M54Released May 15, 2026

Real MCP server for WebmasterID Core

Production MCP HTTP endpoint at /api/agent/mcp with ten read-only tools, Bearer auth via the api_keys table, plan gating, audit logging, payload caps, and a per-key rate limit.

MCP Agent Security

Highlights

POST /api/agent/mcp — JSON-RPC 2.0 over HTTP. Methods: initialize, tools/list, tools/call.
Ten read-only tools: sites, summary, recent events, bot intelligence, AI referrals, top pages, recommendations, repo mappings, execution sessions, plan status.
Workspace-scoped Bearer auth against the api_keys table; revoked keys rejected and audited.
Plan gate: Free is blocked with -32003 PLAN_LOCKED + upgradeHref hint.
64KB payload cap, 120 req/min/key rate limit, every call audited.

Why this matters

M53.3 documented MCP. M54 ships the actual endpoint. Claude clients (Desktop / Code / VS Code) now connect to a real server and round-trip real workspace data — recommendations, repo mappings, AI-crawler activity, AI referrals, site context — through a single Bearer-authed POST.

Read-only by design

Every tool returns compact, safe-projected data. No raw rows, no secret_key_hash, no password_hash, no raw IPs, no user-agent strings, no Stripe payloads, no execution prompt bodies. Cross-workspace siteIds return -32012 SITE_NOT_IN_WORKSPACE. Workspace isolation is enforced at the query layer; the cookie cannot grant access — only persist a preference.

Auth pipeline

Authorization → sha256 hash → api_keys row → revocation check → plan check → last_used_at stamp → audit row. Failed paths (revoked / plan-locked) write to admin_audit_logs so the operator can see reuse attempts on /settings/mcp/activity.

Protocol compliance

Server identity declares protocol version 2024-11-05 and the tools capability only — no resources / prompts / sampling surfaces. Tool inputSchema uses standard JSON Schema. Tool result envelope is `{ content: [{ type: 'text', text: <JSON> }] }` — the canonical MCP shape.

Security notes

Bearer-token auth; plaintext never persisted.
Revoked-key reuse attempts audit-logged with the key prefix only.
No stack traces in error envelopes.
Batch requests (arrays) explicitly rejected with -32600.

Production-grade /settings/mcp UX

Endpoint-visibility row, three-step quick-start wizard, server-status panel, recent-activity widget, and an in-page verify-connection tester on /settings/mcp.

Endpoint-visibility row at the top of /settings/mcp with a one-tap copy button on the full MCP URL.
Three-step Quick Start wizard: generate API key → add to Claude → verify. Step 1 ticks green when the workspace already has an active key.
Server-status panel — operational / degraded / unconfigured pill, recent success-rate %, last-checked timestamp. Honest 'n/a' when there are no events; no fabricated uptime.
+ 2 more — see the release page

Read release notes →

M53.3May 15, 2026

OnboardingMCPCore

Activation polish + API keys + MCP setup

Welcome email auto-fire, the api_keys infrastructure, /settings/mcp documentation, /getting-started richer post-first-event page, and three Claude/MCP SEO landing pages.

Welcome email auto-fires from /api/auth/signup. Delivery failure never blocks signup; production never falls back to logging plaintext tokens.
Migration 0017 adds the api_keys table — sha256 hash at rest, six-char prefix, plaintext shown once, workspace-scoped + RBAC-gated.
/settings/api-keys ships with one-time plaintext reveal, label + create + revoke flow, audit-log writes.
+ 3 more — see the release page

Read release notes →