by markrai
Self-hosted kanban & project management with shareable boards, voice commands, sticky-notes, multi-language and MCP support
# Add to your Claude Code skills
git clone https://github.com/markrai/scrumboyGuides for using mcp servers skills like scrumboy.
Last scanned: 5/30/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-05-30T14:59:57.136Z",
"npmAuditRan": true,
"pipAuditRan": true
}scrumboy is an open-source mcp servers skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by markrai. Self-hosted kanban & project management with shareable boards, voice commands, sticky-notes, multi-language and MCP support. It has 355 GitHub stars.
Yes. scrumboy passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/markrai/scrumboy" and add it to your Claude Code skills directory (see the Installation section above).
scrumboy is primarily written in Go. It is open-source under markrai on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other MCP Servers skills you can browse and compare side by side. Open the MCP Servers category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh scrumboy against similar tools.
No comments yet. Be the first to share your thoughts!
Top skills in this category by stars
Runs in seconds. No setup required.
No .env file, TLS certificates, or encryption key are required to start the app.
Scrumboy is distributed as a container image on GitHub Container Registry:
ghcr.io/markrai/scrumboy:latest
Docker run (named volume for persistent SQLite data under /data):
docker run -d \
--name scrumboy \
-p 127.0.0.1:8080:8080 \
-v scrumboy-data:/data \
ghcr.io/markrai/scrumboy:latest
The image defaults to DATA_DIR=/data and SQLITE_PATH=/data/app.db. Mount a volume or host directory on /data so the database survives container recreation.
Docker Compose (minimal example; save as docker-compose.yml):
services:
scrumboy:
image: ghcr.io/markrai/scrumboy:latest
container_name: scrumboy
ports:
- "127.0.0.1:8080:8080"
volumes:
- ./data:/data
restart: unless-stopped
docker compose up -d
Open http://localhost:8080.
Windows users can download scrumboy-*-windows-amd64.exe from GitHub Releases. The matching .sha256 file is published beside it for checksum verification.
Put the exe in a dedicated writable folder before running it, for example %USERPROFILE%\Scrumboy. The exe starts a local Scrumboy server; open http://localhost:8080 after it starts.
Scrumboy creates runtime data under ./data by default. The default SQLite database is ./data/app.db, and SQLite may also create app.db-wal and app.db-shm while the server is running. The exe is single-file for distribution, but it is not "no runtime files ever."
Advanced users can set DATA_DIR to choose the runtime data directory and BIND_ADDR to choose the listen address or port.
To build from a local clone instead of pulling the published image:
docker compose up --build
The repository's docker-compose.yml uses build: . and maps ./data to /data.
Open http://localhost:8080.
go run ./cmd/scrumboy
Open http://localhost:8080.
.env files.export SCRUMBOY_ENCRYPTION_KEY=...).win_run_full.bat and win_run_anonymous.bat manage data/scrumboy.env automatically for local convenience.SCRUMBOY_ENCRYPTION_KEY, then data/scrumboy.env, then legacy root scrumboy.env.SCRUMBOY_ENCRYPTION_KEY=<base64-32-byte-key>.SCRUMBOY_ENCRYPTION_KEY is not required for basic startup.data/app.db. Back them up together.Generate a key with: openssl rand -base64 32
Example for Docker Compose secret injection:
services:
scrumboy:
environment:
- SCRUMBOY_ENCRYPTION_KEY=${SCRUMBOY_ENCRYPTION_KEY}
Example for systemd secret injection:
[Service]
Environment="SCRUMBOY_ENCRYPTION_KEY=REPLACE_WITH_BASE64_32_BYTE_KEY"
In both cases, the deployment manager is injecting the environment variable. Scrumboy itself does not auto-load these files.
Scrumboy supports OpenID Connect for single sign-on with any standards-compliant provider (Keycloak, Authentik, Auth0, Entra ID, etc.). OIDC is enabled by setting all four required environment variables:
| Variable | Description |
|---|---|
SCRUMBOY_OIDC_ISSUER |
Issuer URL (e.g. https://auth.example.com/realms/main) |
SCRUMBOY_OIDC_CLIENT_ID |
OAuth client ID |
SCRUMBOY_OIDC_CLIENT_SECRET |
Confidential client secret |
SCRUMBOY_OIDC_REDIRECT_URL |
Full callback URL registered at IdP (e.g. https://scrumboy.example.com/api/auth/oidc/callback) |
Optional:
| Variable | Description |
|---|---|
SCRUMBOY_OIDC_LOCAL_AUTH_DISABLED |
Set to true to disable local password login when OIDC is configured (SSO-only mode) |
Local password authentication remains available by default alongside OIDC. After successful OIDC login, the user receives a standard Scrumboy session cookie. The IdP must return a verified email (email_verified: true). HTTPS is recommended when using OIDC to ensure session cookies are Secure.
See docs/oidc.md for full setup details, constraints, and troubleshooting.
SCRUMBOY_TLS_CERT and SCRUMBOY_TLS_KEY files exist.Install the app from the browser for a standalone window and better mobile UX. Background assignment alerts use the Web Push API with VAPID keys on the server. When both keys are set, signed-in clients attempt to subscribe automatically (browser permission may be prompted). Docker users must pass the VAPID variables into the container environment and recreate the container after changes. Details, Docker verification steps, and subscriber contact semantics: docs/pwa.md.
The Docker image and go run embed prebuilt assets under internal/httpapi/web/dist. If they are missing, build them:
cd internal/httpapi/web
npm install
npm run build
Then run docker compose up --build (local image build) or go run ./cmd/scrumboy again from the repository root.
Simplicity of a light Kanban, with the power of structured systems: Roles, sprints, audit trails & customizable workflows - without being locked into SaaS tools.
Full (SCRUMBOY_MODE=full, default): Auth can be enabled. First user via bootstrap; then login/session. Backup/export, tags, multi-project. Projects can be user-owned (project_members) or anonymous (shareable by URL): /anon (or /temp) creates a throwaway board and redirects to /{slug}.
Anonymous (SCRUMBOY_MODE=anonymous): No auth. Landing at /; live deployment at: https://scrumboy.com/
Custom Workflows: You can create any combination of workflow you want, per project, with user-defined "Done" lane.
Realtime SSE enabled boards for instant multi-user actions.
Webhooks (API-only, full mode): Register URLs per project so Scrumboy can POST JSON when subscribed domain events fire (e.g. todo.assigned). For your own automations, not in-app or browser notifications. See Integrations.
Customizable Tags: Users can inherit and customize tag colors.
Advanced filtering: Search todos based on text or tags.
Sprints: create, activate, close; sprint filter on board; default sprint weeks (1 or 2) per project.
Authentication & 2FA: TOTP supported wh