VibeHost
Guides

MCP Server — Connect Any Coding Agent or Chat Client

Wire any MCP-compatible client to VibeHost. The MCP server is the path for coding agents (Claude Code, Codex, Cursor, Antigravity, Grok Build) and chat clients (ChatGPT, Claude Desktop) that don't have a native CLI tool channel.

VibeHost ships a remote Model Context Protocol server at https://api.vibehost.com/mcp. Any MCP-compatible client can connect and gain a tool surface for the entire platform.

Where MCP fits

VibeHost has two integration channels. Pick based on what's driving the work:

  • Coding agents sit in your editor / terminal. They get the smoothest experience: native MCP support plus the ability to shell out to the vibehost CLI directly when scripted control beats tool calls. Ten first-class integrations, each with its own guide:
  • Chat clients (ChatGPT, Claude Desktop) don't have a CLI channel. They reach VibeHost only through MCP. Setup is one URL — see Chat clients below.

The rest of this page covers the MCP server itself: tool list, OAuth, per-client setup, error codes. If you're picking a coding agent, the per-agent guides above are a shorter path.

What your agent can do

A tool per major action, split across 8 surfaces. Read-only tools are marked (read) below. Tools that change publicly-visible internet state carry openWorldHint: true so the client can prompt for confirmation.

Workspaces & apps

list_workspaces, list_teams, list_apps, create_app, get_app, update_app, delete_app.

Deployments

create_deployment, list_deployments, get_deployment, promote_deployment, rollback_deployment, delete_deployment, get_deployment_logs.

Channels

list_channels, create_channel, delete_channel, get_channel.

Custom domains

add_custom_domain, list_custom_domains, verify_custom_domain, remove_custom_domain.

Redirects + env

set_redirect, list_redirects, remove_redirect, set_env_var, list_env_vars, remove_env_var.

Grants & access

add_grant, list_grants, remove_grant, set_visibility, set_password_gate, set_share_link.

Server-side files (no-egress clients)

create_file, edit_file, read_file, list_files, delete_file — write a deploy's files into a server-side draft tree when your client can't upload blobs directly. See Choosing an upload path.

Choosing an upload path

A deploy needs your files on the server. There are two ways to get them there, and the right one depends on whether your client's environment can make outbound HTTPS requests directly to api.vibehost.com — not on whether it has a local filesystem.

The normal path uploads file bytes by PUTting them straight to api.vibehost.com (via short-lived signed URLs), outside the MCP channel, then deploys a manifest. That's faster and dedupes content across deploys — use it whenever you can reach the API:

  1. Hash your files and call request_upload to mint signed upload URLs.
  2. PUT each blob to its URL.
  3. Deploy with the manifest.

But some clients can't make that direct PUT — a sandbox with no network egress, or a chat client like ChatGPT whose only channel to VibeHost is the MCP tool call itself. For those, write the files server-side with the draft-tree tools, then deploy with no manifest:

  • create_file(appId, path, content) — write or overwrite a whole file (POSIX-relative path, e.g. index.html; content capped at 1 MB/file).
  • edit_file(appId, path, oldString, newString, replaceAll?) — exact-string replacement (fails if oldString is absent, or occurs more than once without replaceAll).
  • read_file / list_files — inspect the draft tree.
  • delete_file — remove a file from it.

Then deploy with no manifest — the server assembles it from the draft tree. The draft persists after deploy, so you can edit_file and re-deploy incrementally. Writing a draft requires the same deployer grant as deploying.

The decision is network reachability, not filesystem: an agent that has files on disk but no egress to api.vibehost.com still belongs on the draft path.

Endpoints

WhatURL
MCP serverhttps://api.vibehost.com/mcp
OAuth 2.1 authz server metadata (RFC 8414)https://api.vibehost.com/.well-known/oauth-authorization-server
Protected resource metadata (RFC 9728)https://api.vibehost.com/.well-known/oauth-protected-resource/mcp
Dynamic client registration (RFC 7591)https://api.vibehost.com/api/v1/oauth/register

Transport: Streamable HTTP (the MCP spec's recommended transport since 2025-06).

Authentication

OAuth 2.1 authorization-code flow with mandatory PKCE (S256). The first time your agent connects:

  1. Agent calls /.well-known/oauth-protected-resource/mcp to discover the authz server.
  2. Agent registers itself dynamically at /api/v1/oauth/register (no client secret needed for public clients).
  3. Agent kicks off the auth code flow with PKCE.
  4. You approve in browser; agent gets an access token.
  5. Access token is 60 minutes, refresh token is 30 days with single-use rotation and reuse detection.

Token audience is bound to https://api.vibehost.com/mcp via RFC 8707, so a token minted for VibeHost won't be accepted by another resource server.

These have native MCP, run in your editor / terminal, and can ALSO call the vibehost CLI directly when scripted control beats tool-calling. Each has a dedicated guide with the recommended setup.

Chat clients (MCP-only)

These don't have a CLI channel — MCP is the only way to drive VibeHost from them. Setup is one URL each.

