Docs · mcpcall

Quick start

1
Sign up
Open /signup. The first redeemer of FOUNDER is promoted to admin automatically.
2
Create a workspace
One per client or project. The slug becomes the identifier in every MCP tool call.
3
Mint an API key and wire your shell
At /settings/api-keys. Tokens are shown once. Add it to your shell rc — the platform URL is baked into the binary as of 0.1.1:
```
export MCPCALL_API_KEY=mc_live_AbCd1234_xxxxxxxxxxxxxxxx
```

Drop .mcp.json into the client repo

Reference the env var by name — never paste the token literal. .mcp.json is often committed.

{
  "mcpServers": {
    "mcpcall": {
      "command": "npx",
      "args": ["-y", "@asad120414/mcpcall"],
      "env": {
        "MCPCALL_API_KEY": "${MCPCALL_API_KEY}"
      }
    }
  }
}

5
Pull your workspace
In Claude Code:
```
pull_workspace acme-corp
```
Files land in .claude/. .git/info/exclude gets a sentinel block. git status stays clean.

Environment variables

MCPCALL_API_KEY required: Bearer token minted at /settings/api-keys. Format: mc_live_<prefix>_<secret>. Shown once at creation.
MCPCALL_API_URL optional: Platform endpoint the MCP server talks to. Optional since @asad120414/mcpcall@0.1.1 — the hosted URL is baked into the binary. Override only when pointing at a self-hosted instance or a local dev server (e.g. http://localhost:3000).Default: https://team-agents-platform-web.vercel.app

MCP tools

The mcpcall MCP server exposes ten tools over stdio. All calls are bearer-authed and audit-logged on the platform.

list_workspaces

Enumerate workspaces accessible to your API key.

argsnone

example$ list_workspaces

list_files

Return the file manifest for one workspace, including sha256 and size.

args

workspace: string

example$ list_files acme-corp

pull_workspace

Write all files into .claude/ (and root for CLAUDE.md / RULES.md). Adds a sentinel block to .git/info/exclude. Writes <path>.incoming on conflict instead of clobbering. Pass prefix to pull only a subtree (e.g. "agents").

args

workspace: string
target_dir?: string
prefix?: string

example$ pull_workspace acme-corp

pull_file

Pull a single file from a workspace with the same conflict-safe semantics as pull_workspace: writes .incoming on sha mismatch, updates the local manifest, refreshes the sentinel block.

args

workspace: string
path: string
target_dir?: string

example$ pull_file acme-corp agents/reviewer.md

create_file

Create a new file on the platform from either a local path or inline content.

args

workspace: string
path: string
kind?: string
content?: string
local_path?: string

example$ create_file acme-corp agents/reviewer.md

push_file

Upsert. Reads local disk when content is omitted. A new file_versions row is only written when the sha256 changes.

args

workspace: string
path: string
content?: string

example$ push_file acme-corp CLAUDE.md

delete_file

Soft-delete a file on the platform. The local copy is left alone — use cleanup to remove local files safely.

args

workspace: string
path: string

example$ delete_file acme-corp agents/old.md

import_folder

Bulk-import a local directory tree into a workspace. Walks source_dir, filters by include globs (default **/*.md, **/*.mdx), uploads matched files via PUT. Symlink-defended; 2 MB per-file cap; 200-file per-call cap. Use dry_run to preview.

args

workspace: string
source_dir: string
include?: string[]
dest_prefix?: string
dry_run?: boolean

example$ import_folder acme-corp ./my-context

cleanup

Reverse a pull. Only files whose local sha256 matches the manifest are removed. Strips the sentinel block. Deletes the local manifest. Operates on the manifest at target_dir (defaults to cwd) — no workspace arg needed.

args

target_dir?: string
force?: boolean

example$ cleanup

status

Diff local manifest vs remote per file. Reads the manifest at target_dir; reports drift. No disk writes, no platform writes.

args

target_dir?: string

example$ status

Conflict handling

mcpcall never overwrites a local file silently. The contract is sha256-keyed: pull_workspace hashes the file on disk before writing.

.incoming siblings: If a target path exists with content that does not match the platform copy, the pulled bytes are written to <path>.incoming instead. Diff and merge by hand.
cleanup skips local edits: A file whose current sha256 differs from the manifest entry is left in place and reported under skipped[]. No data loss.
force: true: Passing cleanup acme-corp force=true overrides the sha guard. Reach for it only when you are sure.
status before action: Run status to see local-vs-remote drift without touching disk or platform.

Security model

Three guarantees, each enforced at the boundary.

