
codex mcp login onbrand
claude mcp add --transport http onbrand http://localhost:8080/mcp

Authentication

MCP requests require a Bearer OAuth access token. Tokens must match the configured issuer, include audience/resource ${BASE_URL}/mcp, have an expiration, verify against OAUTH_JWKS_URL, include the configured owner claim, and include the required scopes. Read-only tools require OAUTH_REQUIRED_READ_SCOPE (default onbrand:read); mutating tools and dashboard sessions require OAUTH_REQUIRED_WRITE_SCOPE (default onbrand:write).

Capabilities

Tools include get_onbrand_skill, list_brand_guides, get_brand_guide, materialize_brand_kit_assets, get_brand_guide_writer_skill, prepare_brand_guide_asset_uploads, and write_brand_guide. These cover Brand Guide discovery, reading brand metadata and presentation guidance, downloading exact Brand Kit assets with presigned S3 URLs, preparing uploads for new assets, and creating or replacing Brand Guides.

Limitations

The auth guide states OnBrand is currently supported for local and development deployments, with production support still in development. A real deployment must provide OAuth, Postgres, S3, database migrations, HTTPS public origin and OAuth endpoints, stable dashboard session secret, least-privilege S3 credentials, and restricted exposed ports. The workspace packages are private and no published package/image target was documented.