Skip to main content
The Builder MCP server (@gavai/builder-mcp) is the hand-curated MCP surface for the operations a page editor actually performs — reading workspaces, patching the page document, publishing versions, and walking the block and component schemas. It is bundled with the gavAI CLI and reuses your CLI session, so once you have run gavai login, registering it with Claude is a one-line config change. By the end of this page you will know what tools the server exposes, how to wire it into Claude Desktop, and what an end-to-end edit looks like on the wire.

At a glance

Package@gavai/builder-mcp (bundled in the gavAI CLI)
Transportstdio (JSON-RPC)
Commandgavai mcp
Auth~/.config/gavai/credentials.json, written by gavai login
Tools14 (see below)

Install and authenticate

The server ships inside the gavAI CLI, so installing the CLI is installing the server. See CLI overview for the install command on your platform. After install, run the login flow once:
gavai login
This opens a browser, completes OAuth, and writes credentials to ~/.config/gavai/credentials.json. The MCP server reads that file on every tool call and refreshes the token automatically — you do not handle bearer tokens by hand.

Register the server

Tools

The server registers 14 tools, grouped by what they touch.

Workspace and app document

Blocks and components

Theme

Each tool dispatches to a single REST endpoint — for example, patch_tenant_app calls and publish_tenant_version calls .

How clients discover them

The names and full input schemas are returned by the standard MCP tools/list call. Claude Desktop, Cursor, and other hosts use that response to present the tool list and validate inputs before invoking them — this is part of the protocol, not a gavAI extension. Here is the exchange when a user says “Add a Pricing link to the navigation on acme and ship it”: Three properties of the exchange are worth pulling out:
  • The AI never touches a credential. The MCP server reads ~/.config/gavai/credentials.json and attaches the bearer token on every API call.
  • Every edit is a JSON Patch. patch_tenant_app rejects free-form rewrites; the AI must produce RFC 6902 operations against the current document.
  • Publishing is an explicit second call. patch_tenant_app writes a draft. The draft is only visible on the live site after publish_tenant_version. A failed publish does not roll the patch back.

Security

The server runs with the privileges of your CLI session. Any tool call the host makes — patch, publish, theme rewrite — executes against your active workspace with your credentials. Two practical rules:
  • Treat the connected workspace like production. AI chains tool calls; a chain ending in publish_tenant_version reaches your live site. Point experimentation at a test workspace.
  • Revoke when done. Run gavai logout to invalidate the session locally, or revoke it in the console under Settings → Sessions.

Where to next