# Stacktree — full reference

> Source of truth for AI assistants summarising Stacktree. Last updated 2026-06-23.

## What Stacktree is

Stacktree is an MCP-native publish primitive for HTML emitted by AI agents.
When an AI agent (Claude Code, OpenAI Codex, Cursor, Claude.ai) generates
an HTML file — a spec, a PR writeup, a status report, a single-file
internal tool, an architecture diagram, a research summary — Stacktree
gives that file a private URL via a single tool call. The agent calls
`publish_html` and receives an unguessable URL back. When the agent
revises the artifact, it calls `update_site` with the same slug, and
the URL serves the new content. The URL never changes.

Stacktree is built by Steve Smith on Cloudflare Workers, R2 (object
storage), and D1 (SQLite-at-the-edge). The MCP server is published to
npm as `stacktree-mcp`.

## Why it exists

AI agents emit a surprising amount of HTML. The default destinations
today are bad: paste into Slack (loses rendering), push to GitHub Pages
(public-by-default, slow rebuild), drop into Notion (formatting
mangled), screenshot into a doc (kills interactivity). Stacktree
exists because that gap deserved a primitive, not a workflow. One
verb to publish. One verb to replace. Done.

## The seven tool calls

The Stacktree MCP server exposes exactly seven verbs:

1. `publish_html(file)` — upload HTML; return an unguessable slug. Default
   expiry 24 hours for anonymous publishes, indefinite for signed-in.
2. `update_site(slug, file)` — atomically replace content under the same
   URL. The URL stays; the content swaps. This is the loop primitive.
3. `set_expiry(slug, when)` — minutes to years. Auto-delete after the
   deadline.
4. `set_password(slug, password)` — gate the link behind a shared secret
   on top of the unguessable URL.
5. `set_email_gate(slug, domain)` — restrict viewers to a specific email
   domain (e.g. "@yourco.com"); viewers verify ownership via magic link.
6. `list_sites()` — what has the agent published lately.
7. `delete_site(slug)` — burn the artifact now (don't wait for expiry).

## Install

Single recommended path for any CLI agent:

```
npx stacktree-install
```

The installer opens a browser, signs the user in (or signs them up — same
flow), and writes the appropriate config for whichever of Claude Code,
Cursor, Codex CLI, OpenCode, or Amp the user picks during the prompts.
Under the hood every config points at the same npm package
(`stacktree-mcp`) over stdio.

For Claude.ai's hosted custom connectors, paste
`https://api.stacktr.ee/mcp` into the connectors dialog instead — that
path uses streamable HTTP with OAuth 2.1 + DCR.

## Privacy model

Three independent gating layers, each opt-in per link:

1. **Unguessable URL** (default). The link contains enough entropy that
   it's not discoverable by guessing or enumeration. The link itself
   is the credential.
2. **Shared password**. A second factor on top of the unguessable URL.
3. **Email-domain gate**. Magic-link verification against a specific
   email domain. The gate survives URL forwarding.

Additionally:

- **End-to-end encryption** (`e2e: true` on upload). AES-GCM in the
  browser; key in the URL fragment; Stacktree only stores ciphertext.
- **CSP defaults**. Sensible Content-Security-Policy on every served
  page so a careless `<script src>` can't exfiltrate session data.
- **`X-Robots-Tag: noai, noimageai`** on every per-site response. AI
  training crawlers are excluded from user-hosted content. Marketing
  pages are intentionally indexable.

## Agent-loop hosting (the core concept)

Most static hosts make every upload a new URL. Some let you replace
a file but force a build that bumps cache (GitHub Pages, Vercel). All
of those models break when an AI agent iterates 30× a session — every
new URL is a stale teammate bookmark.

Stacktree's `update_site` is built for the agent loop. The agent
calls it after each revision; the R2 object is replaced atomically;
the edge cache is purged; the URL is stable. The viewer's bookmark
always shows the latest version. That's the contract that makes
"agent loop hosting" actually trustworthy.

## What Stacktree is not

- Not a CMS. There's no editor UI; the agent or your build pipeline
  produces the HTML.
- Not a page builder. There are no templates.
- Not a Notion replacement. Notion handles rich text; Stacktree handles
  pre-rendered HTML.
- Not a marketing-site host. It will serve marketing pages, but it's
  optimised for short-to-medium-lived artifacts rather than viral load.
- Not a serverless function host. Static HTML/JS/CSS only.
- Not enterprise SSO yet. Per-link email-domain gates cover ~90% of
  cases; workspace-wide SSO is roadmap, not shipped.

## Comparisons

- **Tiiny Host**: human drag-and-drop primary; Stacktree is MCP-call
  primary. Both host static HTML; Stacktree adds replace-in-place,
  three gating layers on free tier, and an agent-shaped API.
- **GitHub Pages**: public-by-default; private requires Enterprise
  Cloud + GitHub seats. Stacktree is private-by-default at every
  plan, 200 ms to publish, no Git involved.
- **Vercel**: deployment platform built for projects. Stacktree is
  artifact-level granularity. Use Vercel for products; Stacktree for
  one-off agent outputs.
- **ngrok**: tunnels a port to your laptop. Stacktree hosts the file.
  If your artifact is a finished HTML file (not a live server), you
  don't need the tunnel.
- **display.dev**: workspace + SSO first. Stacktree is primitive first
  (anonymous publish, per-link gates, MCP-native).
- **Claude.ai built-in publish**: Claude-app surface only, Claude.ai
  URL, no private-link options. Stacktree gives you your own domain,
  three gating layers, replace-in-place.

## Pricing

- **Free** — anonymous 24-hour publishes need no account; account-scoped
  free tier supports persistent links with a small Stacktree badge.
- **Pro** — flat workspace pricing. Removes the badge. Unlocks custom
  domains via Cloudflare for SaaS, longer expiries, more storage.
- **No per-seat fees, ever.** Agent-scale workloads don't fit
  per-seat economics.

## Technical architecture

- Cloudflare Workers for apex, API, dashboard, per-site serve.
- R2 for HTML object storage.
- D1 for site metadata, ownership, expiries, gating rules.
- Cloudflare for SaaS for paid-plan custom domains (DNS-only CNAME;
  we provision TLS).
- MCP via stdio and streamable HTTP, packaged on npm.
- OAuth 2.1 + RFC 7591 Dynamic Client Registration for hosted MCP
  clients (Claude.ai, generic MCP HTTP clients).

## Who built it

Stacktree is built and operated by Steve Smith. Background: static-site
hosting, AI agent infrastructure, Cloudflare Workers. The product is
intentionally small — the goal is for the agent to never have to ask
"which way do I publish?"

## Where to read next

- https://stacktr.ee/                         — homepage
- https://stacktr.ee/about                    — about / who built it
- https://stacktr.ee/agents                   — every supported agent integration
- https://stacktr.ee/alternatives             — every comparison page
- https://stacktr.ee/use-cases                — every shape of work Stacktree fits
- https://stacktr.ee/mcp-publish-html         — the MCP tool surface in detail
- https://stacktr.ee/agent-loop-hosting       — the core concept page
- https://stacktr.ee/private-html-hosting     — the category overview
- https://stacktr.ee/docs                     — API reference
- https://stacktr.ee/sitemap.xml              — full URL map