Title: VIP MCP tools
Author: bethurban
Published: July 2, 2026

---

 1. [Integrations](https://docs.wpvip.com/integrations/)
 2. [Integrations Center](https://docs.wpvip.com/integrations/center/)
 3. [Secure MCP](https://docs.wpvip.com/integrations/center/secure-mcp/)
 4. [VIP MCP](https://docs.wpvip.com/integrations/center/secure-mcp/vip-mcp/)
 5. VIP MCP tools

#  VIP MCP tools

The **[VIP MCP](https://docs.wpvip.com/integrations/center/secure-mcp/vip-mcp/)**
toolset, available via [**Secure MCP**](https://docs.wpvip.com/integrations/center/secure-mcp/),
provides operation tools, built-in schema utilities, and diagnostic prompts. Tools
are registered per-user based on the authenticated user’s [VIP Dashboard permissions](https://docs.wpvip.com/manage-user-access/vip-dashboard/).
Tools the user cannot access are not visible to the agent.

| Type | Notes | 
| read | No state change. | 
| write | State-changing, requires appropriate permissions. | 
| ⚠ write | Destructive or irreversible. Use with care. |

## Built-in utilities

Always available, regardless of permissions.

### `search`

Search the GraphQL schema for types or root fields by exact or partial name. Use
this before `execute` to discover available operations.

| Parameter | Type | Description | 
| `terms` | `[String!]!` | Type or field names to look up |

### `execute`

Run a custom GraphQL query or mutation when no dedicated operation tool covers the
task. Always prefer a specific tool first. Use `search` to discover the correct 
field shape before writing a custom operation. Do not use this to run introspection
queries. Instead, use `introspection`.

| Parameter | Type | Description | 
| `query` | `String!` | The GraphQL query or mutation to execute | 
| `variables` | `JSON` | Variables for the operation |

## Application tools

| Tool | Type | Description | 
| `app_get` | read | Retrieve detailed information about a single application by numeric ID. Returns name, repository, type, active status, organization, and environment list. | 
| `app_list` | read | List all applications accessible to the authenticated user with pagination and name filtering. | 
| `app_list_environments` | read | List all environments for a single application. Returns environment ID, name, type, active status, and unique label. |

## Organization tools

| Tool | Type | Description | 
| `organization_list` | read | List all organizations accessible to the authenticated user with pagination and name filtering. | 
| `organization_get` | read | Retrieve organization details and the first 10 applications. | 
| `organization_list_audit_events` | read | Retrieve recent [Audit Log](https://docs.wpvip.com/logs/audit-log/) events for an organization. | 
| `organization_invite_user` | ⚠ write | Send invitations to 1 or more email addresses to join an organization. Specify [Org role and optional App roles](https://docs.wpvip.com/manage-user-access/vip-dashboard/). | 
| `organization_remove_user` | ⚠ write | Remove a user from an organization, revoking all roles and application permissions. |

## User tools

| Tool | Type | Description | 
| `user_get_me` | read | Retrieve the currently authenticated user’s profile: ID, display name, and VIP status. No parameters required. |

## Environment tools

### Deployments

| Tool | Type | Description | 
| `environment_get_deployments` | read | Retrieve deployment history with commit SHA, branch, status, timestamps, rollback availability, and initiating user. | 
| `environment_deploy_validate_access` | write | Check whether the authenticated user has permission to deploy to an environment. Use as a pre-flight check before `environment_deploy_start_custom`. | 
| `environment_deploy_start_custom` | write | Trigger a custom deployment to an environment. | 
| `environment_rollback` | ⚠ write | Roll back an environment to a previous deployment by deployment ID. Use `environment_get_deployments` first to find a rollback-eligible deployment. |

### Domains and TLS

| Tool | Type | Description | 
| `environment_get_domains` | read | List all domains for an environment with TLS, DNS, verification status, and pagination. | 
| `environment_domain_get` | read | Retrieve detailed information about a single domain by ID or name, including TLS certificate status and DNS health. | 
| `environment_domain_add` | write | Add a new domain to an environment. Optionally generate a DNS TXT verification record. | 
| `environment_domain_remove` | ⚠ write | Deactivate and remove a domain from an environment. Removing a domain makes it unreachable — confirm traffic is not being served on it first. | 
| `environment_domain_set_primary` | ⚠ write | Change the primary domain for an environment. Affects WordPress site URL and all redirects. |

### Logs

| Tool | Type | Description | 
| `environment_get_logs` | read | Retrieve runtime logs with pagination and optional type filter (`app` or `batch`). Returns a polling delay hint for efficient log tailing. | 
| `environment_get_slowlogs` | read | Retrieve MySQL slow query logs. Returns query text, execution time, rows examined, rows sent, and originating request URI. |

### Performance metrics

| Tool | Type | Description | 
| `environment_get_metrics` | read | Retrieve timestamped performance measurements for an environment over a date range. Available metrics cover origin response time (P50/P75/P95), HTTP response codes (origin and edge), resource usage (PHP-FPM, memory, CPU), database (query counts, slow queries, data size), and cache (edge hit rate, Memcached). |

### Environment variables

| Tool | Type | Description | 
| `environment_get_variables` | read | List all custom environment variables for an environment. | 
| `environment_set_variable` | write | Create or update (upsert) an environment variable by name. Setting a variable to an empty string does not delete it — use `environment_delete_variable` instead. | 
| `environment_delete_variable` | write | Remove an environment variable by name. |

