@yawlabs/mcph

One install. All your MCP servers. Managed from the cloud.

mcph is an MCP server that orchestrates all your other MCP servers. Configure your servers once on mcp.hosting, install mcph in your client, and never hand-edit MCP JSON configs again.

How it works

Your MCP client (Claude Code, Cursor, etc.)
    |
    |  single stdio connection
    v
@yawlabs/mcph
    |         |         |
    v         v         v
  GitHub    Slack    Stripe     ← your MCP servers (local or remote)

1. You add servers on mcp.hosting (name, command, args, env vars)
2. mcph pulls your config on startup
3. You use a handful of meta-tools to control which servers are active:
   • mcp_connect_dispatch — describe a task in plain English; mcph picks the right server, activates it, and exposes its tools. The fast path when you know what you want.
   • mcp_connect_discover — list all configured servers, optionally ranked by relevance to a context string. Auto-activates the top match when one server clearly wins.
   • mcp_connect_activate — connect specific servers by namespace.
   • mcp_connect_deactivate — disconnect and remove tools.
   • mcp_connect_import — bulk-import servers from an existing client config (claude_desktop_config.json, mcp.json, etc.).
   • mcp_connect_health — show call counts, error rates, and latency per active connection.
   • mcp_connect_suggest — surface recurring multi-server workflows mcph has watched in this session. When you repeatedly use gh → linear → slack for the same kind of task, suggest lists the pattern so you can dispatch it as one intent next time.

Only activated servers load tools into context. This keeps your context window clean.

Ranking is two-stage when the backend has a Voyage embeddings key configured: a local BM25 pass narrows to a shortlist, then a /api/connect/rerank call semantically reorders. With no key on the backend it gracefully degrades to BM25-only — dispatch and discover(context) keep working, just with slightly weaker ranking on ambiguous queries.

On top of the ranker, mcph applies three session-local signals to dispatch scores:

• Health-aware: servers that have recently failed to activate or have high error rates get down-ranked. Never boosts above raw — "all else equal, prefer the one that works".
• Learning: servers that have succeeded this session get a small (+10% max) nudge, so the router remembers what's been useful.
• Sampling tiebreak: when the top two candidates are within 10% of each other and your client supports MCP sampling, mcph asks your client's LLM to pick. Uses the model you're already running — no extra provider key, no extra cost to mcph.

Install

One command (recommended)

npx -y @yawlabs/mcph install <claude-code|claude-desktop|cursor|vscode> --token mcp_pat_your_token_here

This:

1. Edits the chosen client's config file (correct path for your OS, correct JSON shape) to launch mcph.
2. Writes your token to ~/.mcph.json so every other client you install picks it up automatically — no need to copy the token into each client's env block.
3. On Windows, wraps npx in cmd /c (without this, MCP clients hit ENOENT on the npx.cmd shim).

Run it once per client. To rotate the token later, run install again with --token — both files get rewritten.

Helpful flags:

• --scope user|project|local — which file to write (Claude Code + Cursor support project/local; VS Code is workspace-only; Claude Desktop is user-only).
• --dry-run — print the diff and exit without writing.
• --force / --skip — overwrite or leave an existing mcp.hosting entry. Without either, mcph prompts (TTY) or refuses (non-TTY).
• --no-mcph-config — write only the client config; leave ~/.mcph.json untouched.

Or edit the JSON by hand if you'd rather.

Diagnose problems — mcph doctor

npx -y @yawlabs/mcph doctor

Prints the loaded config files, your token's source + fingerprint (last 4 chars), the API base URL, and which MCP clients on this machine have an mcp.hosting entry. Exits 0 healthy / 1 no token / 2 warnings (e.g. world-readable token file). Paste the full output into a support ticket and we can usually pinpoint the issue from that alone.

Getting your token

1. Sign up at mcp.hosting
2. Go to Settings > API Tokens
3. Create a token — it starts with mcp_pat_
4. Pass it to mcph install as shown above

Manual install

If you'd rather edit the config files yourself, the JSON shapes are:

Claude Code, Cursor, Claude Desktop — top-level key mcpServers:

{
  "mcpServers": {
    "mcp.hosting": {
      "command": "npx",
      "args": ["-y", "@yawlabs/mcph"]
    }
  }
}

VS Code — top-level key servers (NOT mcpServers) in .vscode/mcp.json:

{
  "servers": {
    "mcp.hosting": {
      "command": "npx",
      "args": ["-y", "@yawlabs/mcph"]
    }
  }
}

Windows — command: "cmd", args: ["/c", "npx", "-y", "@yawlabs/mcph"] (the cmd /c wrapper is required because npx.cmd is a shim).

Then put your token in ~/.mcph.json so mcph picks it up at startup:

{
  "version": 1,
  "token": "mcp_pat_your_token_here"
}

Or set MCPH_TOKEN in the client's env block — both work.

Adding servers

On mcp.hosting, add each MCP server you want to orchestrate:

Usage

Fast path — dispatch

When you know what you want to do, skip the discover/activate dance:

> Create a GitHub issue for the login bug

[mcp_connect_dispatch is called with intent="create a GitHub issue for the login bug"]

Dispatched "create a GitHub issue for the login bug" — activated top 1 of 1 matching server.
gh (score 4.32): Activated "gh" — 24 tools: gh_create_issue, gh_list_prs, ...

