Documentation

Docs & MCP reference.

Quickstart

DenkOps is driven from Claude Code through the MCP interface, with no CLI to learn. Install the plugin, log in with one browser click, then just ask Claude to deploy. DenkOps packs your directory, picks a build lane, and returns a live, SSL-secured URL.

/plugin marketplace add DenkOpsAI/denkops-mcp
/plugin install denkops
log in to DenkOps # browser opens → Approve
deploy on DenkOps
→ live at https://my-agent.denkops.app

Build lanes

Two optimized paved-road templates. The bun-hono fast lane for lightweight APIs and MCP servers; the python-fastapi heavy lane for AI and long-running workloads. No Dockerfile needed, or bring your own container.

MCP interface

The MCP server is the primary interface. After a one-time browser login (say “log in to DenkOps” → Approve), Claude talks straight to the control plane and operates your infrastructure via tools.

ToolDoes
deployPack + build + ship the current project
logsFetch logs + ai_hint for a deploy
statusHealth, version, resource usage
rollbackActivate a previous version
set_env / list_env / unset_envManage env vars (write-only)
redeployRe-run the current version (apply env changes)

Install in Claude Code

Three steps: install the plugin, log in with a browser click, then just ask. After that Claude drives DenkOps directly from your editor: deploy, read logs and roll back, with no CLI and no token to copy.

1 · Install the plugin

Add the DenkOps marketplace and install the plugin from inside Claude Code:

/plugin marketplace add DenkOpsAI/denkops-mcp
/plugin install denkops

2 · Log in

Say “log in to DenkOps”. A browser tab opens on the dashboard. Click Approve. No token to copy or paste.

log in to DenkOps
→ browser opens on the dashboard, click Approve

3 · Deploy & manage

Say “deploy on DenkOps”: Claude packs, builds and ships the current project, and returns a live URL plus a DENKOPS_API_KEY. Manage it straight from the chat, or call the API directly with Authorization: Bearer <DENKOPS_API_KEY> (/health is public, no key required).

deploy on DenkOps
→ live at https://my-agent.denkops.app
read the logs
rollback
status

Connect other agents

Claude Code isn't required. DenkOps ships a standalone MCP server, @denkopsai/mcp, that any MCP-capable agent can run over stdio. In the dashboard open Connect, pick your agent (Codex, OpenClaw, Hermes, or “Other”), and mint a scoped token. The page hands you a copy-paste command with the token already filled in.

# Codex
codex mcp add denkops -- npx -y @denkopsai/mcp
# env: DENKOPS_TOKEN=dko_… DENKOPS_CONTROL_PLANE_URL=https://api.denkops.com

Any other MCP client works the same way: run npx -y @denkopsai/mcp with DENKOPS_TOKEN and DENKOPS_CONTROL_PLANE_URL set. Claude Code users skip this entirely; the plugin bundles the same server.

Connections & tokens

Every agent connects with a scoped, least-privilege token, minted per agent from the dashboard Connect page and owner-managed:

  • Scoped: pin a token to specific projects (out-of-scope calls return 403), choose whether it may create new projects, and grant or withhold environment-variable access (default: none).
  • Expiring: 30, 90, 365 days, or no expiry, chosen at mint time.
  • Revocable: revoke a connection in one click; that token immediately returns 401.
  • Auditable: each connection shows its agent type, when it connected, last-active time, and a per-connection activity log.

Claude Code's browser login (“log in to DenkOps” → Approve) issues one of these scoped tokens automatically, so you never copy or paste it.

Self-healing

When a deploy crashes, DenkOps attaches a machine-readable ai_hint with the likely cause, file and line. Claude reads it, edits forward, and redeploys. No human in the loop for the common failures.

Zero-trust egress

All outbound traffic is denied by default. Whitelist domains explicitly; everything else is blocked and logged. Manage it with denkops egress add <domain>.

Secrets

Environment variables are managed by owners from the dashboard's project Environment variables panel, or via the MCP tools set_env, list_env, and unset_env. Agent tokens can read or write them only when granted the env scope at mint time (default: no access). Values are write-only, so they never appear in logs or the dashboard. A Redeploy (dashboard button or the redeploy MCP tool) applies staged changes.

Persistent state

Each project has a durable disk mounted at /persist, and it survives redeploys, restarts and crashes. The @denkopsai/sdk (bun) / denkops (python) SDK gives you a one-line key-value store there: denkops.store.set(key, value) / .get(key), persistence without wiring up an external database.