Detailed Analysis
A developer identified as briangaoo has reverse-engineered Whoop's private iOS application API and packaged it as an open-source Model Context Protocol (MCP) server, dramatically expanding what users can do with their Whoop fitness data through AI interfaces like Claude. While Whoop's official OAuth 2.0 API exposes only 13 read-only endpoints covering basic metrics like recovery scores and sleep totals, the new tool unlocks 48 tools mapped across 47 internal microservices — giving programmatic access to minute-by-minute sleep hypnograms, intraday stress timelines, strength training history, behavioral journals, live heart rate data, VO₂ max estimates, women's health cycle data, and more. The project ships with bundled catalogs of 372 exercises, 308 behaviors, and 203 sports, ensuring AI queries use precise internal IDs rather than guessed parameters.
The tool's significance extends beyond simple data access. The MCP server supports write operations — logging workouts, editing profiles, adding journal entries, reconfiguring smart alarms, and adjusting heart rate zones — all mediated through a preview-gating system that displays exact API payloads before execution, requiring explicit user confirmation before any action fires. This design choice reflects a growing emphasis in agentic AI tooling on human-in-the-loop confirmation for consequential actions, a pattern that aligns with Anthropic's own guidance around safe agentic behavior in Claude. The project also includes two escape-hatch tools that allow querying an endpoint catalog and calling any of the 311 mapped endpoints directly, providing flexibility beyond the pre-built tool set.
The technical architecture reflects serious engineering discipline: the project is written in TypeScript with schema validation on every response, 212 automated tests, automatic token refresh cycles, and clean failure handling if Whoop modifies its internal API. Deployment is intentionally low-friction, with a guided CLI supporting both cloud deployment (via Fly.io, Railway, Cloud Run, or Docker) that syncs across Claude web, desktop, and mobile as a custom connector, and a local stdio mode for Claude Desktop and Claude Code. The developer has committed to maintaining the project actively, including rapid fixes if Whoop's private API changes.
This project is a prominent example of a broader trend in which developers are using MCP — Anthropic's open protocol for connecting AI models to external tools and data sources — to bridge the gap between what consumer apps expose and what users actually want to do with their own data. Health and fitness platforms like Whoop routinely restrict their official APIs for business reasons, but the richness of their internal app APIs creates a strong incentive for technically sophisticated users to build workarounds. The fact that this tool works not only with Claude but also with ChatGPT Desktop, Gemini CLI, Cursor, and Codex illustrates how MCP is functioning as a cross-platform standard, with Claude occupying a central position as the primary reference integration and deployment target given the native MCP support Claude's ecosystem provides.
The project also surfaces ongoing tensions around API reverse-engineering in consumer software. Whoop has not authorized access to its private endpoints, and the tool relies on session credentials obtained through the user's own login — a pattern that sits in a legally and ethically ambiguous space common to many developer-built fitness integrations. For users, the appeal is straightforward: the ability to ask Claude in natural language questions like "how has my sleep debt trended against my strain load over the past month" or "log yesterday's strength session," answered using the full fidelity of data the app already collects but withholds from programmatic access. As AI interfaces become the preferred interaction layer for many users, the gap between official API access and actual app capabilities will likely drive more projects of this kind.
Read original article →