Bearer tokens, hashed at rest: Tokens are mc_live_<prefix>_<secret>. The platform stores the prefix indexed and sha256(secret) — never the full token. Verification uses timingSafeEqual. A database leak cannot replay your tokens.
.git/info/exclude — not .gitignore: Pulled files are hidden via the per-repo, user-local ignore file. The tracked .gitignore is never touched. The client sees neither the files nor the ignore rule. Sentinel blocks are byte-idempotent on re-apply and fully reversible.
No clobber, ever: pull_workspace writes .incoming on sha mismatch. cleanup refuses to delete a file whose local sha does not match the manifest. Symlinks under the target are rejected before any write.

Quick start

1
Sign up
Open /signup. The first redeemer of FOUNDER is promoted to admin automatically.
2
Create a workspace
One per client or project. The slug becomes the identifier in every MCP tool call.
3
Mint an API key and wire your shell
At /settings/api-keys. Tokens are shown once. Add it to your shell rc — the platform URL is baked into the binary as of 0.1.1:
```
export MCPCALL_API_KEY=mc_live_AbCd1234_xxxxxxxxxxxxxxxx
```

Drop .mcp.json into the client repo

Reference the env var by name — never paste the token literal. .mcp.json is often committed.

{
  "mcpServers": {
    "mcpcall": {
      "command": "npx",
      "args": ["-y", "@asad120414/mcpcall"],
      "env": {
        "MCPCALL_API_KEY": "${MCPCALL_API_KEY}"
      }
    }
  }
}

5
Pull your workspace
In Claude Code:
```
pull_workspace acme-corp
```
Files land in .claude/. .git/info/exclude gets a sentinel block. git status stays clean.

Environment variables

MCPCALL_API_KEY required: Bearer token minted at /settings/api-keys. Format: mc_live_<prefix>_<secret>. Shown once at creation.
MCPCALL_API_URL optional: Platform endpoint the MCP server talks to. Optional since @asad120414/mcpcall@0.1.1 — the hosted URL is baked into the binary. Override only when pointing at a self-hosted instance or a local dev server (e.g. http://localhost:3000).Default: https://team-agents-platform-web.vercel.app

MCP tools

The mcpcall MCP server exposes ten tools over stdio. All calls are bearer-authed and audit-logged on the platform.

list_workspaces

Enumerate workspaces accessible to your API key.

argsnone

example$ list_workspaces

list_files

Return the file manifest for one workspace, including sha256 and size.

args

workspace: string

example$ list_files acme-corp

pull_workspace

args

workspace: string
target_dir?: string
prefix?: string

example$ pull_workspace acme-corp

pull_file

Pull a single file from a workspace with the same conflict-safe semantics as pull_workspace: writes .incoming on sha mismatch, updates the local manifest, refreshes the sentinel block.

args

workspace: string
path: string
target_dir?: string

example$ pull_file acme-corp agents/reviewer.md

create_file

Create a new file on the platform from either a local path or inline content.

args

workspace: string
path: string
kind?: string
content?: string
local_path?: string

example$ create_file acme-corp agents/reviewer.md

push_file

Upsert. Reads local disk when content is omitted. A new file_versions row is only written when the sha256 changes.

args

workspace: string
path: string
content?: string

example$ push_file acme-corp CLAUDE.md

delete_file

Soft-delete a file on the platform. The local copy is left alone — use cleanup to remove local files safely.

args

workspace: string
path: string

example$ delete_file acme-corp agents/old.md

import_folder

args

workspace: string
source_dir: string
include?: string[]
dest_prefix?: string
dry_run?: boolean

example$ import_folder acme-corp ./my-context

cleanup

args

target_dir?: string
force?: boolean

example$ cleanup

status

Diff local manifest vs remote per file. Reads the manifest at target_dir; reports drift. No disk writes, no platform writes.

args

target_dir?: string

example$ status

Conflict handling

mcpcall never overwrites a local file silently. The contract is sha256-keyed: pull_workspace hashes the file on disk before writing.

.incoming siblings: If a target path exists with content that does not match the platform copy, the pulled bytes are written to <path>.incoming instead. Diff and merge by hand.
cleanup skips local edits: A file whose current sha256 differs from the manifest entry is left in place and reported under skipped[]. No data loss.
force: true: Passing cleanup acme-corp force=true overrides the sha guard. Reach for it only when you are sure.
status before action: Run status to see local-vs-remote drift without touching disk or platform.

Security model

Three guarantees, each enforced at the boundary.

Bearer tokens, hashed at rest: Tokens are mc_live_<prefix>_<secret>. The platform stores the prefix indexed and sha256(secret) — never the full token. Verification uses timingSafeEqual. A database leak cannot replay your tokens.
.git/info/exclude — not .gitignore: Pulled files are hidden via the per-repo, user-local ignore file. The tracked .gitignore is never touched. The client sees neither the files nor the ignore rule. Sentinel blocks are byte-idempotent on re-apply and fully reversible.
No clobber, ever: pull_workspace writes .incoming on sha mismatch. cleanup refuses to delete a file whose local sha does not match the manifest. Symlinks under the target are rejected before any write.