calorie-tracker

The Calorie Tracker MCP Server provides a Cloudflare Workers-backed API to manage daily calorie intake, track meals with macronutrient details, and compute personalized BMR and TDEE using the Mifflin-St Jeor equation. It exposes tools for food tracking (list, add, update, delete entries), profile management (retrieve and update BMR/TDEE data, view historical weight/body composition), and admin functions (register or revoke users). To use it, you first register an OAuth client or obtain a bearer token, then connect through your MCP consumer (such as Claude Desktop or another connector) to fetch or push data via the server’s endpoints. The server stores data in the D1 database and supports secure authentication with OAuth 2.1 and PKCE where applicable.

Prerequisites:

• Node.js and pnpm installed
• Cloudflare Wrangler installed (for local D1 migrations and development)
• Access to a Cloudflare Workers environment (or local emulator)

1. Install dependencies for the MCP stack:

   • pnpm install

2. Set up Cloudflare resources locally or in your Cloudflare account:

   • Create a D1 database: npx wrangler d1 create calorie-tracker
   • Create an OAuth KV namespace (optional, for OAUTH flows): npx wrangler kv:namespace create OAUTH_KV

3. Run migrations and start the dev server locally:

   • npx wrangler d1 migrations apply calorie-tracker --local
   • pnpm run dev

4. If deploying, build and deploy to Cloudflare Workers:

   • pnpm run deploy
   • pnpx wrangler secret put ADMIN_API_KEY (if you need an admin key for OAuth flows)

5. Configure client access:

   • For Bearer Token flow, register an OAuth client or obtain a personal access secret as described in the README and set it in your client configuration.

Note: Replace any localhost URLs with your actual deployment URL in production.

Tips and caveats:

• Use the Bearer Token flow for simple development and testing by injecting the client secret as BEARER_TOKEN in your MCP consumer configuration.
• Ensure your OAuth redirect URIs are whitelisted in your OAuth client setup to avoid redirect_uri mismatch errors.
• When running locally, ensure the dev server is accessible at http://localhost:8787 and that the SSE endpoint is reachable at /sse.
• For production deployments, securely store ADMIN_API_KEY and any OAuth client secrets using your platform’s secret management.
• The BMR/TDEE calculations follow the Mifflin-St Jeor equations; consider validating inputs (weight, height, age) to avoid incorrect results.
• The server uses D1 (SQLite) for storage; ensure migrations are applied before first use.