Appcrane
@gitayg
AppCrane is the self-hosted home for the apps your AI builds and your AI deploys. It exposes 35 appcrane_* MCP tools so any MCP client (Claude Code, Cursor, Codex) can run the full deploy lifecycle — create app, deploy to sandbox/production, manage secrets, stream logs, list rele
概览
What is Appcrane?
Appcrane is a self-hosted, agent-first deployment platform that lets AI agents deploy apps — built with tools like Claude Code or Cursor — to a server you own. It acts as a self-hosted alternative to Heroku, Vercel, and hosted agent-deploy services like AppDeploy, adding enterprise guardrails and a full MCP tool surface.
How to use Appcrane?
Connect any MCP client to your Appcrane instance via HTTP at https://YOUR-SERVER/api/mcp, authenticating with the X-API-Key header. The server exposes 35 appcrane_* tools that cover the entire deploy lifecycle, so your agent can operate without curl or shell commands.
Key features of Appcrane
- 35 MCP tools for the full deploy lifecycle (create, deploy, promote, rollback)
- Secret hard-wall: platform operators cannot read encrypted env vars or app data
- Enterprise SSO with SAML 2.0, OIDC, and SCIM provisioning
- Four-role model (Platform Owner, App Owner, App Admin, App User) per app
- Docker isolation per app, dual sandbox/prod environments, zero-downtime deploys, auto-HTTPS (Caddy)
- Managed apps: Appcrane can own the GitHub repo via a service account for non‑GitHub users
Use cases of Appcrane
- Vibe‑code an app with Claude Code or Cursor, then have your AI agent deploy it to your own server
- Run a self-hosted PaaS for teams that need enterprise SSO and role‑based access control per app
- Securely deploy AI‑built applications while keeping secrets (API keys) encrypted and unreachable by the platform operator
- Let non‑GitHub users ship apps via a managed GitHub repo owned by Appcrane
FAQ from Appcrane
What MCP tools does Appcrane expose?
Appcrane offers 35 appcrane_* tools including appcrane_create_app, appcrane_deploy (sandbox/production), appcrane_promote, appcrane_rollback, appcrane_set_secret, appcrane_get_secret, appcrane_get_logs, appcrane_list_releases, appcrane_get_deploy_log, appcrane_cp (push files to a container’s /data), appcrane_list_apps, and appcrane_get_guide. Every tool call is bound to a user and audit‑logged.
How does the secret hard-wall work?
Appcrane enforces encryption at the middleware layer so that platform operators cannot read environment variables or app data. Your model API keys and other secrets remain exclusively yours.
Does Appcrane support single sign-on?
Yes. Appcrane supports enterprise SSO via SAML 2.0, OIDC, and SCIM provisioning.
What isolation and deployment features are available?
Each app runs in its own Docker container. Appcrane provides dual sandbox and production environments, zero‑downtime deploys, and automatic HTTPS via Caddy.
How do I connect an AI agent to Appcrane?
Configure your MCP client with an HTTP transport pointing to https://YOUR-SERVER/api/mcp and pass your API key in the X-API-Key header.
