VibeHost MCP Server

VibeHost is a hosting platform built for coding agents. The Model Context Protocol (MCP) server lets a connected AI agent — Claude Desktop, ChatGPT, Cursor, Claude Code, Codex, Windsurf, and others — deploy your sites, manage releases, and inspect logs through 46 tools.

What it does

VibeHost ships a remote MCP server that any MCP-compatible agent can connect to. Once authorised, the agent can create apps, push deployments (tarball over signed URL), promote between channels, roll back, manage custom domains and redirects, stream container logs, gate apps with passwords or share links, and grant per-app or per-team access. Every action runs through the same OAuth-bound permissions the dashboard uses — agents only see what the signing user can see.

Endpoints

• MCP server: https://api.vibehost.com/mcp — Streamable HTTP transport (the spec's recommended transport since 2025-06).
• OAuth 2.1 authorization server metadata: https://api.vibehost.com/.well-known/oauth-authorization-server(RFC 8414).
• Protected resource metadata: https://api.vibehost.com/.well-known/oauth-protected-resource/mcp(RFC 9728).
• Dynamic client registration: https://api.vibehost.com/api/v1/oauth/register (RFC 7591) — new agents self-register on first connect.

Authentication

OAuth 2.1 authorization-code flow with mandatory PKCE (S256). Agents request the mcp scope, plus offline_accessif they need a refresh token. Access tokens are 60 minutes; refresh tokens are 30 days with single-use rotation and reuse detection (if the same refresh token is used twice, the entire chain for that client is revoked). Token audience is bound to https://api.vibehost.com/mcp via RFC 8707, so a token minted for VibeHost won't be accepted by another resource server.

Public clients (Claude Desktop, Cursor, ChatGPT, Codex, Windsurf, Raycast, Gemini CLI, Continue, Devin, VS Code, and similar native agents) authenticate via dynamic client registration and PKCE — no client secret needed. The accepted redirect-URI schemes are: https://, loopback http://localhost and http://127.0.0.1, plus a fixed set of native-agent custom schemes (claude-desktop:, cursor:,vscode:, windsurf:, raycast:,gemini:, continue:, devin:,claude:, claude-code:, codium:). Confidential clients with a static client_id/secret pair are supported for server-to-server integrations; contact us to provision one.

What your agent can do

The 46 tools split into 8 surfaces. Read-only tools are marked with (read); tools that change publicly visible internet state (deploys, public URLs, custom domains, password gates) carry openWorldHint: true so the client can prompt for confirmation.

Workspaces & apps

• list_workspaces (read) — workspaces the OAuth token can reach.
• list_apps (read), get_app (read) — apps + their metadata.
• create_app, delete_app — provision a new app (private by default) or soft-delete one.
• set_app_visibility — public / workspace / private.

Deploys & releases

• check_blobs_missing (read), request_upload — chunked tarball upload via signed R2 URLs.
• deploy — promote a manifest to a channel. Returns immediately with status: starting; poll get_deployment until healthy.
• get_deployment (read), get_logs (read) — release inspection + container logs.
• request_deployment_download (read) — signed URL to re-download a deployment's tarball (powers vibehost pull).
• get_screenshot (read) — preview image captured by the previewer worker on each healthy deploy.

Channels

• list_channels (read), create_channel.
• promote — takes an existing deployment in one channel and points another channel at the same release bytes (no rebuild). Typical flow: deploy to a preview channel, verify, then promote to production.
• rollback — within a single channel, re-points it at one of that channel's earlier deployments.

Access & sharing

• list_app_grants (read) — who has access (team / email).
• grant_app_email_access, revoke_app_email_access, grant_app_team_access, revoke_app_team_access — viewer / deployer / admin per recipient.
• get_app_password_info (read), set_app_password, clear_app_password — shared password gate on top of visibility.
• list_share_links (read), create_share_link, revoke_share_link — anonymous tokenised URLs with optional TTL.

Custom domains

• list_custom_domains (read), add_custom_domain, verify_custom_domain, remove_custom_domain.
• verify_custom_domain queries public DNS resolvers for your CNAME / TXT records. add_custom_domain and remove_custom_domain change VibeHost's view of the domain. list_custom_domains is read-only.

Redirects

• list_redirect_rules (read), add_redirect_rule, remove_redirect_rule, bulk_import_redirect_rules — per-app redirect / rewrite rules served by Cloudflare Workers.

Team & workspace management

• list_workspace_members (read), remove_workspace_member.
• list_team_members (read), remove_team_member.
• list_workspace_invitations (read), invite_to_workspace, revoke_workspace_invitation.
• list_team_invitations (read), invite_to_team, revoke_team_invitation. Invitation emails are sent via Resend.

Example agent prompts

Once your agent is connected to https://api.vibehost.com/mcp, these prompts work out-of-the-box. The agent calls multiple tools in sequence; you usually don't pick tool names manually.

• “Deploy the contents of ./dist to a new VibeHost app called landing-v2 and give me the URL.”
  → create_app → check_blobs_missing → request_upload → deploy → get_deployment.
• “Share landing-v2 with [email protected] as a deployer.”
  → get_app → grant_app_email_access. (Email grants persist until revoked; for time-bounded access use create_share_link with a TTL instead.)
• “Roll landing-v2 production back to the previous release.”
  → list_channels + get_deployment → rollback.
• “Add the custom domain landing.example.com to landing-v2 and tell me what CNAME I need to set.”
  → add_custom_domain → verify_custom_domain (returns the expected CNAME + TXT records).
• “Show me the last 50 log lines from landing-v2's current production deployment.”
  → list_channels → get_deployment → get_logs.

Read / write capabilities

Read + write. Of the 46 tools, 18 are strictly read-only (everything prefixed list_, get_, check_); the remaining 28 write or change state. The write tools are annotated with destructiveHint (delete / revoke / clear) and openWorldHint (changes publicly visible internet state — deploys, share links, custom domains, password gates) so MCP clients can surface a confirmation prompt before calling.

Data & privacy

See VibeHost's privacy policy — same policy applies to MCP-mediated access. The MCP server stores no additional data: every tool call is authenticated against the same user / token DB rows the dashboard uses, every state change is audit-logged the same way, and OAuth refresh tokens are hashed at rest. Tools that touch third-party services (invitation emails via Resend; DNS lookups against public resolvers for verify_custom_domain) declare openWorldHint: true so clients can warn users.

Support & source

• Support: [email protected]
• Source code (Apache 2.0): github.com/Dcard/VibeHost
• MCP server source: apps/api/src/mcp (every tool's annotation reflects its actual behavior — read / write / destructive / open-world).
• Bug reports + feature requests: GitHub issues .
• Privacy concerns: [email protected]

Last updated: 2026-05-13.