Official Heroku Platform MCP server that connects Claude and other MCP clients to Heroku apps, dynos, add-ons, pipelines, Private Spaces, maintenance mode, logs, deployments, one-off dynos, Heroku Postgres, and optional Heroku AI tools through the Heroku CLI.
Heroku documents the server as early development, and the available functionality and tools may evolve. Re-check the Dev Center page and repo before using it for production-sensitive workflows., Prefer `heroku mcp:start` because it uses the current Heroku CLI authentication context and avoids placing a Heroku API token directly in MCP client configuration., The server can perform account-write and production-impacting operations: creating and renaming apps, transferring apps, deploying projects, running one-off dynos, scaling and restarting dynos, provisioning add-ons, toggling maintenance mode, creating and promoting pipelines, and managing Private Space resources., Heroku Postgres tools can execute SQL, inspect active queries and locks, manage credentials, terminate database processes, manage backups, and start upgrades. Treat those tools as database administration capabilities, not read-only observability., `deploy_one_off_dyno` can execute generated code or commands on a Heroku one-off dyno with file creation, network access, environment variables, and automatic cleanup. Do not run unreviewed code from prompts, issues, pull requests, or third-party repositories., The server does not document a global read-only mode. Limit the Heroku account, team, app, pipeline, and database permissions available to the MCP client before connecting it to an assistant., Cost-bearing operations such as app creation, dyno scaling, add-on provisioning, one-off dynos, AI model provisioning, database backups, and database upgrades should require explicit human approval and a clear target app or team., Use staging apps, disposable review apps, narrow Heroku teams, and short-lived authorization tokens before allowing an agent near production apps, production databases, Shield Spaces, or regulated workloads.
Privacy notes
Tool results can expose Heroku account context, team names, app names, regions, stack and runtime details, dyno names, process types, add-ons, pipeline names, Private Space names, database identifiers, logs, SQL text, query output, query plans, credentials metadata, backup metadata, and deployment details., `HEROKU_API_KEY` is an authorization token for the Heroku account context that created it. Keep it out of prompts, screenshots, shell history, repository files, shared MCP configs, and client logs., The preferred CLI-auth flow still grants the MCP server whatever access the local Heroku CLI session has. Review the active Heroku account before connecting the server to a client., App logs and deployment output can include request data, error traces, customer identifiers, webhook payloads, add-on connection hints, and secrets accidentally printed by application code., Postgres query results, backup output, locks, active queries, credential metadata, and upgrade output can contain sensitive schema names, tenant records, operational metadata, and personally identifiable information., Client-side transcripts, MCP debug logs, Heroku CLI output, VS Code debug settings, and assistant conversations may retain Heroku account and database details outside Heroku.
Author
Heroku
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-04
Decision playbook
Review trust signals before you adopt
Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.
Compare context
Selected
0
Current score
78
Baseline
—
Delta
No baseline selected
No major trust-signal divergence detected in the current selection.
Source and provenance checks
Complete
Confirm ownership and provenance before trusting install instructions.
Source link availableRequired
Open the canonical repository and verify ownership.
Done
Source provenance statusRequired
Marked as source-backed.
Done
Metadata reviewed
Registry metadata indicates a reviewed listing.
Done
Safety and privacy checks
Complete
Validate risk disclosures before installation or API wiring.
Safety notes presentRequired
Review the listed safety guidance before running commands.
Done
Privacy notes presentRequired
Review data handling notes before connecting accounts or secrets.
Done
Trust level risk gateRequired
Trust level does not block evaluation.
Done
Package and install checks
Needs review
Check package metadata and artifact integrity signals.
Install payload available
Install or copy payload is available for review.
Done
Package verification flag
No package verification flag provided.
Pending
Checksum metadata
No checksum provided for downloaded artifact.
Pending
Compare-driven decision checks
Needs review
Use compare context to validate trade-offs before adoption.
Compare tray has multiple entries
Add at least one more entry to compare trust differences.
8 safety and 6 privacy notes across 5 risk areas. Review closely: credentials & tokens, permissions & scopes, network access.
5 areas
SafetyGeneralHeroku documents the server as early development, and the available functionality and tools may evolve. Re-check the Dev Center page and repo before using it for production-sensitive workflows.
SafetyCredentials & tokensPrefer `heroku mcp:start` because it uses the current Heroku CLI authentication context and avoids placing a Heroku API token directly in MCP client configuration.
SafetyExecution & processesThe server can perform account-write and production-impacting operations: creating and renaming apps, transferring apps, deploying projects, running one-off dynos, scaling and restarting dynos, provisioning add-ons, toggling maintenance mode, creating and promoting pipelines, and managing Private Space resources.