### Security

| Tool | Type | Description | 
| `environment_get_security_configs` | read | Retrieve the full security configuration in a single call: [Basic Authentication](https://docs.wpvip.com/security-controls/basic-authentication/), [IP Restrictions](https://docs.wpvip.com/security-controls/ip-restrictions/), [User Agent Restrictions](https://docs.wpvip.com/security-controls/user-agent-restrictions/), and [Defensive Mode](https://docs.wpvip.com/security-controls/defensive-mode/). | 
| `environment_basic_auth_add` | write | Add Basic Authentication users to protect an environment. | 
| `environment_basic_auth_delete` | write | Remove Basic Authentication users from an environment. | 
| `environment_update_ip_restrictions` | write | Update IP-based access restrictions. Accepts an action (`allow` or `deny`) and IP groups. | 
| `environment_update_user_agent_restrictions` | write | Replace User Agent Restrictions. Full replace — groups not included in the input are removed. | 
| `environment_update_defensive_mode_status` | write | Enable or disable Defensive Mode without changing tuning configuration. | 
| `environment_update_defensive_mode_config` | write | Update Defensive Mode configuration: challenge type, traffic thresholds, and enabled state. |

### Software versions

| Tool | Type | Description | 
| `environment_get_software_settings` | read | Retrieve current PHP, Node.js, and WordPress version settings, including pinned status and available releases. | 
| `environment_get_software_update_status` | read | Check the progress of a running software upgrade job. | 
| `environment_update_software_versions` | write | Update PHP, Node.js, or WordPress version. Async — use `environment_get_software_update_status` to monitor. |

### Database backups

| Tool | Type | Description | 
| `environment_database_backup_list` | read | List available database backup copies. | 
| `environment_database_backup_get_progress` | read | Poll the progress of a backup or backup-copy job. | 
| `environment_database_backup_start` | write | Trigger an on-demand backup checkpoint (restore point). Async. Does not create a downloadable SQL dump — use `environment_database_backup_start_copy`. | 
| `environment_database_backup_start_copy` | write | Initiate creation of a downloadable SQL dump from an existing backup. Async. | 
| `environment_generate_backup_download_url` | write | Generate a temporary download URL for a completed backup copy. Use after `environment_database_backup_start_copy` has finished. |

### Database access (phpMyAdmin)

| Tool | Type | Description | 
| `environment_get_phpmyadmin_status` | read | Check whether phpMyAdmin is available for an environment (`disabled`, `starting`, `running`). | 
| `environment_enable_phpmyadmin_access` | write | Enable phpMyAdmin for an environment. Poll `environment_get_phpmyadmin_status` until status is `running` before generating access. | 
| `environment_generate_phpmyadmin_access` | write | Generate a temporary authenticated URL for phpMyAdmin. Requires phpMyAdmin to already be enabled and running. |

### Media

| Tool | Type | Description | 
| `environment_media_import_get_config` | read | Retrieve platform-wide media import constraints: maximum file size, file name length, and allowed file types. | 
| `environment_media_import_get_status` | read | Poll the status of a media import. | 
| `environment_media_import_start` | write | Start a media file import from a publicly accessible archive URL. Async. | 
| `environment_media_import_abort` | write | Cancel an in-progress media import. | 
| `environment_media_export_start` | write | Start a media export from an environment. |

### SQL import

| Tool | Type | Description | 
| `environment_sql_import_get_status` | read | Poll the status of a SQL import job. | 
| `environment_sql_import_start` | write | Initiate a SQL file import into an environment’s database. Async. |

### Cache

| Tool | Type | Description | 
| `environment_purge_cache` | write | Clear the page cache for specific URLs on an environment. Provide the application ID, environment ID, and the list of URLs to purge. |

### WP-CLI

| Tool | Type | Description | 
| `environment_run_wpcli` | write | Execute a WP-CLI command on an environment. The command string must not include the leading `wp`. Returns an input token and command details, including execution status and timestamps. |

**Note**

WP-CLI output does not stream. Long-running commands are not supported.

### Data sync

| Tool | Type | Description | 
| `environment_sync` | write | Trigger a data sync between environments (e.g., production to staging). Returns detailed progress including sync type, timestamps, and step results. Only available on environments where data sync is enabled. |

### Audit events

| Tool | Type | Description | 
| `environment_list_audit_events` | read | Retrieve recent Audit Log events for an environment. Mutating MCP tool calls appear here alongside VIP Dashboard actions, attributed to the OAuth-authorized user. |

### WordPress sites (multisite)

| Tool | Type | Description | 
| `environment_get_wp_sites` | read | List network sites for a WordPress multisite environment. Returns blog ID, site URL, home URL, launch status, active plugins, and Jetpack details. |

### Environment lifecycle

| Tool | Type | Description | 
| `environment_create_child` | ⚠ write | Create a new non-production environment (staging, develop) as a child of a production application. Optionally specify branch, PHP version, and Node.js version. Creates a new environment that consumes platform resources. | 
| `environment_verify_retired` | read | Check whether a specific environment has been successfully decommissioned. Use after `environment_retire` to confirm. | 
| `environment_retire` | ⚠ write | Permanently decommission an environment. Irreversible — the environment is taken offline and cannot be easily restored. Use `environment_verify_retired` after to confirm. |

Last updated: July 02, 2026