Skip to main content

MCP Tools Reference

The plugin exposes the following MCP tools. In normal use you do not invoke them by name — the skills and Claude itself orchestrate them from natural-language conversation. This page is the exhaustive reference for each tool's parameters, return values, and caveats.

The same tools are available when you run the server standalone via npx -y @deploygate/mcp — see Standalone MCP Server.

Identifier model

DeployGate uses several identifier slugs that appear across multiple tools. The underlying API has historical names that differ from the user-facing terminology:

User-facing termAPI / legacy nameRole
WorkspaceenterpriseTop-level container for projects and members
Projectorganization, groupGroups apps, teams, and members under a workspace
Teamteam (owner / developer / tester)Role-based membership within a project
Shared teamshared_teamWorkspace-level team reusable across projects

Most tools accept:

  • owner_name — the project slug (a groups[i].name from get_user_info) or a user's own login name for personal apps
  • app_id — the package_name field returned by upload_app (bundle identifier on iOS, package name on Android)
  • access_key — the distribution page identifier returned by create_distribution; also called distribution_key on upload_app
  • revision — a build (binary) revision number within an app. The latest revision is used by default where the parameter is optional
  • team — a team's display name (case-insensitive). Auto-created team names are locale-dependent (e.g. Tester / テスター) and can be renamed; discover them with get_project

Authentication

The plugin uses a browser-based device authorization code flow — you never paste an API token. The token is saved on your machine and reused across future agent sessions.

LocationPath
macOS / Linux~/.config/deploygate/token (or $XDG_CONFIG_HOME/deploygate/token)
Windows%APPDATA%\deploygate\token

The file is written with mode 0600 and contains only the issued token.

login_start

Begin the device authorization code flow. Takes no parameters.

Returns: Text containing a verification URL of the form https://deploygate.com/app/sessions/codes?code=XXXXXXXX, the short code, and an expiry (typically 5 minutes). The user opens the URL in a browser where they are signed in to DeployGate and approves the login.

After presenting the URL, immediately call login_wait to receive the token.

login_wait

Wait for the user to approve the login started by login_start. Polls the server on the server-specified interval until the code is authorized, rejected, or expired. Takes no parameters.

Returns: On success, text containing the authenticated username, the JSON organization list (workspace names and projects), and the path where the token was saved. The token is also stored client-side so subsequent tool calls authenticate automatically.

Errors: Returned with isError: true for any of:

  • No login in progresslogin_start was not called first
  • The code expired after 5 minutes — the user did not approve in time
  • Login was not approved, or the code expired — explicit rejection or expiry from the server
  • Login aborted for security reasons (nonce mismatch) — the server response did not match the nonce sent by login_start
  • Hit the server's rate limit repeatedly — back off and call login_start again later
  • Repeated network errors while polling — check connectivity and retry

In all error cases, call login_start again to retry.

logout

Revoke the stored token on the DeployGate server and delete the local token file. Takes no parameters.

Returns: Logged out. on success. If the server-side revoke fails, the message indicates that the local token was deleted regardless. If no token is stored, returns Already logged out.

get_user_info

Return the workspace/projects associated with the stored token. Takes no parameters.

Returns: A JSON array of workspaces, each with a name (workspace slug) and a groups array of projects.

Errors: If the stored token is rejected by the server (unauthorized), the local token file is cleared and the response says The stored token is invalid. Run login_start to log in again.

App Upload

upload_app

Upload an IPA, APK, or AAB to DeployGate. Optionally associates the upload with a distribution page.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
file_pathstringAbsolute path to the binary
messagestringShort build description. Max 32,766 bytes — auto-truncated (response includes a warning)
distribution_keystringDistribution page access_key to update. Takes priority over distribution_name. Max 255 chars
distribution_namestringDistribution page name. Creates a new page if not found (with active=false). Ignored when distribution_key is also specified. Max 255 chars
release_notestringRelease note attached to the distribution page
disable_notifybooleanDisable push notification to testers (iOS only)
ios_simulator_zipstringAbsolute path to an iOS simulator build zip. Enables Instant Device (browser preview). Build with xcodebuild -sdk iphonesimulator and zip the .app directory. Must be uploaded together with an IPA

Returns: JSON response from the DeployGate API, including the revision URL and — when a distribution page is touched — its access_key and URL. The response's package_name is the app_id to pass to subsequent distribution / UDID / notification tools.