SafetyCredentials & tokensHeroku Postgres tools can execute SQL, inspect active queries and locks, manage credentials, terminate database processes, manage backups, and start upgrades. Treat those tools as database administration capabilities, not read-only observability.
SafetyNetwork access`deploy_one_off_dyno` can execute generated code or commands on a Heroku one-off dyno with file creation, network access, environment variables, and automatic cleanup. Do not run unreviewed code from prompts, issues, pull requests, or third-party repositories.
SafetyPermissions & scopesThe server does not document a global read-only mode. Limit the Heroku account, team, app, pipeline, and database permissions available to the MCP client before connecting it to an assistant.
SafetyGeneralCost-bearing operations such as app creation, dyno scaling, add-on provisioning, one-off dynos, AI model provisioning, database backups, and database upgrades should require explicit human approval and a clear target app or team.
SafetyCredentials & tokensUse staging apps, disposable review apps, narrow Heroku teams, and short-lived authorization tokens before allowing an agent near production apps, production databases, Shield Spaces, or regulated workloads.
PrivacyCredentials & tokensTool results can expose Heroku account context, team names, app names, regions, stack and runtime details, dyno names, process types, add-ons, pipeline names, Private Space names, database identifiers, logs, SQL text, query output, query plans, credentials metadata, backup metadata, and deployment details.
PrivacyCredentials & tokens`HEROKU_API_KEY` is an authorization token for the Heroku account context that created it. Keep it out of prompts, screenshots, shell history, repository files, shared MCP configs, and client logs.
PrivacyCredentials & tokensThe preferred CLI-auth flow still grants the MCP server whatever access the local Heroku CLI session has. Review the active Heroku account before connecting the server to a client.
PrivacyCredentials & tokensApp logs and deployment output can include request data, error traces, customer identifiers, webhook payloads, add-on connection hints, and secrets accidentally printed by application code.
PrivacyCredentials & tokensPostgres query results, backup output, locks, active queries, credential metadata, and upgrade output can contain sensitive schema names, tenant records, operational metadata, and personally identifiable information.
PrivacyExecution & processesClient-side transcripts, MCP debug logs, Heroku CLI output, VS Code debug settings, and assistant conversations may retain Heroku account and database details outside Heroku.
Safety notes
Heroku documents the server as early development, and the available functionality and tools may evolve. Re-check the Dev Center page and repo before using it for production-sensitive workflows.
Prefer `heroku mcp:start` because it uses the current Heroku CLI authentication context and avoids placing a Heroku API token directly in MCP client configuration.
The server can perform account-write and production-impacting operations: creating and renaming apps, transferring apps, deploying projects, running one-off dynos, scaling and restarting dynos, provisioning add-ons, toggling maintenance mode, creating and promoting pipelines, and managing Private Space resources.
Heroku Postgres tools can execute SQL, inspect active queries and locks, manage credentials, terminate database processes, manage backups, and start upgrades. Treat those tools as database administration capabilities, not read-only observability.
`deploy_one_off_dyno` can execute generated code or commands on a Heroku one-off dyno with file creation, network access, environment variables, and automatic cleanup. Do not run unreviewed code from prompts, issues, pull requests, or third-party repositories.
The server does not document a global read-only mode. Limit the Heroku account, team, app, pipeline, and database permissions available to the MCP client before connecting it to an assistant.
Cost-bearing operations such as app creation, dyno scaling, add-on provisioning, one-off dynos, AI model provisioning, database backups, and database upgrades should require explicit human approval and a clear target app or team.
Use staging apps, disposable review apps, narrow Heroku teams, and short-lived authorization tokens before allowing an agent near production apps, production databases, Shield Spaces, or regulated workloads.
Privacy notes
Tool results can expose Heroku account context, team names, app names, regions, stack and runtime details, dyno names, process types, add-ons, pipeline names, Private Space names, database identifiers, logs, SQL text, query output, query plans, credentials metadata, backup metadata, and deployment details.
`HEROKU_API_KEY` is an authorization token for the Heroku account context that created it. Keep it out of prompts, screenshots, shell history, repository files, shared MCP configs, and client logs.
The preferred CLI-auth flow still grants the MCP server whatever access the local Heroku CLI session has. Review the active Heroku account before connecting the server to a client.
App logs and deployment output can include request data, error traces, customer identifiers, webhook payloads, add-on connection hints, and secrets accidentally printed by application code.
Postgres query results, backup output, locks, active queries, credential metadata, and upgrade output can contain sensitive schema names, tenant records, operational metadata, and personally identifiable information.