[gh_create_issue is then called, returns the new issue]

dispatch ranks every configured server, activates the top match, and immediately exposes its tools so the LLM can call them. Default budget is 1 (one server). For tasks that need multiple servers, pass budget: 3 etc.

Manual control

> What MCP servers do I have?

Available MCP servers:

  gh — GitHub [available] (local)
  slack — Slack [available] (local)
  stripe — Stripe [available] (local)

0 active, 0 tools loaded.

> Activate my GitHub server

Activated "gh" — 24 tools available: gh_create_issue, gh_list_prs, ...

You can activate multiple at once: > Activate GitHub and Slack. Tools are namespaced as {namespace}_{original_tool_name} to prevent collisions. The tool list updates automatically via tools/list_changed.

> Deactivate GitHub when you're done

Deactivated "gh". Tools removed.

Servers also auto-deactivate after ~10 tool calls to other servers, so context stays clean even if you forget. The threshold is adaptive per-namespace: a server that's been called in bursts recently gets more patience (up to +20) before it's deactivated, so heavily-used servers don't get torn down mid-task. Long-idle servers still deactivate at the baseline.

.mcph.json config file

mcph reads its own config from .mcph.json files at three optional locations (highest precedence first):

Full schema:

{
  // Schema version. mcph >= 0.11 emits version 1; older fields stay
  // readable. Newer versions log a warning so an old mcph can't silently
  // miss new fields.
  "version": 1,

  // Personal access token from mcp.hosting → Settings → API Tokens.
  // env MCPH_TOKEN still wins over the file value.
  "token": "mcp_pat_your_token_here",

  // API base override — point mcph at a self-hosted backend or staging.
  // Defaults to https://mcp.hosting. env MCPH_URL still wins.
  "apiBase": "https://mcp.hosting",

  // Project profile: which namespaces are allowed.
  "servers": ["gh", "pg", "linear"],

  // Project profile: namespaces denied even if in `servers`.
  "blocked": ["prod-db"]
}

Comments are allowed (line // and block /* … */) — handy for documenting a shared .mcph.json checked into git.

Resolution:

• Token — MCPH_TOKEN env > local > global. (token in the project file is ignored and warned: it'd get committed to git.)
• apiBase — MCPH_URL env > local > project > global > https://mcp.hosting.
• servers allow-list — project wins if set, else local, else global.
• blocked deny-list — UNION across every scope that sets it (fail-safe on deny).
• Malformed files log a warning and fall through — fail-open so a typo doesn't brick the session.
• On POSIX, mcph warns if the file contains a token and is readable by group/other; run chmod 600 ~/.mcph.json to silence it.

Token rotation: mcph reads its config at startup. After editing ~/.mcph.json, restart the MCP client (or kill mcph; the client respawns it).

MCPH_PROFILE=/path/to/profile.json overrides project-walk-up discovery and skips user-global entirely (same behavior as before). mcp_connect_health shows which file(s) are currently applied.

Elicitation for missing credentials

When a server fails to start with stderr like GITHUB_TOKEN is required and your client advertises the MCP elicitation capability, mcph prompts you for the missing value inline and retries activation. Values stay in-memory for the current mcph session only — persist them in the mcp.hosting dashboard if you want them across restarts.

Test from the dashboard

The /dashboard/connect page in mcp.hosting has a Test button per server that probes activation through your running mcph and shows pass/fail inline — no LLM round-trip needed. Useful when you've just added a server and want to confirm the token works without prompting your AI.

Errors come with deep-links

When activation fails (missing token, runtime not on PATH, server crashes on init), mcph emits a message ending with → Edit at https://mcp.hosting/dashboard/connect#server-<id>. Most LLMs render that as a clickable link, and the dashboard scrolls to and highlights the matching card so you find the right server in one click.

Config sync

mcph polls mcp.hosting every 60 seconds for config changes. When you add, remove, or modify a server on the dashboard, mcph picks it up automatically — no restart needed.

Environment variables

Runtime detection

On startup, mcph probes your machine for node, npx, python, uvx, and docker and reports the snapshot to mcp.hosting. The dashboard uses this to warn before you add a catalog server whose runtime isn't installed (e.g., adding the Sentry server when Python isn't on your PATH). No prompt, no LLM round-trip — just a yellow banner on the Add Server form.

The detection is best-effort: each probe has a 3-second timeout and missing runtimes are recorded as absent rather than blocking startup. mcph itself only requires Node.js — every other runtime is optional and only matters for servers that need it.

Automatic uv bootstrap

The popular Python-based MCP servers (fetch, sqlite, time, sentry, etc.) all launch via Astral's uv/uvx. mcph ships its own bootstrap for these: on first encounter with a uv/uvx command, if the binary isn't on your PATH, mcph lazily downloads Astral's standalone uv release, verifies the sha256, and caches it under the platform-appropriate cache dir. Subsequent activations reuse the cached binary. If you already have uv installed, mcph uses your version and never downloads.

uvx ARGS is always rewritten to uv tool run ARGS at spawn time — so only uv needs to be reachable, not uvx separately. Fixes Windows setups where one was on PATH and the other wasn't.

Requirements

• Node.js 18+
• An mcp.hosting account

Links

• mcp.hosting — Dashboard and server management
• @yawlabs/mcp-compliance — Test your MCP servers for spec compliance
• GitHub — Source code and issues