Shipeasy

MCP server

Hand the docs and tools to Claude Code, Cursor, Windsurf, or any MCP-compatible AI assistant — and let it do the boring setup for you.

Production readyOn this page · 7 min readUpdated · May 3, 2026Works with · Claude Code · Cursor · Windsurf · any MCP client

Shipeasy ships an MCP (Model Context Protocol) server: @shipeasy/mcp. Plug it into your AI coding assistant and the agent gains a typed toolkit for inspecting and changing your Shipeasy project — plus prompts that walk it through complete onboarding flows.

The MCP server is the same surface as the CLI, exposed as JSON-Schema-typed tools instead of argv. That distinction matters: a typed tool is much harder for an LLM to misuse than a free-form CLI invocation.

Install

The CLI patches the right config file for whichever assistants you use:

zsh
$

shipeasy mcp install

? Which assistants? › Claude Code, Cursor ✔ Wrote ~/.claude/settings.json ✔ Wrote .cursor/mcp.json MCP server registered. Restart your AI assistant to pick it up.

After install, restart your assistant. The new MCP server appears under its tool list as shipeasy.

Manual config

If your client isn't auto-detected, or you prefer to write the config yourself:

~/.claude/settings.json (Claude Code)
{
  "mcpServers": {
    "shipeasy": {
      "command": "npx",
      "args": ["-y", "@shipeasy/mcp@latest"]
    }
  }
}
.cursor/mcp.json (Cursor)
{
  "mcpServers": {
    "shipeasy": {
      "command": "npx",
      "args": ["-y", "@shipeasy/mcp@latest"]
    }
  }
}
.windsurf/mcp.json (Windsurf)
{
  "mcpServers": {
    "shipeasy": {
      "command": "npx",
      "args": ["-y", "@shipeasy/mcp@latest"]
    }
  }
}

For any other MCP-compatible client, write the same block to whatever config file it reads.

The MCP server uses your CLI credentials

There are no environment variables to set. Run shipeasy login once and the MCP server picks up ~/.shipeasy/credentials on every tool call. No second auth flow, no shared tokens, no secrets in mcp.json.

Why typed tools beat free-form

A CLI is great for a human — short flags, terse output, easy to chain. For an LLM, a CLI is a parsing hazard. The agent has to remember the flag spelling, escape JSON correctly, and interpret the textual response.

A typed MCP tool flips that. Each tool is a named function with a JSON-Schema parameter object. The agent sees the schema, fills it, and gets a structured response back. Misuse — wrong types, missing required fields, unsupported flags — is caught at the protocol layer, not by the CLI's argv parser.

That's why the MCP server is the recommended surface for any AI-driven setup. The CLI is for humans and CI.

Tool inventory

The MCP server exposes ~30 tools, grouped by area. The agent sees them as mcp__shipeasy__<name>.

Every row is a tool the agent can call as mcp__shipeasy__<name> — these tables just name each one and say what it does.

Auth & project

Tool
What it does
auth_check
Returns { authenticated, project_id, user_email }.
auth_login
Triggers shipeasy login — asks the human to click.
auth_logout
Wipes credentials.
detect_project
Detects framework, source root, loader script presence, SDK install status.

Inspection

Tool
What it does
list_resources
List flags, configs, experiments, profiles, keys — everything in the project.
get_resource
Fetch a single resource by name.
get_sdk_snippet
Returns a copy-pasteable SDK init snippet for the detected framework.

Flags & experiments

Tool
What it does
exp_create_gate
Create a feature flag.
exp_create_config
Create a dynamic config.
exp_create_experiment
Create an experiment with a universe and group spec.
exp_start_experiment
Move from draftrunning.
exp_stop_experiment
Move to stopped.
exp_experiment_status
Latest results — lift, p-value, CI per metric per group.

i18n (Polylang)

Tool
What it does
i18n_discover_site
Read the /.well-known/i18n.json manifest from a deployed site.
i18n_install_loader
Generate the loader <script> tag and create a client key.
i18n_scan_code
Find candidate translatable strings in source.
i18n_codemod_preview
Dry-run the JSX literal codemod and show diffs.
i18n_codemod_apply
Apply the codemod — wraps JSX literals with t().
i18n_create_profile
Create a locale:env profile.
i18n_create_key
Create a single key on a profile.
i18n_push_keys
Sync codemod-discovered keys to the dashboard.
i18n_translate_draft
Generate a translation draft via the configured AI provider.
i18n_validate_keys
Fail if any code reference is missing from a profile.
i18n_publish_profile
Push to KV — live in seconds.

