Skip to main content
slipway ships a first-party Model Context Protocol server, so AI coding agents (Claude Code, Claude Desktop, Cursor, …) can drive your environments directly. An agent can bring up an isolated environment from a branch, get a live URL, read logs, run commands to verify its work, check how much capacity you have left, then tear it down — the verification loop agents otherwise lack. The server is read-and-write and role-gated: every token carries a role, and each tool requires a minimum role.

Create a token

In the console, go to Settings → MCP (admin only) and choose New token. Give it a name, pick a role, and optionally an expiry. The token is shown once, right after you create it — copy it then. If you lose it, revoke it and make a new one. Tokens are scoped to a single organization and can be revoked at any time from the same page.

Connect your agent

The endpoint is https://<your-slipway-host>/mcp. For Claude Code:
claude mcp add --transport http slipway https://<your-slipway-host>/mcp \
  --header "Authorization: Bearer YOUR_TOKEN"
For Cursor or Claude Desktop, add an HTTP MCP server with the same URL and an Authorization: Bearer YOUR_TOKEN header.

Roles

A token’s role caps what its agent can do. Each tool requires at least the role shown.
RoleCan do
viewerRead environments, deployments, logs, events, repos, specs, and usage.
developerEverything a viewer can, plus bring up instances, deploy/redeploy, cancel, tear down, and run commands in a container.
adminEverything, plus writing variables and secrets.
Give an agent the lowest role that lets it do its job — a read-only agent that just inspects builds only needs viewer.

What an agent can do

The tools group into four areas:
  • Capacityget_usage (plan + environments / concurrent deployments / seats / storage, each used vs. cap) and check_capacity (can I start another environment right now?). Agents should check these before bringing things up so they don’t hit your concurrency cap.
  • Read — list and inspect environments, deployments, logs, and repositories; read a repo’s resolved spec.
  • Lifecycle — bring up a fresh instance from a branch, wait for it to go healthy, redeploy, cancel, and tear down.
  • Exec — run a command in a running service and capture its output (for example, run your tests).
  • Config — set variables and secrets.

Security

  • Tokens are stored hashed; the plaintext only exists at create time.
  • Every tool is scoped to the token’s organization — an agent can never reach another org’s data.
  • The exec and secret-writing tools are powerful (arbitrary commands in your pods; secret values). Keep tokens to the minimum role, prefer short expiries for shared machines, and revoke anything you’re unsure about.