Client-side transcripts, MCP debug logs, Heroku CLI output, VS Code debug settings, and assistant conversations may retain Heroku account and database details outside Heroku.
Prerequisites
Heroku account with access to the apps, teams, pipelines, Private Spaces, add-ons, Heroku Postgres databases, or AI resources Claude should inspect or manage.
Heroku CLI 10.8.1 or later installed globally and authenticated with the intended Heroku account.
Node.js 20 or later when running the npm package directly with `npx -y @heroku/mcp-server`.
MCP-capable client configuration for Claude Desktop, Cursor, VS Code, Zed, Windsurf, Cline, Trae, or another stdio-compatible client.
Authorization plan for using the current Heroku CLI session through `heroku mcp:start` or a Heroku authorization token in `HEROKU_API_KEY`.
Deployment and database safety plan for app creation, renaming, transfer, dyno scaling, restarts, add-on provisioning, maintenance mode, pipeline promotion, SQL execution, Postgres credentials, backups, and upgrades.
Review process for any agent action that can create billable resources, deploy code, execute one-off dynos, change production traffic, or modify a Heroku Postgres database.
Heroku MCP Server connects Claude and other MCP-capable clients to the Heroku
Platform through a local stdio server backed by the Heroku CLI. It gives an
assistant tools for listing and inspecting apps, managing dynos, reading logs,
provisioning add-ons, creating pipelines, promoting releases, toggling
maintenance mode, deploying projects, running one-off dynos, operating Heroku
Postgres, and optionally using Heroku AI tools when the Heroku AI CLI plugin is
installed.
The safest setup is Heroku's recommended heroku mcp:start command, because it
uses the active Heroku CLI session instead of storing a raw Heroku API token in
MCP client configuration. Treat the connected client as an operator with the
same Heroku access as the authenticated CLI session.
Features
Official Heroku Platform MCP server maintained in the heroku/heroku-mcp-server
repository.
Stdio MCP server that runs through Heroku CLI 10.8.1 or later.
Dyno and process tools for listing, scaling, resizing, and restarting dynos.
Add-on tools for listing add-ons, inspecting add-ons, provisioning add-ons,
and listing add-on services and plans.
Maintenance and logs tools for enabling or disabling maintenance mode and
reading application logs.
Pipeline tools for creating, listing, inspecting, and promoting Heroku
pipelines.
Team and space tools for listing teams and Private Spaces.
Heroku Postgres tools for SQL execution, database details, active queries,
locks, outliers, credentials, process termination, maintenance, backups, and
upgrades.
Optional Heroku AI tools for listing available models, provisioning model
access, and making inference requests when the @heroku/plugin-ai CLI plugin
is installed.
Dev Center resource support for bringing Heroku documentation into compatible
MCP clients.
Use Cases
Ask Claude to inventory Heroku apps, dynos, add-ons, teams, spaces, and
pipelines before a migration or cleanup.
Inspect app metadata and logs while debugging a failed deploy or runtime
incident.
Scale or restart dynos during a supervised staging incident-response drill.
Create a disposable app or pipeline from an app.json project definition.
Run a short-lived one-off dyno to test a script after reviewing the generated
code and target app.
Inspect Heroku Postgres locks, outliers, active queries, backup state, or
maintenance windows.
Execute SQL in development or staging databases while keeping production
databases out of the MCP client's credentials.
Pull Heroku Dev Center context into a Claude workflow while building or
operating Heroku apps.
Installation
Preferred Heroku CLI setup
Install or upgrade the Heroku CLI, authenticate with the intended account, and
confirm version 10.8.1 or later:
heroku --version
heroku auth:whoami
Then configure the MCP client to launch the server through the Heroku CLI:
Generate a token with heroku authorizations:create, heroku auth:token, or
the Heroku Dashboard's account applications page. Rotate and revoke tokens when
they are no longer needed.
Configuration
Request timeout
The npm server supports MCP_SERVER_REQUEST_TIMEOUT, defaulting to 15000
milliseconds when unset:
Use longer timeouts for operations that regularly wait on Heroku CLI output, but
avoid masking hung or ambiguous deployment/database operations.
Heroku account scoping
Before connecting the server, run:
heroku auth:whoami
heroku apps --team YOUR_TEAM
Confirm the authenticated account, team, and target apps are the ones you want
the assistant to see. If the workflow only needs staging access, authenticate a
dedicated Heroku account or team role with staging-only permissions.
Examples
Ask Claude to inspect app and pipeline state:
Use the Heroku MCP server to list apps for the staging team, summarize dyno
formation and add-ons for APP_NAME, and do not change anything.