App & Binary Management

Tools for inspecting an app and managing its uploaded build revisions (binaries). A revision is one uploaded build; the storage retention policy auto-prunes older revisions unless they are protected.

get_app

Get details of an app, optionally for a specific revision.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier
revisionnumberSpecific revision to inspect

list_app_revisions

List uploaded build revisions, newest first (50 per page). Only revisions within the storage retention period are returned; older auto-pruned builds are not listed.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier
pagenumberPage number (default 1)

get_app_revision

Get details of a specific build revision. Returns 404 if the revision number does not exist.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier
revisionnumberRevision number

update_app_revision

Update the message (memo) of a build revision. Only the message can be changed.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier
revisionnumberRevision number
messagestringNew message/memo for the revision

delete_app_revision

Delete a build revision (binary).

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier
revisionnumberRevision number to delete
caution

The API rejects deletion (HTTP 400) of the latest revision and any protected revision. A revision currently served by a distribution page is automatically protected — first repoint that page to another revision (update_distribution_revision) or delete the page (delete_distribution / delete_distribution_by_name). Note that unprotect_app_revision only removes manual protection, not a distribution's automatic protection.

protect_app_revision

Add manual protection to a revision so it is excluded from automatic retention pruning. Fails (403) if the app has reached its maximum number of protected revisions.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier
revisionnumberRevision number to protect

unprotect_app_revision

Remove manual deletion protection added by protect_app_revision. Does not remove the automatic protection a revision gets while served by a distribution page.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier
revisionnumberRevision number to unprotect

search_app_revisions

Search build revisions by a query string. Only revisions within the storage retention period are searched.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier
qstringSearch query
pagenumberPage number
per_pagenumberItems per page

list_app_members

List the members attached to an app. On current plans, the teams attached to the app are returned as teams. For a legacy app with an individual owner, the users attached to the app are returned as users, along with a usage object carrying the current user count and the limit.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier

list_app_teams

List the regular (non-shared) teams attached to an app in a project. Returns 403 if your token lacks permission on the app.

ParameterTypeRequiredDescription
owner_namestringProject (organization) name
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier

remove_app_team

Detach a team from an app; the team's members lose access granted via that team. Destructive. The owner team cannot be detached (403). Returns 400 if the team is not attached to the app.

ParameterTypeRequiredDescription
owner_namestringProject (organization) name
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier
teamstringTeam name to detach from the app

list_app_shared_teams

List the workspace shared teams attached to an app. Only valid for apps in an Enterprise (workspace) organization — returns 400 otherwise.

ParameterTypeRequiredDescription
owner_namestringProject (organization) name
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier

remove_app_shared_team

Detach a workspace shared team from an app. Only valid for apps in an Enterprise (workspace) organization — returns 400 otherwise. Destructive. Returns 400 if the shared team is not attached.

ParameterTypeRequiredDescription
owner_namestringProject (organization) name
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier
teamstringShared team name to detach from the app

Keystore Management (Android)

Manage the signing keystore for an Android app. These tools are Android-only; mutating operations require write permission on the app.

get_keystore

Get the certificate fingerprints (md5/sha1/sha256/checksum) of an app's signing keystore. Returns 404 if the app has no keystore.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
app_idstringAndroid package name

create_keystore

Generate a debug signing keystore (alias androiddebugkey, password android). If the app already has a keystore this is a no-op that returns a message saying so (use update_keystore to replace).

