How do I install TrainingPeaks MCP Server?

Install TrainingPeaks MCP Server with a single command: npx mdskills install JamsusMaximus/trainingpeaks-mcp. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support TrainingPeaks MCP Server?

TrainingPeaks MCP Server works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Gemini Cli, Amp, Roo Code, Goose. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to MCP servers

TrainingPeaks MCP Server

Name: TrainingPeaks MCP Server: AI Agent Skill
Rating: 9 (1 reviews)
Author: JamsusMaximus

Verified

MCP ServerCode GenerationIntermediate

Connect TrainingPeaks to Claude and other AI assistants via the Model Context Protocol (MCP). Query your workouts, analyze training load, compare power data, and track fitness trends through natural conversation. No API approval required. The official Training Peaks API is approval-gated, but this server uses secure cookie authentication that any user can set up in minutes. Your cookie is stored i

by @JamsusMaximus0Updated 1 weeks ago

Add this skill

npx mdskills install JamsusMaximus/trainingpeaks-mcp

Fork & Edit

Skill Advisor9.0

Polished MCP server with comprehensive tools for training analytics and excellent security documentation

+Provides six well-documented tools covering workouts, fitness metrics, and PRs with clear JSON examples
+Implements defense-in-depth security with encrypted storage, value sanitization, and hardcoded domains
+Offers multiple setup paths including automated Claude Code installation and browser cookie extraction
-Declares filesystem write and shell execution permissions that exceed typical MCP server read-only operations

