MCP Server — Connect Any Coding Agent or Chat Client
Wire any MCP-compatible client to VibeHost. The MCP server is the path for coding agents (Claude Code, Codex, Cursor, Antigravity, Grok Build) and chat clients (ChatGPT, Claude Desktop) that don't have a native CLI tool channel.
VibeHost ships a remote Model Context Protocol server at https://api.vibehost.com/mcp. Any MCP-compatible client can connect and gain a tool surface for the entire platform.
Where MCP fits
VibeHost has two integration channels. Pick based on what's driving the work:
- Coding agents sit in your editor / terminal. They get the smoothest experience: native MCP support plus the ability to shell out to the
vibehostCLI directly when scripted control beats tool calls. Ten first-class integrations, each with its own guide:- Claude Code — Anthropic, terminal-first
- Codex CLI — OpenAI, terminal-first
- Cursor — IDE, most-adopted
- Antigravity — Google, agentic IDE
- Antigravity CLI — Google, open-source terminal agent
- Windsurf — Cognition (Devin's makers), agentic IDE
- OpenCode — SST, open-source terminal agent
- GitHub Copilot CLI — GitHub, terminal
- Hermes Agent — Nous Research, self-improving terminal agent
- Grok Build — xAI, terminal-first
- Chat clients (ChatGPT, Claude Desktop) don't have a CLI channel. They reach VibeHost only through MCP. Setup is one URL — see Chat clients below.
The rest of this page covers the MCP server itself: tool list, OAuth, per-client setup, error codes. If you're picking a coding agent, the per-agent guides above are a shorter path.
What your agent can do
A tool per major action, split across 8 surfaces. Read-only tools are marked (read) below. Tools that change publicly-visible internet state carry openWorldHint: true so the client can prompt for confirmation.
Workspaces & apps
list_workspaces, list_teams, list_apps, create_app, get_app,
update_app, delete_app.
Deployments
create_deployment, list_deployments, get_deployment,
promote_deployment, rollback_deployment, delete_deployment,
get_deployment_logs.
Channels
list_channels, create_channel, delete_channel, get_channel.
Custom domains
add_custom_domain, list_custom_domains, verify_custom_domain,
remove_custom_domain.
Redirects + env
set_redirect, list_redirects, remove_redirect, set_env_var,
list_env_vars, remove_env_var.
Grants & access
add_grant, list_grants, remove_grant, set_visibility,
set_password_gate, set_share_link.
Server-side files (no-egress clients)
create_file, edit_file, read_file, list_files, delete_file — write
a deploy's files into a server-side draft tree when your client can't upload
blobs directly. See Choosing an upload path.
Choosing an upload path
A deploy needs your files on the server. There are two ways to get them there, and the right one depends on whether your client's environment can make outbound HTTPS requests directly to api.vibehost.com — not on whether it has a local filesystem.
The normal path uploads file bytes by PUTting them straight to api.vibehost.com (via short-lived signed URLs), outside the MCP channel, then deploys a manifest. That's faster and dedupes content across deploys — use it whenever you can reach the API:
- Hash your files and call
request_uploadto mint signed upload URLs. - PUT each blob to its URL.
- Deploy with the manifest.
But some clients can't make that direct PUT — a sandbox with no network egress, or a chat client like ChatGPT whose only channel to VibeHost is the MCP tool call itself. For those, write the files server-side with the draft-tree tools, then deploy with no manifest:
create_file(appId, path, content)— write or overwrite a whole file (POSIX-relativepath, e.g.index.html; content capped at 1 MB/file).edit_file(appId, path, oldString, newString, replaceAll?)— exact-string replacement (fails ifoldStringis absent, or occurs more than once withoutreplaceAll).read_file/list_files— inspect the draft tree.delete_file— remove a file from it.
Then deploy with no manifest — the server assembles it from the draft tree. The draft persists after deploy, so you can edit_file and re-deploy incrementally. Writing a draft requires the same deployer grant as deploying.
The decision is network reachability, not filesystem: an agent that has files on disk but no egress to
api.vibehost.comstill belongs on the draft path.
Endpoints
| What | URL |
|---|---|
| MCP server | https://api.vibehost.com/mcp |
| OAuth 2.1 authz server metadata (RFC 8414) | https://api.vibehost.com/.well-known/oauth-authorization-server |
| Protected resource metadata (RFC 9728) | https://api.vibehost.com/.well-known/oauth-protected-resource/mcp |
| Dynamic client registration (RFC 7591) | https://api.vibehost.com/api/v1/oauth/register |
Transport: Streamable HTTP (the MCP spec's recommended transport since 2025-06).
Authentication
OAuth 2.1 authorization-code flow with mandatory PKCE (S256). The first time your agent connects:
- Agent calls
/.well-known/oauth-protected-resource/mcpto discover the authz server. - Agent registers itself dynamically at
/api/v1/oauth/register(no client secret needed for public clients). - Agent kicks off the auth code flow with PKCE.
- You approve in browser; agent gets an access token.
- Access token is 60 minutes, refresh token is 30 days with single-use rotation and reuse detection.
Token audience is bound to https://api.vibehost.com/mcp via RFC 8707, so a token minted for VibeHost won't be accepted by another resource server.
Coding agents (recommended)
These have native MCP, run in your editor / terminal, and can ALSO call the vibehost CLI directly when scripted control beats tool-calling. Each has a dedicated guide with the recommended setup.
Chat clients (MCP-only)
These don't have a CLI channel — MCP is the only way to drive VibeHost from them. Setup is one URL each.