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
app_idstringAndroid package name

update_keystore

Upload/replace the signing keystore from a local keystore file. Returns 400 if the file or its credentials (alias/passwords) are invalid.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
app_idstringAndroid package name
file_pathstringLocal path to the keystore file
alias_namestringKey alias name
keystore_passwordstringKeystore password
key_passwordstringKey password

delete_keystore

Delete the app's signing keystore. Returns 404 if the app has no keystore.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
app_idstringAndroid package name

download_keystore

Get a download URL and checksum for the app's signing keystore. Returns 404 if the app has no keystore.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
app_idstringAndroid package name

Distribution Page Management

create_distribution

Create a new distribution page for an app. Returns the access_key that forms the public URL https://deploygate.com/distributions/{access_key}. When revision is omitted, the latest build is used. Returns 400 if the app has reached its maximum number of distribution pages.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier
titlestringDistribution page title (max 255 chars)
release_notestringRelease note for this distribution
revisionnumberSpecific revision number to distribute
activebooleanWhether the page is active. Default: true

list_distributions

List all distribution pages for an app.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier

get_distribution

Get details of a specific distribution page.

ParameterTypeRequiredDescription
access_keystringDistribution page access_key

Call this before update_distribution to retrieve the current active and release_scope values, which are required on update.

update_distribution

Update a distribution page.

ParameterTypeRequiredDescription
access_keystringDistribution page access_key
activebooleanWhether the page is active
release_scopesee belowAccess scope
titlestringNew title (max 255 chars)
passcodestringRequired when release_scope is "passcode"
release_notestringRelease note
ip_restriction_enablebooleanEnable IP address restriction. Only available for apps owned by a project/workspace and when the feature is enabled for that workspace; personal (user-owned) apps do not support this
ip_restrictionstringComma-separated allowed IPs/CIDRs, e.g. 10.0.0.0/24,192.168.1.1
caution

Both active and release_scope are always required, even when you only want to change the title. Call get_distribution first to retrieve the current values, then pass them through unchanged.

release_scope values:

ValueBehavior
publicPublicly accessible; indexable by search engines
unlistedAnyone with the link can access (default)
passcodeRequires a passcode (passcode parameter required)
authorized_onlyOnly accessible to logged-in team members. Only valid for project/workspace-owned apps whose plan supports it (personal apps support public/unlisted/passcode only), and cannot be set if the page already has testers (422)

delete_distribution

Delete a distribution page. The page only is deleted — uploaded builds (binaries) are preserved.

ParameterTypeRequiredDescription
access_keystringDistribution page access_key

delete_distribution_by_name

Delete a distribution page by its title (name) within an app. Returns 404 if no page matches the name, and 400 if more than one page shares the name (delete by access_key with delete_distribution instead). Uploaded builds are preserved.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier
distribution_namestringTitle of the distribution page to delete

update_distribution_revision

Change which build revision a distribution page serves. Returns 404 if the revision does not exist in the app. Requires app admin permission. Re-pointing moves the page's automatic protection to the new revision, freeing the previously-served revision for deletion.

ParameterTypeRequiredDescription
access_keystringDistribution page access_key
revisionnumberRevision number to assign to the page
release_notestringRelease note for this revision

iOS UDID Management

get_udids

List iOS device UDIDs that have been registered through the distribution page installation flow.

ParameterTypeRequiredDescription
owner_namestringOwner (user login or project slug)
app_idstringBundle identifier
unprovisioned_onlybooleanIf true, return only devices not yet in the provisioning profile (is_provisioned=false)

Returns: An array of entries with udid, USERNAME, device_name, and is_provisioned.

Notification Settings

get_notification_settings_url

Generate the URL for configuring Slack / Microsoft Teams / Chatwork notifications. The user opens the URL in a browser to complete setup — there is no API-only configuration path.

ParameterTypeRequiredDescription
level"distribution" | "app"Scope of the notification setting
access_keystringwhen level="distribution"Distribution page access_key
owner_namestringwhen level="app"Owner (user login or project slug)
owner_type"organization" | "user"when level="app"Whether the app belongs to a project or to a user
platform"ios" | "android"when level="app"App platform
app_idstringwhen level="app"Package name or bundle identifier

Returns: Text containing the URL. Relay it to the user verbatim — do not add query parameters.