SKILL.md

Edit in Browser

1# TrainingPeaks MCP Server
2 
3<a href="https://glama.ai/mcp/servers/@JamsusMaximus/TrainingPeaks-MCP">
4  <img width="380" height="200" src="https://glama.ai/mcp/servers/@JamsusMaximus/TrainingPeaks-MCP/badge" alt="TrainingPeaks MCP server" />
5</a>
6 
7Connect TrainingPeaks to Claude and other AI assistants via the Model Context Protocol (MCP). Query your workouts, analyze training load, compare power data, and track fitness trends through natural conversation.
8 
9**No API approval required.** The official Training Peaks API is approval-gated, but this server uses secure cookie authentication that any user can set up in minutes. Your cookie is stored in your system keyring, never transmitted anywhere except to TrainingPeaks.
10 
11## What You Can Do
12 
13![Example conversation with Claude using TrainingPeaks MCP](docs/images/screenshot.png)
14 
15Ask your AI assistant questions like:
16- "Compare my FTP progression this year vs last year"
17- "What was my TSS ramp rate in the 6 weeks before my best 20-min power?"
18- "Am I ready to race? Show my form trend and recent workout quality"
19- "Which days of the week do I typically train hardest?"
20- "Find weeks where I exceeded 800 TSS and show what happened to my form after"
21 
22## Features
23 
24| Tool | Description |
25|------|-------------|
26| `tp_get_workouts` | Query workouts by date range (planned and completed) |
27| `tp_get_workout` | Get detailed metrics for a single workout |
28| `tp_get_peaks` | Compare power PRs (5sec to 90min) and running PRs (400m to marathon) |
29| `tp_get_fitness` | Track CTL, ATL, and TSB (fitness, fatigue, form) |
30| `tp_get_workout_prs` | See personal records set in a specific session |
31| `tp_refresh_auth` | Re-authenticate if your session expires (extracts fresh cookie from browser) |
32 
33---
34 
35## Setup Options
36 
37### Option A: Auto-Setup with Claude Code
38 
39If you have [Claude Code](https://claude.ai/code), paste this prompt:
40 
41```
42Set up the TrainingPeaks MCP server from https://github.com/JamsusMaximus/trainingpeaks-mcp - clone it, create a venv, install it, then walk me through getting my TrainingPeaks cookie from my browser and run tp-mcp auth. Finally, add it to my Claude Desktop config.
43```
44 
45Claude will handle the installation and guide you through authentication step-by-step.
46 
47### Option B: Manual Setup
48 
49#### Step 1: Install
50 
51```bash
52git clone https://github.com/JamsusMaximus/trainingpeaks-mcp.git
53cd trainingpeaks-mcp
54python3 -m venv .venv
55source .venv/bin/activate  # Windows: .venv\Scripts\activate
56pip install -e .
57```
58 
59#### Step 2: Authenticate
60 
61**Option A: Auto-extract from browser (easiest)**
62 
63If you're logged into TrainingPeaks in your browser:
64 
65```bash
66pip install tp-mcp[browser]  # One-time: install browser support
67tp-mcp auth --from-browser chrome  # Or: firefox, safari, edge, auto
68```
69 
70> **macOS note:** You may see security prompts for Keychain or Full Disk Access. This is normal - browser cookies are encrypted and require permission to read.
71 
72**Option B: Manual cookie entry**
73 
741. Log into [app.trainingpeaks.com](https://app.trainingpeaks.com)
752. Open DevTools (`F12`) → **Application** tab → **Cookies**
763. Find `Production_tpAuth` and copy its value
774. Run `tp-mcp auth` and paste when prompted
78 
79**Other auth commands:**
80```bash
81tp-mcp auth-status  # Check if authenticated
82tp-mcp auth-clear   # Remove stored cookie
83```
84 
85#### Step 4: Add to Claude Desktop
86 
87Run this to get your config snippet:
88 
89```bash
90tp-mcp config
91```
92 
93Edit `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) or `%APPDATA%\Claude\claude_desktop_config.json` (Windows) and paste it inside `mcpServers`. Example with multiple servers:
94 
95```json
96{
97  "mcpServers": {
98    "some-other-server": {
99      "command": "npx",
100      "args": ["some-other-mcp"]
101    },
102    "trainingpeaks": {
103      "command": "/Users/you/trainingpeaks-mcp/.venv/bin/tp-mcp",
104      "args": ["serve"]
105    }
106  }
107}
108```
109 
110Restart Claude Desktop. You're ready to go!
111 
112---
113 
114## Tool Reference
115 
116### tp_get_workouts
117List workouts in a date range. Max 90 days per query.
118 
119```json
120{ "start_date": "2026-01-01", "end_date": "2026-01-07", "type": "completed" }
121```
122 
123### tp_get_workout
124Get full details for one workout including power, HR, cadence, TSS.
125 
126```json
127{ "workout_id": "123456789" }
128```
129 
130### tp_get_peaks
131Get ranked personal records. Bike: power metrics. Run: pace/speed metrics.
132 
133```json
134{ "sport": "Bike", "pr_type": "power20min", "days": 365 }
135```
136 
137**Bike types:** `power5sec`, `power1min`, `power5min`, `power10min`, `power20min`, `power60min`, `power90min`
138 