Onboarding prompts

The MCP server bundles long-form prompts you can invoke with /mcp:shipeasy:<prompt>:

Practical example

Open Claude Code in a fresh React project and say:

Use the Shipeasy MCP to onboard this project to translations. Use en as the source locale.

The agent will:

Detect the project

Calls mcp__shipeasy__detect_project to learn the framework, source root, and SDK install status.

Check auth

Calls mcp__shipeasy__auth_check. If you're not logged in, prompts you to run shipeasy login in a real terminal.

Install the loader

Calls mcp__shipeasy__i18n_install_loader with the right framework hint. Creates a client key, writes the script tag.

Preview & apply the codemod

Calls mcp__shipeasy__i18n_codemod_preview to show diffs. Asks for your approval. Calls mcp__shipeasy__i18n_codemod_apply.

Push & publish

Calls mcp__shipeasy__i18n_push_keys then mcp__shipeasy__i18n_publish_profile. New copy is live within seconds.

The whole flow takes a few minutes and the only thing you click is the browser confirmation during login. For the canonical step-by-step the agent follows, see LLM Guides → String Manager.

Auth model (local server)

The @shipeasy/mcp server above runs locally — launched as a subprocess of your AI assistant over stdio. It reads ~/.shipeasy/credentials on every tool call — the same file the CLI writes. There are three implications worth knowing:

  1. One login covers everything. Run shipeasy login once on your machine, and every MCP tool in every assistant is authenticated.
  2. Refresh happens transparently. If the access token has expired, the MCP server refreshes it before the tool call — same behaviour as the CLI.
  3. Tokens never appear in MCP config. Your mcp.json only contains the launcher command. Stealing the config gives an attacker nothing.

Hosted MCP server

We also run a hosted, remote MCP server on Cloudflare — no npx, no local subprocess, no credentials file. It speaks JSON-RPC over Streamable HTTP at:

https://slack.shipeasy.ai/mcp

This is the server behind Shipeasy in Slack — it powers Slack's built-in AI assistant ("MCP Server Connection") and the @Shipeasy bot. It exposes the flags / configs / kill-switch / experiment tools (exp_*), scoped to the Shipeasy project your Slack workspace is connected to.

It authenticates you by your Slack identity — there is no token to paste

The hosted server is designed for an MCP client that can vouch for who you are (Slack does this). You don't put a key in any config; the client injects your verified identity and the server maps it to your Shipeasy account.

How auth works

Discovery is open; acting is gated. initialize, ping, and tools/list answer without auth so a client can connect and enumerate tools. Every tools/call runs through the full chain:

Tool
What it does
1 · Signed request
The request must carry a valid Slack v0 signature (X-Slack-Signature + X-Slack-Request-Timestamp), verified against the app's signing secret. Unsigned tool calls are rejected.
2 · Workspace → project
Your Slack team_id (from _meta.slack) is resolved to the Shipeasy project via the workspace's Slack connector. No connector → no access.
3 · You → member
Your Slack user_id is resolved to your email (Slack users:read.email), and that email must be a member of the project. Non-members get a clear “ask an admin to invite you” — never silent access.

Every action then runs as that verified member against the admin API, which re-checks membership — so the service can only ever act as someone who is genuinely on the project.

Connecting to it

You don't configure this endpoint by hand. Add the Shipeasy app to your Slack workspace and connect the Slack connector in the dashboard; Slack then talks to https://slack.shipeasy.ai/mcp for you (Slack App → MCP Server Connection, auth type Slack identity). See the Slack integration guide for the workspace setup.

This endpoint is not a drop-in for Claude Code / Cursor

The hosted server trusts Slack's injected identity, so a generic MCP client that can't present a Slack-signed identity can reach discovery but every tools/call will fail the signature gate. For coding assistants, use the local @shipeasy/mcp server above — it covers the full ~30-tool surface against your CLI login.