Member Management

These tools manage membership of the role-based teams within a single project. Team display names are locale-dependent and can be renamed; use get_project to discover the team names in a project.

add_member

Onboarding shortcut for initial project setup. Adds a user with one of the three standard roles (owner / developer / tester) by orchestrating:

  1. Add to workspace (enterprise)
  2. Add to project (upsert — no error on duplicate)
  3. Add to the role team (upsert)
  4. For non-owner roles: attach the role team to the specified app so the new member can access it

Owner-role members have project-wide app access by design, so step 4 is skipped for owner. Standard team names are locale-dependent; this tool resolves the role team by its stable role keyword so it works across locales.

ParameterTypeRequiredDescription
workspacestringWorkspace name
projectstringProject name
userstringEmail address or username
role"owner" | "developer" | "tester"Role to assign
platform"ios" | "android"when roleownerApp platform, to attach the role team to the app
app_idstringwhen roleownerApp to attach the role team to

Errors:

  • Free plan member-seat limit exceeded → isError: true with a link to https://deploygate.com/settings/plan
  • User is already in the workspace → silently skipped

add_team_member

Atomic single-step: add a user to a specific team in a project. It does not add the user to the workspace/project first, nor attach the team to an app — the user must already be a project member. For the full onboarding flow, use add_member.

ParameterTypeRequiredDescription
projectstringProject name
teamstringTeam display name (case-insensitive). Discover via get_project
userstringEmail address or username

list_team_members

List members of a specific team in a project.

ParameterTypeRequiredDescription
projectstringProject name
teamstringTeam display name (case-insensitive). Discover via get_project

remove_team_member

Remove a member from a team. The user remains in the workspace and project — only the team membership is removed.

ParameterTypeRequiredDescription
projectstringProject name
teamstringTeam display name (case-insensitive). Discover via get_project
userstringEmail address or username

Project (Organization) Management

Manage a project (organization) and its membership. owner_name on app-scoped tools is the same project slug used here.

get_project

Get a project's details (id, name, description, and its teams). Returns 403 if your token lacks access, or 401 if the project's plan has expired.

ParameterTypeRequiredDescription
projectstringProject (organization) name

update_project

Update a project's display name and/or description. Provide at least one. Returns 400 on validation failure, or 403 if you lack permission.

ParameterTypeRequiredDescription
projectstringProject (organization) name
display_namestringNew display name
descriptionstringNew description

delete_project

Delete a project. Destructive and irreversible: removes the project and disables all of its pending invitations. Returns 403 if you lack permission, or 422 if deletion fails.

ParameterTypeRequiredDescription
projectstringProject (organization) name

list_project_apps

List the apps in a project that are visible to your token. Returns 403 if you lack access.

ParameterTypeRequiredDescription
projectstringProject (organization) name

list_project_members

List all users that belong to a project. Returns 403 if you lack permission. (To list members of a single team, use list_team_members.)

ParameterTypeRequiredDescription
projectstringProject (organization) name

Shared Team Management

Shared teams are workspace-level teams that can be assigned to multiple apps across projects. When assigned to an app, shared team members get tester-level access.

create_shared_team

Create a workspace-level shared team.

ParameterTypeRequiredDescription
workspacestringWorkspace name
namestringShared team name (e.g. "all staff")

list_shared_teams

List the shared teams in a workspace. Requires workspace management permission.

ParameterTypeRequiredDescription
workspacestringWorkspace name

delete_shared_team

Delete a shared team from a workspace. Destructive. Returns 400 if the team does not exist.

ParameterTypeRequiredDescription
workspacestringWorkspace name
teamstringShared team name to delete

add_shared_team_member

Add a member to a shared team. Specify either email or username — not both.

ParameterTypeRequiredDescription
workspacestringWorkspace name
shared_team_idstringShared team ID
emailstringeither/orMember's email
usernamestringeither/orMember's username
descriptionstringOptional description (max 255 chars)

list_shared_team_members

List the members of a workspace shared team. Requires workspace management permission.

