MCP Server — Overview & Install

AxHub's MCP server apphub-mcp. Call 26 tools plus resources, prompts, and tasks over JSON-RPC 2.0, secured with OAuth Bearer.

What can you do with it?

From MCP-compatible AI agents like Claude and Cursor, you can drive AxHub's apps, deployments, DB, APIs, and GitHub in one place. 26 tools across 5 categories are ready to go.

The server is named apphub-mcp, and it speaks JSON-RPC 2.0.

POST /mcp — send requests here

All tool calls and methods go to a single HTTPS endpoint /mcp as JSON-RPC 2.0 POSTs.

Terminal

$ curl -X POST https://api.jocodingax.ai/mcp \
  -H "Authorization: Bearer $AX_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -H "Mcp-Session-Id: $SESSION_ID" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'

GET /mcp — server push notifications here

Server-to-client pushes (resource changes, task progress) flow through an SSE stream on the same path. Just open GET with Accept: text/event-stream.

Keepalive pings every 30 seconds. If the connection drops and you reconnect, pass Last-Event-ID — we'll replay what you missed.

Protocol facts

Protocol version: 2025-11-25 (latest). Legacy 2025-03-26 still accepted.
Server name: apphub-mcp
Server version: APP_VERSION env var at deploy time, or dev locally.

Capabilities

initialize response (excerpt)

{
  "protocolVersion": "2025-11-25",
  "capabilities": {
    "tools": {},
    "resources": { "listChanged": true, "subscribe": true },
    "prompts":   { "listChanged": true },
    "tasks": {
      "list":   {},
      "cancel": {},
      "requests": { "tools": { "call": {} } }
    }
  },
  "serverInfo": { "name": "apphub-mcp", "version": "1.0.0" },
  "sessionId": "sess_abc123..."
}

Call initialize first — the server creates a session and hands back sessionId. Include it in the Mcp-Session-Id header on every follow-up call. The server double-checks the session owner matches the token owner.

If the session isn't yours

When Mcp-Session-Id doesn't match the token's owner (tenantID + userID), we drop the session ID and return forbidden on resource/tasks calls. Just re-initialize to get a fresh session.

Supported methods

Method	What it does	Auth
`initialize`	Creates the session and agrees on protocol	OAuth or guard
`tools/list`	Lists tools you can use	OAuth + scope filter
`tools/call`	Actually runs a tool	scope + per-app perms
`prompts/list` · `prompts/get`	Prompt templates	OAuth
`resources/list` · `resources/read`	Discover and read deployment/app resources	OAuth only
`resources/subscribe` · `resources/unsubscribe`	Turn live notifications on/off	OAuth + session
`tasks/get` · `tasks/result` · `tasks/list` · `tasks/cancel`	Manage long-running async work	OAuth
`notifications/initialized` · `ping`	Connection keepalive	open

Tool categories (26 total)

Category	Count	Tools
App	10	`register_app`, `list_my_apps`, `get_app_url`, `manage_app`, `manage_ci`, `import_and_deploy`, `whats_next`, `set_app_spec`, `manage_oauth_client`, `env_vars`
Deploy	6	`deploy_app`, `rollback_deploy`, `preflight_check`, `list_deployments`, `restart_app`, `tail_deploy_logs`
GitHub	1	`connect_repo`
Table	4	`manage_table`, `records`, `search_table`, `alter_table`
API	5	`list_apis`, `get_api_schema`, `test_api`, `manage_api_key`, `discover_apis`

Full per-tool schemas and examples live in the Tools Reference.