Remote server for coding assistants (OAuth)

For Claude Code, Cursor, and claude.ai connectors we also run a remote MCP server with OAuth 2.1 — no npx, no local subprocess, no credentials file. It exposes the full ~30-tool admin surface (not just the Slack exp_* subset) over Streamable HTTP at:

https://mcp.shipeasy.ai/mcp

Add it as an HTTP MCP server in your assistant's mcp.json:

.mcp.json
{
  "mcpServers": {
    "shipeasy": {
      "type": "http",
      "url": "https://mcp.shipeasy.ai/mcp"
    }
  }
}

How auth works

When the assistant first calls a tool, the server answers with a 401 + WWW-Authenticate challenge and the client opens your browser. You sign in, pick the project to authorize, and approve with one click. From then on:

  1. You stay signed in. The access token lasts 24 hours and is refreshed silently in the background via a 30-day refresh token — an actively-used machine effectively never re-logs in. You're only sent back through the browser after ~30 days of not using it, or if you revoke the grant.
  2. Re-auth is automatic. When a token expires (or you revoke access), the very next tool call gets a fresh 401 challenge, so the client refreshes or re-runs the flow on its own — you don't run any command by hand.
  3. Membership is re-checked on every call. The grant records who you are; the admin API re-verifies your access to the target project on each request, so losing project access cuts you off immediately, regardless of token lifetime.

Targeting a specific project

The project you pick at consent time is the connection's default. To point a connection at a specific project by UUID — e.g. one mcp.json per repo, each bound to its own project — add an X-Project-Id header. No re-authorization is needed; the same login works across every project you're a member of:

.mcp.json
{
  "mcpServers": {
    "shipeasy": {
      "type": "http",
      "url": "https://mcp.shipeasy.ai/mcp",
      "headers": {
        "X-Project-Id": "8f3c1e20-…-your-project-uuid"
      }
    }
  }
}

The header only selects which project each call acts on — it is not a credential. The admin API still re-checks that your authenticated identity is a member of that project, so a header pointing at a project you can't reach is rejected.

List-before-create guard (optional)

A common agent failure is creating a duplicate flag/metric/experiment because it didn't check whether one already exists. The list-before-create guard forces the check: with it on, a *_create is refused unless it carries a fresh listToken that its sibling *_list just handed out (valid ~10 min). It's off by default on the hosted server; shipeasy setup writes it disabled and annotated so you can flip it on per connection:

.mcp.json
{
  "mcpServers": {
    "shipeasy": {
      "type": "http",
      "url": "https://mcp.shipeasy.ai/mcp",
      "//list-guard": "Set X-Shipeasy-List-Guard to \"on\" to require a *_list before each *_create.",
      "headers": {
        "X-Project-Id": "8f3c1e20-…-your-project-uuid",
        "X-Shipeasy-List-Guard": "on"
      }
    }
  }
}

(//list-guard is a JSON-safe note key — strict JSON has no // comments — placed beside headers, never inside it, so it's never sent as an HTTP header.) The local @shipeasy/mcp stdio server has the same guard on by default, toggled instead via env (SHIPEASY_MCP_LIST_GUARD=off, window SHIPEASY_MCP_LIST_GUARD_WINDOW_MINUTES).

Troubleshooting

Tool calls return `not authenticated`

Run shipeasy login in a real terminal. The MCP server reads the same credentials file the CLI writes. If the CLI sees you as logged in (shipeasy whoami) but the MCP server doesn't, your assistant is launching with a stripped env — set HOME explicitly in your mcp.json block.

Tool calls return `project not detected`

Pass an explicit --project <id> to shipeasy login, or set SHIPEASY_PROJECT_ID=<id> before launching your AI assistant. Some agents inherit env from the launcher, others don't.

Tool list is empty after install

Restart the AI assistant. MCP servers are loaded at process start; editing mcp.json while the assistant is running has no effect.

NEXT

Tell the agent who your users are.

The richer your attributes, the more precise your targeting and analysis. Most teams under-invest here on day one and regret it.

Install the MCP
$shipeasy mcp install
Confirm auth
$shipeasy whoami
Was this page helpful?
✎ Edit this page

On this page