139**Run types:** `speed400Meter`, `speed1K`, `speed5K`, `speed10K`, `speedHalfMarathon`, `speedMarathon`
140 
141### tp_get_fitness
142Get training load metrics over time.
143 
144```json
145{ "days": 90 }
146```
147 
148Returns daily CTL (chronic training load / fitness), ATL (acute training load / fatigue), and TSB (training stress balance / form).
149 
150### tp_get_workout_prs
151Get PRs set during a specific workout.
152 
153```json
154{ "workout_id": "123456789" }
155```
156 
157## What is MCP?
158 
159[Model Context Protocol](https://modelcontextprotocol.io) is an open standard for connecting AI assistants to external data sources. MCP servers expose tools that AI models can call to fetch real-time data, enabling assistants like Claude to access your Training Peaks account through natural language.
160 
161## Security
162 
163**TL;DR: Your cookie is encrypted on disk, exchanged for short-lived OAuth tokens, never shown to Claude, and only ever sent to TrainingPeaks. The server is read-only and has no network ports.**
164 
165This server is designed with defense-in-depth. Your TrainingPeaks session cookie is sensitive - it grants access to your training data - so we treat it accordingly.
166 
167### Cookie Storage
168 
169| Platform | Primary Storage | Fallback |
170|----------|----------------|----------|
171| macOS | System Keychain | Encrypted file |
172| Windows | Windows Credential Manager | Encrypted file |
173| Linux | Secret Service (GNOME/KDE) | Encrypted file |
174 
175Your cookie is **never** stored in plaintext. The encrypted file fallback uses Fernet symmetric encryption with a machine-specific key.
176 
177### Cookie Never Leaks to AI
178 
179The AI assistant (Claude) **never sees your cookie value**. Multiple layers ensure this:
180 
1811. **Return value sanitization**: Tool results are scrubbed for any keys containing `cookie`, `token`, `auth`, `credential`, `password`, or `secret` before being sent to Claude
1822. **Masked repr()**: The `BrowserCookieResult` class overrides `__repr__` to show `cookie=<present>` instead of the actual value
1833. **Sanitized exceptions**: Error messages use only exception type names, never full messages that could contain data
1844. **No logging**: Cookie values are never written to any log
185 
186### Domain Hardcoding (Cannot Be Changed)
187 
188The browser cookie extraction **only** accesses `.trainingpeaks.com`:
189 
190```python
191# From src/tp_mcp/auth/browser.py - HARDCODED, not a parameter
192cj = func(domain_name=".trainingpeaks.com")
193```
194 
195Claude cannot modify this via tool parameters. The only parameter is `browser` (chrome/firefox/etc), not the domain. To change the domain would require modifying the source code.
196 
197### Read-Only Access
198 
199This server provides **read-only** access to TrainingPeaks:
200- ✅ Query workouts, fitness metrics, personal records
201- ❌ Cannot create, modify, or delete workouts
202- ❌ Cannot change account settings
203- ❌ Cannot access billing or payment info
204 
205### No Network Exposure
206 
207The MCP server uses **stdio transport only** - it communicates with Claude Desktop via stdin/stdout, not over the network. There is no HTTP server, no open ports, no remote access.
208 
209### What This Server Cannot Do
210 
211| Action | Possible? |
212|--------|-----------|
213| Read your workouts | ✅ Yes |
214| Read your fitness metrics | ✅ Yes |
215| Modify any TrainingPeaks data | ❌ No |
216| Access other websites | ❌ No (domain hardcoded) |
217| Send your cookie/token anywhere except TrainingPeaks | ❌ No |
218| Expose your cookie to Claude | ❌ No (sanitized) |
219| Open network ports | ❌ No (stdio only) |
220 
221### Open Source
222 
223This server is fully open source. You can audit every line of code before running it. Key security files:
224- [`src/tp_mcp/auth/browser.py`](src/tp_mcp/auth/browser.py) - Cookie extraction with hardcoded domain
225- [`src/tp_mcp/tools/refresh_auth.py`](src/tp_mcp/tools/refresh_auth.py) - Result sanitization
226- [`tests/test_tools/test_refresh_auth_security.py`](tests/test_tools/test_refresh_auth_security.py) - Security tests
227 
228## Authentication Flow
229 
230The server uses a two-step authentication process:
231 
2321. **Cookie → OAuth Token**: Your stored cookie is exchanged for a short-lived OAuth access token (expires in 1 hour)
2332. **Automatic Refresh**: Tokens are cached in memory and automatically refreshed before expiry
234 
235This means:
236- You only need to authenticate once with `tp-mcp auth`
237- API calls use proper Bearer token auth, not cookies
238- If your session cookie expires (typically after several weeks), use `tp_refresh_auth` in Claude or run `tp-mcp auth` again
239 
240## Development
241 
242```bash
243pip install -e ".[dev]"
244pytest tests/ -v
245mypy src/
246ruff check src/
247```
248 
249## License
250 
251MIT
252

Full transparency — inspect the skill content before installing.