Route Claude, Cursor, and Codex to Vercel through wmcp.sh. Reads on by default, env-var writes blocked unless explicitly enabled — closes the most common agent footgun. Vault-stored tokens, multi-team routing, audit log. wmcp.sh is not affiliated with Vercel Inc.
Connect at https://wmcp.sh/mcp/vercel · default read-only · env-write protection always on by default
Vercel ships an official MCP server at https://mcp.vercel.com — remote MCP with OAuth, supported by Claude / Cursor / VS Code / ChatGPT and a list of other clients. For most workflows it's the right answer.
The gap is the blast radius of writes. A Vercel API token with project access can read and write environment variables, trigger deployments, promote to production, and alias domains. An agent that accidentally calls update_env on a prod project can hand-grenade a service.
wmcp.sh adds a write-protection layer: env-var writes are blocked at the wmcp.sh proxy regardless of token scope, and env-var values are redacted on read unless explicitly opted in. Other write tools (deploy, promote, rollback) are also opt-in per connection. Tokens live in an encrypted per-user vault and are namespaced per team for multi-team workflows.
Ten tools covering projects, deployments, env vars, domains, and logs.
vercel.list_projectsProjects for the active team with framework + last-deploy.vercel.get_projectProject metadata: links, build settings, framework.vercel.list_deploymentsDeployments with state (READY / ERROR / BUILDING) + url.vercel.get_deploymentSingle deployment with build + runtime metadata.vercel.get_deployment_logsBuild + runtime logs for a deployment.vercel.list_env_varsNames + targets (production / preview / dev), values redacted by default.vercel.list_domainsCustom domains attached to a project with verification state.vercel.list_teamsTeams the access token can see.vercel.list_aliasesProduction aliases per project.vercel.list_certificatesSSL certs with issuer + expiry.# pip install anthropic mcp
import os, asyncio
from anthropic import Anthropic
from mcp import ClientSession
from mcp.client.streamable_http import streamablehttp_client
WMCP = "https://wmcp.sh/mcp/vercel"
TOKEN = os.environ["WMCP_TOKEN"]
async def investigate():
async with streamablehttp_client(WMCP, headers={"Authorization": f"Bearer {TOKEN}"}) as (r, w, _):
async with ClientSession(r, w) as s:
await s.initialize()
tools = (await s.list_tools()).tools
anthropic = Anthropic()
msg = anthropic.messages.create(
model="claude-opus-4-5",
max_tokens=2048,
tools=[{"name": t.name, "description": t.description, "input_schema": t.inputSchema} for t in tools],
messages=[{"role": "user", "content": "Find the most recent failed deployment of 'web-app', pull the build logs, and tell me what broke."}],
)
return msg
asyncio.run(investigate())| Capability | mcp.vercel.com (official) | wmcp.sh-routed |
|---|---|---|
| Read coverage | Excellent — official is the canonical | Common 80% (projects / deploys / logs / domains) |
| Env-var write protection | Token-scope based | Blocked at proxy regardless of scope |
| Env-var read redaction | Returns values | Redacted by default; opt-in per connection |
| Multi-team in one config | Per-team server instance | N teams in one connection, team_id per call |
| Token storage | OAuth (official) | Encrypted vault, rotatable |
| Default write tools | Available per token scope | Off by default; opt-in per connection |
| Audit log | Vercel-side | wmcp.sh per-call + Vercel-side preserved |
https://mcp.vercel.com, remote MCP with OAuth, supported by Claude / Cursor / VS Code / ChatGPT and more. wmcp.sh is not affiliated with Vercel; we offer a hosted alternative with env-write protection.Production Vercel MCP: scoped tokens per team with read-only or fine-grained write perms, env-write allowlists, audit retention, SSO, optional deployment-promotion approval flow. Starter $499 one-time, Managed Retainer $999/mo, Enterprise $4,999+/mo.