Ask for a supervised logs review:
Read the latest Heroku logs for APP_NAME, identify likely startup failures, and
propose fixes. Do not restart dynos or change config.
Run a database investigation only after scoping the target:
Use pg_info, pg_locks, and pg_outliers on the staging database for APP_NAME.
Do not run pg_psql, pg_kill, pg_credentials, pg_backups, or pg_upgrade unless I
approve the exact command and target.
The Dev Center page says the server is early development and currently
supports Heroku CLI 10.8.1 or later.
The README and manifest list app, dyno, add-on, maintenance, log, pipeline,
team, space, Postgres, deployment, one-off dyno, optional AI, and Dev Center
resource capabilities.
Duplicate Check
Checked current upstream content for Heroku titles, slugs, source URLs,
heroku-mcp-server, @heroku/mcp-server, heroku mcp:start, and Dev Center
MCP docs.
Checked live open issues and pull requests for Heroku MCP and
heroku-mcp-server.
No dedicated Heroku MCP entry, source URL duplicate, target file duplicate, or
open duplicate PR was found before drafting.
Disclosure
This is an independent community directory entry submitted by oktofeesh1.
Heroku is a Salesforce platform, but this listing is not sponsored, paid,
affiliate-backed, or submitted by Heroku. Use Heroku's current pricing,
security, compliance, and support documentation when deciding whether to connect
an AI assistant to real Heroku resources.
Show that Heroku MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/mcp/heroku-mcp-server)
How it compares
Heroku MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
1 trust signal differ across this comparison (Submitter).
Official Heroku Platform MCP server that connects Claude and other MCP clients to Heroku apps, dynos, add-ons, pipelines, Private Spaces, maintenance mode, logs, deployments, one-off dynos, Heroku Postgres, and optional Heroku AI tools through the Heroku CLI.
Connect Claude to DigitalOcean — manage Apps, Droplets, managed Databases, Kubernetes, Container Registry, networking, and Functions — with DigitalOcean's official Model Context Protocol server.
The official Render MCP server lets LLMs manage Render resources: create and manage web services, static sites, cron jobs, Postgres and Key-Value instances, monitor deploys, query logs and metrics, and run read-only SQL against Render Postgres.
✓Heroku documents the server as early development, and the available functionality and tools may evolve. Re-check the Dev Center page and repo before using it for production-sensitive workflows.
Prefer `heroku mcp:start` because it uses the current Heroku CLI authentication context and avoids placing a Heroku API token directly in MCP client configuration.
The server can perform account-write and production-impacting operations: creating and renaming apps, transferring apps, deploying projects, running one-off dynos, scaling and restarting dynos, provisioning add-ons, toggling maintenance mode, creating and promoting pipelines, and managing Private Space resources.
Heroku Postgres tools can execute SQL, inspect active queries and locks, manage credentials, terminate database processes, manage backups, and start upgrades. Treat those tools as database administration capabilities, not read-only observability.
`deploy_one_off_dyno` can execute generated code or commands on a Heroku one-off dyno with file creation, network access, environment variables, and automatic cleanup. Do not run unreviewed code from prompts, issues, pull requests, or third-party repositories.
The server does not document a global read-only mode. Limit the Heroku account, team, app, pipeline, and database permissions available to the MCP client before connecting it to an assistant.
Cost-bearing operations such as app creation, dyno scaling, add-on provisioning, one-off dynos, AI model provisioning, database backups, and database upgrades should require explicit human approval and a clear target app or team.
Use staging apps, disposable review apps, narrow Heroku teams, and short-lived authorization tokens before allowing an agent near production apps, production databases, Shield Spaces, or regulated workloads.
✓Coolify MCP Server can start, stop, restart, redeploy, cancel deployments, update env vars, create or delete projects, environments, applications, databases, services, backups, storages, scheduled tasks, private keys, GitHub apps, and cloud tokens depending on API permissions.
Batch tools such as `restart_project_apps`, `bulk_env_update`, `stop_all_apps`, and `redeploy_project` can affect multiple production services at once.
Deployment, control, backup, storage, private key, cloud token, GitHub app, and scheduled-task operations should require explicit confirmation.
Custom `--header` values may carry auth-proxy secrets; never let an agent invent, log, or modify them casually.
Test on non-production projects or staging resources before allowing Claude to operate live Coolify infrastructure.
✓Tools can create, update, restart, and delete live infrastructure (Apps, Droplets, Databases) — scope the API token and select only the --services you need.
Destructive actions (delete, rollback) act on production resources; confirm before running them through Claude.