Other MCP-compatible clients
Continue, Cline, Roo Code, Devin, Zed, Aider, Amazon Q, VS Code (Copilot Chat), JetBrains AI Assistant, Raycast, Warp, OpenClaw (chat-app gateway), and anything else that speaks MCP — point it at https://api.vibehost.com/mcp. Native custom-scheme redirects (claude-desktop:, cursor:, vscode:, windsurf:, raycast:, etc.) are pre-allowlisted, so OAuth lands cleanly without extra config.
Permissions
Tool calls run through the same per-app permissions the dashboard uses. The OAuth token represents you; the agent can only do what you can do.
viewergrant → read-only tools workdeployergrant → also deploy, promote, rollbackadmingrant → also manage settings + grants
Tools that change public state (create_deployment, add_custom_domain, set_password_gate, etc.) carry openWorldHint: true so well-behaved clients prompt you before calling.
Privacy
The MCP server adds no extra data store. Every tool call:
- Authenticates against the same user/token records as the dashboard.
- Audit-logs the same way (operation, actor, resource, outcome).
- Hashes OAuth refresh tokens at rest.
Tools that touch third-party services (add_grant invites via Resend; verify_custom_domain uses public DNS resolvers) declare openWorldHint: true.
See VibeHost privacy — same policy applies.
Tools → CLI cheatsheet
Every MCP tool maps 1:1 to a CLI command. Useful for "what would this prompt actually do?":
| MCP tool | CLI equivalent | Read/Write |
|---|---|---|
list_workspaces | vibehost workspace ls | read |
list_teams | vibehost team ls | read |
list_apps | vibehost app ls | read |
create_app | vibehost app create | write |
get_app | vibehost app inspect | read |
update_app | vibehost app update (rare) | write |
delete_app | vibehost app delete --force | destructive |
create_deployment | vibehost deploy | write, open-world |
list_deployments | (no direct CLI; use dashboard) | read |
get_deployment | (no direct CLI; use dashboard) | read |
promote_deployment | vibehost promote <id> | write, open-world |
rollback_deployment | vibehost rollback | write, open-world |
delete_deployment | (rare; admin only) | destructive |
get_deployment_logs | vibehost logs | read |
list_channels | vibehost channel ls | read |
create_channel | (implicit via deploy --channel) | write |
delete_channel | vibehost channel delete | destructive |
add_custom_domain | vibehost domain add | write, open-world |
verify_custom_domain | vibehost domain verify | write |
remove_custom_domain | vibehost domain remove | destructive |
set_env_var | vibehost env set | write |
list_env_vars | vibehost env ls | read |
remove_env_var | vibehost env rm | write |
set_redirect | vibehost redirects add | write |
list_redirects | vibehost redirects ls | read |
remove_redirect | vibehost redirects remove | write |
add_grant | vibehost app grants add-{team,email} | write |
list_grants | vibehost app grants ls | read |
remove_grant | vibehost app grants remove-{team,email} | write |
set_visibility | vibehost app visibility | write, open-world |
set_password_gate | vibehost app password set | write |
clear_password_gate | vibehost app password clear | write |
create_share_link | vibehost app share-link create | write |
list_share_links | vibehost app share-link ls | read |
revoke_share_link | vibehost app share-link revoke | write |
Example prompts
Once connected, you can talk to your agent in natural language. The agent picks the right tool(s).
| What you say | What runs |
|---|---|
"Deploy ./dist to a new app called my-blog" | create_app + create_deployment |
| "What apps do I have?" | list_apps |
| "Tell me about my-site" | get_app (full inspect — runtime, visibility, channels, grants) |
| "Make my-site public" | set_visibility(public) |
| "Add reviewer@acme.com as a viewer on my-site" | add_grant(email, viewer) |
| "Roll back my-site" | rollback_deployment (production by default) |
| "Add www.example.com to my-site" | add_custom_domain + prints CNAME instructions |
| "Verify www.example.com" | verify_custom_domain |
| "Mint a share link for my-site valid 7 days" | create_share_link(expires: 7d) |
| "Set DATABASE_URL on my-app to ..." | set_env_var (target: runtime) |
| "Show me the latest logs for my-app" | get_deployment_logs |
For destructive operations (delete_app, delete_channel, delete_deployment), well-behaved clients prompt you to confirm before calling. The destructiveHint: true annotation is part of the tool definition.
Confirmation prompts — what gets asked
Tools annotated openWorldHint: true change publicly-visible state and should trigger a confirmation in your MCP client. Whether they do depends on the client:
- Claude Desktop / Claude Code — always prompts for destructive + open-world tools. Configurable per-session ("always allow").
- Cursor — prompts on first use; remembers per-tool.
- ChatGPT connectors — prompts on first call; user can mark as "trusted".
- Codex / programmatic clients — depends on host; some skip confirmation by design (assume agent autonomy is OK).
If you're scripting against MCP and don't want a human in the loop, use a PAT against the REST API instead. Tools are just convenience wrappers around the same endpoints.
Common errors
| Error | What it means | Fix |
|---|---|---|
Bearer token required | Token expired or never auth'd | Restart MCP client to re-trigger OAuth |
Tool '<name>' not found | Old MCP client schema | Update the MCP client |
FORBIDDEN on a write tool | OAuth user lacks role on the target app | Ask an admin to grant deployer (or higher) |
TARBALL_INVALID from create_deployment | Build dir missing index.html or violates tarball rules | Verify build output; check size caps |
See also
- For a programmatic alternative without OAuth, see Personal access tokens — a PAT drives the same REST surface over HTTP.
Deploy from Grok Build — VibeHost MCP + CLI Setup
Deploy to a live URL from xAI's Grok Build CLI. Connect via MCP server (OAuth, interactive) or the vibehost CLI (scripted, PAT). Set up in under a minute.
Personal access tokens
Long-lived bearer tokens for CI and external integrations. Scoped per resource group, scoped per workspace.