Other MCP-compatible clients

Continue, Cline, Roo Code, Devin, Zed, Aider, Amazon Q, VS Code (Copilot Chat), JetBrains AI Assistant, Raycast, Warp, OpenClaw (chat-app gateway), and anything else that speaks MCP — point it at https://api.vibehost.com/mcp. Native custom-scheme redirects (claude-desktop:, cursor:, vscode:, windsurf:, raycast:, etc.) are pre-allowlisted, so OAuth lands cleanly without extra config.

Permissions

Tool calls run through the same per-app permissions the dashboard uses. The OAuth token represents you; the agent can only do what you can do.

  • viewer grant → read-only tools work
  • deployer grant → also deploy, promote, rollback
  • admin grant → also manage settings + grants

Tools that change public state (create_deployment, add_custom_domain, set_password_gate, etc.) carry openWorldHint: true so well-behaved clients prompt you before calling.

Privacy

The MCP server adds no extra data store. Every tool call:

  • Authenticates against the same user/token records as the dashboard.
  • Audit-logs the same way (operation, actor, resource, outcome).
  • Hashes OAuth refresh tokens at rest.

Tools that touch third-party services (add_grant invites via Resend; verify_custom_domain uses public DNS resolvers) declare openWorldHint: true.

See VibeHost privacy — same policy applies.

Tools → CLI cheatsheet

Every MCP tool maps 1:1 to a CLI command. Useful for "what would this prompt actually do?":

MCP toolCLI equivalentRead/Write
list_workspacesvibehost workspace lsread
list_teamsvibehost team lsread
list_appsvibehost app lsread
create_appvibehost app createwrite
get_appvibehost app inspectread
update_appvibehost app update (rare)write
delete_appvibehost app delete --forcedestructive
create_deploymentvibehost deploywrite, open-world
list_deployments(no direct CLI; use dashboard)read
get_deployment(no direct CLI; use dashboard)read
promote_deploymentvibehost promote <id>write, open-world
rollback_deploymentvibehost rollbackwrite, open-world
delete_deployment(rare; admin only)destructive
get_deployment_logsvibehost logsread
list_channelsvibehost channel lsread
create_channel(implicit via deploy --channel)write
delete_channelvibehost channel deletedestructive
add_custom_domainvibehost domain addwrite, open-world
verify_custom_domainvibehost domain verifywrite
remove_custom_domainvibehost domain removedestructive
set_env_varvibehost env setwrite
list_env_varsvibehost env lsread
remove_env_varvibehost env rmwrite
set_redirectvibehost redirects addwrite
list_redirectsvibehost redirects lsread
remove_redirectvibehost redirects removewrite
add_grantvibehost app grants add-{team,email}write
list_grantsvibehost app grants lsread
remove_grantvibehost app grants remove-{team,email}write
set_visibilityvibehost app visibilitywrite, open-world
set_password_gatevibehost app password setwrite
clear_password_gatevibehost app password clearwrite
create_share_linkvibehost app share-link createwrite
list_share_linksvibehost app share-link lsread
revoke_share_linkvibehost app share-link revokewrite

Example prompts

Once connected, you can talk to your agent in natural language. The agent picks the right tool(s).

What you sayWhat runs
"Deploy ./dist to a new app called my-blog"create_app + create_deployment
"What apps do I have?"list_apps
"Tell me about my-site"get_app (full inspect — runtime, visibility, channels, grants)
"Make my-site public"set_visibility(public)
"Add reviewer@acme.com as a viewer on my-site"add_grant(email, viewer)
"Roll back my-site"rollback_deployment (production by default)
"Add www.example.com to my-site"add_custom_domain + prints CNAME instructions
"Verify www.example.com"verify_custom_domain
"Mint a share link for my-site valid 7 days"create_share_link(expires: 7d)
"Set DATABASE_URL on my-app to ..."set_env_var (target: runtime)
"Show me the latest logs for my-app"get_deployment_logs

For destructive operations (delete_app, delete_channel, delete_deployment), well-behaved clients prompt you to confirm before calling. The destructiveHint: true annotation is part of the tool definition.

Confirmation prompts — what gets asked

Tools annotated openWorldHint: true change publicly-visible state and should trigger a confirmation in your MCP client. Whether they do depends on the client:

  • Claude Desktop / Claude Code — always prompts for destructive + open-world tools. Configurable per-session ("always allow").
  • Cursor — prompts on first use; remembers per-tool.
  • ChatGPT connectors — prompts on first call; user can mark as "trusted".
  • Codex / programmatic clients — depends on host; some skip confirmation by design (assume agent autonomy is OK).

If you're scripting against MCP and don't want a human in the loop, use a PAT against the REST API instead. Tools are just convenience wrappers around the same endpoints.

Common errors

ErrorWhat it meansFix
Bearer token requiredToken expired or never auth'dRestart MCP client to re-trigger OAuth
Tool '<name>' not foundOld MCP client schemaUpdate the MCP client
FORBIDDEN on a write toolOAuth user lacks role on the target appAsk an admin to grant deployer (or higher)
TARBALL_INVALID from create_deploymentBuild dir missing index.html or violates tarball rulesVerify build output; check size caps

See also

  • For a programmatic alternative without OAuth, see Personal access tokens — a PAT drives the same REST surface over HTTP.

On this page