Summary
Wires VibeLogin's hosted auth service directly into your editor so agents can scaffold complete sign-in flows without context switching. Exposes five tools: create projects, list or fetch existing ones, configure auth methods and OAuth providers, and scaffold framework-specific login UIs into your codebase. The agent handles the full flow,create a project, enable email/password or Google OAuth, drop middleware and callback handlers into Next.js or Vite, write example env files. First run opens a browser for OAuth consent, then caches credentials locally for 30 days. Useful when you want working authentication in a new app without manually wiring SDKs, redirect URLs, or provider credentials.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
@vibelogin/mcp
Add authentication to your app without leaving your IDE. MCP server for Cursor, Claude Code, Windsurf, and Cline.
Just say "add authentication to my app" — the agent creates your project, configures auth methods, wires up Google OAuth, and scaffolds a working sign-in flow into your codebase. All from your editor's chat.
Install
No global install needed. Wire it into your MCP client config once and it runs on demand via bunx.
Client configuration
One snippet works in every client. Paste this into your MCP settings and you're done.
{
"mcpServers": {
"vibelogin": {
"command": "bunx",
"args": ["@vibelogin/mcp"]
}
}
}
The first tool call opens a browser for one-click consent. After that, tokens are cached under ~/.vibelogin/credentials.json — you won't be asked to log in again for 30 days.
Claude Desktop / Claude Code
~/Library/Application Support/Claude/claude_desktop_config.json (macOS):
{
"mcpServers": {
"vibelogin": {
"command": "bunx",
"args": ["@vibelogin/mcp"]
}
}
}
Cursor
~/.cursor/mcp.json (or per-project .cursor/mcp.json):
{
"mcpServers": {
"vibelogin": {
"command": "bunx",
"args": ["@vibelogin/mcp"]
}
}
}
Windsurf / Cline / Zed
Same shape — every MCP client accepts a command + args block. The one-liner above works in all of them.
That's it — no environment variables needed. Defaults point to production automatically.
Authentication
On first use, a browser window opens for one-click consent. After that, you're authenticated for 30 days — no further prompts.
Tools
The agent picks the right tools automatically based on your conversation. Just say what you need.
create_project
Creates a new VibeLogin project in your org. Returns the project's id, slug, oauthSlug, environment, publishable key, and secret key (shown once).
| Param | Type | Required | Description |
|---|---|---|---|
name | string | yes | Human-readable project name. |
slug | string | no | URL-safe slug; auto-generated from name if omitted. |
environment | enum | no | production | development | staging (default production). |
list_projects
Lists every project in your org. Use this when the agent needs to discover what already exists before creating something new.
No parameters.
get_project
Look up a single project by id, slug, or oauthSlug.
| Param | Type | Required | Description |
|---|---|---|---|
idOrSlug | string | yes | Project id, slug, or oauthSlug. |
configure_auth
Toggle auth methods, set redirect URLs, and/or wire up Google OAuth. Field-level updates — anything you don't set is left untouched.
| Param | Type | Required | Description |
|---|---|---|---|
projectId | string | yes | The project's id. |
methods.emailPassword | boolean | no | Enable email + password sign-in. |
methods.magicLink | boolean | no | Enable magic link emails. |
methods.emailOtp | boolean | no | Enable 6-digit email OTP codes. |
methods.passwordReset | boolean | no | Enable password reset emails. |
methods.emailVerification | boolean | no | Require email verification on signup. |
google.clientId | string | with google | Google OAuth client ID (from Google Cloud Console). |
google.clientSecret | string | with google | Google OAuth client secret. |
google.enabled | boolean | no | Default true. |
redirectUrls | string[] | no | Overwrites the project's allowed redirect URL list. |
If you call this without google, the response includes the exact Google Cloud Console URL + redirect URI you need to set up the credentials.
add_auth_to_project
Scaffold a working sign-in flow into your codebase. Detects the framework from package.json and writes non-destructive files (existing files are skipped, never clobbered).
Supported frameworks today: Next.js (App Router), Vite + React. Refused with guidance: Remix, Astro, Express, unknown.
| Param | Type | Required | Description |
|---|---|---|---|
projectDir | string | yes | Absolute path to the project root. |
slug | string | yes | The project's oauthSlug (from create_project). |
publishableKey | string | yes | The project's publishable key. |
appUrl | string | yes | Your app's origin (e.g. https://myapp.com). |
Files written for Next.js
middleware.ts # hostedAuthMiddleware
app/auth/callback/route.ts # createCallbackHandler
app/login/page.tsx # <VibeLogin />
.env.local.example # publishable key + secret placeholder
Next steps printed by the tool:
pnpm add @vibelogin/nextjs- Copy
.env.local.example→.env.local, fillVIBELOGIN_SECRET_KEY pnpm dev→ open/login
Files written for Vite + React
src/auth/VibeLoginProvider.tsx # context + useVibeLogin() hook
src/auth/Login.tsx # /login redirect to hosted UI
src/auth/Callback.tsx # /auth/callback handler
.env.example # VITE_-prefixed publishable key
Next steps printed by the tool:
pnpm add @vibelogin/react react-router-dom- Wrap
<App/>in<VibeLoginProvider/> - Add routes
/loginand/auth/callback - Copy
.env.example→.env.local pnpm dev→ open/login
Example conversations
You: "Add VibeLogin to this Next.js app. Email + password and Google sign-in."
Agent: (calls
create_project { name: "myapp", environment: "production" }) Createdmyapp(pk_live_…). (callsconfigure_auth { projectId, methods: { emailPassword: true } }) Email + password enabled. To turn on Google, I need a Client ID and Secret from Google Cloud Console — here's the redirect URI to authorize:https://api.vibelogin.com/oauth/myapp-xyz/google/callback. (after you paste creds:) (callsconfigure_auth { google: { clientId, clientSecret } }) (callsadd_auth_to_project { projectDir: ".", slug: "myapp-xyz", publishableKey: "pk_live_…", appUrl: "https://myapp.com" }) Scaffold complete (next). Wrotemiddleware.ts,app/auth/callback/route.ts,app/login/page.tsx,.env.local.example. Runpnpm add @vibelogin/nextjs && pnpm devand open/login.
You: "What projects do I have already?"
Agent: (calls
list_projects) You have 3:myapp(production),myapp-staging(staging),internal-tools(development).
Security
- No secrets in the agent — authentication uses loopback OAuth + PKCE (RFC 8252)
- Single-use authorization codes with 2-minute TTL
- Rotated refresh tokens — every refresh invalidates the previous one
- Credentials stored securely —
chmod 600on~/.vibelogin/credentials.json
Supported frameworks
| Framework | Status |
|---|---|
| Next.js (App Router) | Fully supported |
| Vite + React | Fully supported |
| Remix, Astro, Express | Coming soon |
License
Apache-2.0
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Categories
Registryactive
Package@vibelogin/mcp
TransportSTDIO
UpdatedApr 9, 2026