ParameterTypeRequiredDescription
workspacestringWorkspace name
shared_team_idstringShared team ID

remove_shared_team_member

Remove a member from a shared team. Destructive. Returns 404 if the user is not a member of the shared team.

ParameterTypeRequiredDescription
workspacestringWorkspace name
shared_team_idstringShared team ID
userstringMember to remove (username or email)

assign_shared_team_to_app

Assign a shared team to an app. Members of the shared team get tester-level access.

ParameterTypeRequiredDescription
projectstringProject name
platform"ios" | "android"App platform
app_idstringPackage name or bundle identifier
teamstringShared team name to assign

Workspace (Enterprise) Management

Workspace-level administration. All current plans are workspace-based, so these tools apply to them; they are not available on legacy plans. Member and project mutations require the appropriate workspace permission.

list_workspace_members

List all members of a workspace. Requires workspace management permission (403/404 otherwise).

ParameterTypeRequiredDescription
workspacestringWorkspace (enterprise) name

get_workspace_member

Get a single workspace member by name or email (at least 3 characters). Returns 400 if no matching member is found.

ParameterTypeRequiredDescription
workspacestringWorkspace (enterprise) name
idstringMember name or email

add_workspace_member

Invite a member to a workspace by email address. Set role="guest" for a guest member — the guest role is available only to certain partner workspaces. Returns 400 if already a member, 403 if you lack invite permission or the plan's member seats are exceeded.

ParameterTypeRequiredDescription
workspacestringWorkspace (enterprise) name
userstringEmail address of the person to invite
full_namestringOptional full name for the invitee
rolestringOptional role; use guest to invite a guest member (available only to certain partner workspaces)

remove_workspace_member

Remove a member from a workspace entirely. Destructive. You cannot remove yourself (403); a non-member returns 400.

ParameterTypeRequiredDescription
workspacestringWorkspace (enterprise) name
userstringMember name or email to remove

list_workspace_projects

List the projects (organizations) under a workspace. Requires workspace management permission.

ParameterTypeRequiredDescription
workspacestringWorkspace (enterprise) name

create_project

Create a new project (organization) in a workspace. name must be 3–28 chars (letters/digits/hyphens/underscores, starting and ending with a letter or digit) and globally unique (400 if already in use). owner_name_or_email must be an existing workspace member (404 otherwise). 403 if the plan's project limit is exceeded. display_name defaults to name.

ParameterTypeRequiredDescription
workspacestringWorkspace (enterprise) name
owner_name_or_emailstringWorkspace member to set as the project owner (username or email)
namestringProject name (3–28 chars, globally unique)
display_namestringOptional display name (defaults to name)
descriptionstringOptional description

list_workspace_project_members

List the members of a project within a workspace. Returns 401/403 if you lack permission.

ParameterTypeRequiredDescription
workspacestringWorkspace (enterprise) name
projectstringProject (organization) name

add_project_member

Add a workspace member to a project as a direct project member. The user must already be a workspace member (401 otherwise); 403 if you lack permission. This is project-level membership; to add to a specific team use add_team_member.

ParameterTypeRequiredDescription
workspacestringWorkspace (enterprise) name
projectstringProject (organization) name
userstringWorkspace member to add (username or email)

remove_project_member

Remove a member from a project. Destructive. Returns 403 if the user is not a project member or you lack permission. This removes project-level membership; to remove from a single team use remove_team_member.

ParameterTypeRequiredDescription
workspacestringWorkspace (enterprise) name
projectstringProject (organization) name
userstringMember to remove (username or email)

update_saml_certificate

Update a workspace's SAML IdP certificate from a local PEM file. Requires workspace admin permission.

ParameterTypeRequiredDescription
workspacestringWorkspace (enterprise) name
file_pathstringLocal path to the IdP X.509 certificate (PEM) file
caution

Uploading an incorrect certificate can break SSO login for the whole workspace. Returns 400 for an invalid certificate file, 403 if you are not an admin or the plan has expired, and 404 if SAML is not configured.

Last updated on