✓Write-capable: tools can create and modify real Render infrastructure — create_web_service, create_static_site, create_cron_job, create_postgres, create_key_value, and update_environment_variables provision or change live resources that may incur billing.
update_environment_variables replaces the complete environment variable set for a service; an incomplete array can drop existing variables.
Created services run build and start commands you supply; treat generated commands as code execution on Render's platform.
The server reaches Render's API over the network; the hosted option (https://mcp.render.com/mcp) sends your requests through Render's hosted MCP endpoint.
Review and confirm tool calls before approving them, since an LLM can issue provisioning or env-var changes on your behalf.
Privacy notes
✓Tool results can expose Heroku account context, team names, app names, regions, stack and runtime details, dyno names, process types, add-ons, pipeline names, Private Space names, database identifiers, logs, SQL text, query output, query plans, credentials metadata, backup metadata, and deployment details.
`HEROKU_API_KEY` is an authorization token for the Heroku account context that created it. Keep it out of prompts, screenshots, shell history, repository files, shared MCP configs, and client logs.
The preferred CLI-auth flow still grants the MCP server whatever access the local Heroku CLI session has. Review the active Heroku account before connecting the server to a client.
App logs and deployment output can include request data, error traces, customer identifiers, webhook payloads, add-on connection hints, and secrets accidentally printed by application code.
Postgres query results, backup output, locks, active queries, credential metadata, and upgrade output can contain sensitive schema names, tenant records, operational metadata, and personally identifiable information.
Client-side transcripts, MCP debug logs, Heroku CLI output, VS Code debug settings, and assistant conversations may retain Heroku account and database details outside Heroku.
✓Coolify access tokens, base URLs, custom headers, application UUIDs, server IPs, domains, logs, env vars, deployment logs, private keys, cloud-provider tokens, GitHub app data, team membership, backups, database metadata, and service configuration can be exposed to the MCP client.
Application and deployment logs may contain secrets, customer data, build output, container metadata, private repository details, and runtime errors.
Environment variable and cloud-token tools can reveal or mutate sensitive infrastructure credentials.
Documentation search is local to the server, but Coolify API calls contact the configured Coolify instance.
Keep tokens and auth-proxy headers in local MCP client configuration only, and avoid sharing transcripts that include infrastructure identifiers or logs.
✓Resource metadata, logs, and metrics enter the MCP client context and the model's prompt.
The DIGITALOCEAN_API_TOKEN is a secret — store it in the client config or environment, never in shared repositories.
✓Authentication uses a RENDER_API_KEY scoped to your Render workspace(s); anyone with the key can manage those resources. Keep it in a server-scoped header or server-scoped env block, not a top-level/global env block shared with other MCP servers.
query_render_postgres runs SQL against your Render Postgres and returns row data to the LLM — query results may include sensitive application data.
Logs and metrics tools (list_logs, list_log_label_values, get_metrics) surface application log contents and performance data to the model.
update_environment_variables and service details can expose configuration values; avoid sending secrets you don't want the model to see.
When using the hosted server, requests transit Render's hosted MCP infrastructure rather than staying entirely local.
Prerequisites
Heroku account with access to the apps, teams, pipelines, Private Spaces, add-ons, Heroku Postgres databases, or AI resources Claude should inspect or manage.
Heroku CLI 10.8.1 or later installed globally and authenticated with the intended Heroku account.
Node.js 20 or later when running the npm package directly with `npx -y @heroku/mcp-server`.
MCP-capable client configuration for Claude Desktop, Cursor, VS Code, Zed, Windsurf, Cline, Trae, or another stdio-compatible client.
Running Coolify instance with API access enabled.
Coolify API access token scoped to the resources Claude may inspect or manage.
Node.js 20 or newer for the published npm server.
Review of which servers, projects, applications, databases, services, deployments, env vars, private keys, teams, cloud tokens, and scheduled tasks the token can access.
A DigitalOcean account.
A DigitalOcean API token (DIGITALOCEAN_API_TOKEN) with the scopes for the services you enable.
Node.js (npx) to run @digitalocean/mcp, or use the hosted remote endpoint.
An MCP client such as Claude Code or Claude Desktop.
A Render account
A Render API key created from Account Settings (dashboard.render.com/u/settings)
An MCP-compatible client (e.g. Claude Desktop, Cursor)
For the local binary only: the unzipped release executable, or Go to build from source
# Recommended: use Render's hosted MCP server (no local install required).
# Optional local binary — download from GitHub Releases, then point your
# MCP client at the unzipped executable:
# https://github.com/render-oss/render-mcp-server/releases