Skip to content

MCP server (beta)

https://mcp.prostack.uk

Cito has an MCP (Model Context Protocol) server that enables Claude Code, and other AI tools, to talk to Cito servers, in order to manage sites and deploy code.

This is currently in beta. Feedback is very welcome.

Authentication is required- when you connect your AI tool you will be redirected to the Prostack portal to login.

When you first log in you'll be prompted to authorise the MCP server for your account.

Quick start: Connecting to Claude Code

Run the following in your terminal client:

claude mcp add --transport http Cito https://mcp.prostack.uk/mcp

Then start a Claude Code session and use the /mcp command to authenticate. A browser will open to log you into the Prostack Portal.

Warning

We recommend the use of Opus 4.6 with Claude Code. Less capable models may not function correctly.

Once you're authenticated you can close the browser window and switch back to your terminal. You can then try a test prompt, such as "Tell me what Cito servers I have?". This should trigger the cito_list_servers tool.

Connecting to Claude (web/desktop)

Go to https://claude.ai/customize/connectors and click Connectors, then + and “Add Custom Connector”.

The MCP URL is https://mcp.prostack.uk/mcp - you can name it Cito.

Once it’s added, click the ‘Connect’ button and you will be directed to the portal to login. From there you can start a chat - e.g. by asking ‘Is my Cito server healthy?’

Connect to Cursor

Settings → Tools & MCP → Add MCP Paste in the following JSON:

{
  "mcpServers": {
    "Cito": {
      "url": "https://mcp.prostack.uk/mcp"
    }
  }
}

For other tools you can visit [https://mcp.prostack.uk] and follow the instructions there.

Current capabilities

You can ask for things in natural language:

  • ”Tell me if my server is healthy”

  • "Fetch the error logs for my staging website"

  • ”Create a new Wordpress site"

  • "Show me the last 50 lines of the error log for example.com"

  • "Create a MySQL database called app_db and add a read-only user to it"

These will trigger the appropriate tool call.

If you have multiple servers, you can prompt the AI to work with a specific server.

Creating new sites

You can ask your AI tool to create a new site. You'll be prompted for the necessary information- site type, domain name, username and framework.

Deploying projects

“Deploy this project to Cito” is supported for local clients, such as Claude Code and Cursor.

The model will:

  • Detect the site type (Laravel, NodeJS etc). This is done by looking at the files in the project repository.
  • Offer to create a site with the correct deployment profile, or use an existing site if specified.
  • Rsync files to the chosen site. The MCP server will generate an ephemeral SSH keypair to do this. The private key is never persisted to disk and is deleted afterwards.
  • Run any post-install commands. The commands are based on the project type detected- e.g. composer install or npm install. Only specific, framework-relevant commands are supported.

Deployment uses tools available on your local machine. You will be prompted through each step.

Certain files are excluded from deployment by default, and will not be rsynced to the server. These include:

  • .git, .github, .gitlab-ci.yml

  • node_modules/

  • .env, .env.local, .env.*.local - you must configure environment variables via SSH or File Manager.

  • tests, __tests__, spec, coverage

  • IDE files (.idea, .vscode)

  • Build configs (Dockerfile, docker-compose.yml)

  • Documentation (README.md, CHANGELOG.md)

Deleting sites & databases

The MCP server does allow you to delete files, sites or databases. We take a conservative approach here, and have built-in guardrails for these tool calls.

Before carrying out any destructive action, the MCP server will prompt you to confirm if you wish to proceed.

What can't I do?

Certain features of the Cito dashboard are not currently available via MCP. This includes:

  • Anti-malware scanning and detection
  • Outbound email logs
  • Managing docker containers
  • Configuring redirects, cron jobs or caching.

If any of these would be useful to you, let us know.

Security

This MCP server is in beta. Whilst it has undergone extensive testing, LLMs can still behave in unexpected ways, so you should be careful to review all tool calls before running them. You should prompt as carefully as you can to ensure you get accurate results.

Deployment safety

We take the following safety precautions when deploying via the MCP server:

  • SSH private keys are never stored. We generate ephemeral SSH keys, use these to deploy to Cito, and delete them afterwards. We do not use your local SSH keys or access them.
  • Arbitrary commands are not supported. The MCP server can only run specific, authorised commands related to the framework of the site you're deploying. Unauthorised commands are rejected.
  • The MCP server cannot read/write files outside of /home.
  • Destructive operations, such as deleting a site, require confirmation to proceed.

Bugs and issues

Contact support via the usual channels if you experience issues or have feature requests.

Please provide as much detail as possible if you encounter bugs- including the prompts and conversation history if possible.

Appendix: Available tools

You can find a list of available tools on https://mcp.prostack.uk.