Documentation
Everything you need to deploy and manage your applications on HostStack.
MCP Server
Connect Claude, Cursor, and any other MCP-capable agent to your HostStack team. 31 tools cover projects, services, deploys, databases, domains, env vars, cron, runtime and build logs, and the team activity audit.
Two ways to run it
Hosted — point your client at https://hoststack.dev/api/mcp with a Bearer API key. Nothing to install.
Local stdio — npx -y @hoststack.dev/mcp runs the same server on your machine and talks JSON-RPC over stdin/stdout. Identical tool surface; no telemetry sent back.
Get an API key
Open /dashboard/settings/api-keys and create a key with full_access permission. The key is bound to a single team, so agents never need to pass teamId — every tool call operates on that team automatically.
Wire it into your client
Claude Desktop
Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"hoststack": {
"command": "npx",
"args": ["-y", "@hoststack.dev/mcp"],
"env": {
"HOSTSTACK_API_KEY": "hs_live_..."
}
}
}
}Cursor
Edit ~/.cursor/mcp.json or use Settings → MCP:
{
"hoststack": {
"command": "npx",
"args": ["-y", "@hoststack.dev/mcp"],
"env": {
"HOSTSTACK_API_KEY": "hs_live_..."
}
}
}Claude Code
claude mcp add hoststack -- npx -y @hoststack.dev/mcp -e HOSTSTACK_API_KEY=hs_live_...Hosted (any client)
POST https://hoststack.dev/api/mcp
Authorization: Bearer hs_live_...
Content-Type: application/jsonThe endpoint speaks the streamable-HTTP MCP transport. Stateless — every request is independent; no session bookkeeping.
Generate config snippets
The CLI knows the shape each client expects, so you don't have to memorise it:
npx @hoststack.dev/mcp --print-config claude-desktop
npx @hoststack.dev/mcp --print-config cursor
npx @hoststack.dev/mcp --print-config claude-codeIf HOSTSTACK_API_KEY is set in your shell, it gets baked into the snippet; otherwise you'll see a placeholder.
Tool inventory
projectsservicesdeploysdatabasesdomainsenv-varscronactivity-logmetaDesign notes
- Key-based env-var ops.
set_env_varanddelete_env_vartake a key, not an ID — the MCP looks up the existing var by key first, then patches or deletes. - Secret values stay masked.
list_env_varsreturns••••••for any row stored as a secret. Masking happens on the API server, so secrets never reach the agent. - Logs are snapshots.
get_service_logsandget_deploy_logsreturn a tail (default 200 lines, max 1000); re-call to get newer entries. For live tails, use the dashboard's logs page. - No destructive cascade tools.
delete_project,delete_service, andcreate_serviceare dashboard-only — too risky / too complex for v0.x.
Telemetry
When you use the hosted transport, we record one row per tool call: tool name, duration, ok/error, and a non-reversible hash of the input args — never the args themselves. Used for the analytics page and on-call alerts on tool error spikes. Retained 30 days, then deleted by a daily cron.
The local stdio install records nothing on our side. Set HOSTSTACK_MCP_TRACE=1 to emit NDJSON traces to your own stderr for local debugging.
Environment variables
HOSTSTACK_API_KEY — required. hs_live_… for prod, hs_test_… for the test team.HOSTSTACK_BASE_URL — optional override. Default https://hoststack.dev.HOSTSTACK_MCP_TRACE — set to 1 for NDJSON per-tool-call traces on stderr.