Skip to main content
Glama

appcrane_set_app_meta

Update an app's visibility, category, authentication mode, or bypass paths. Control who can access the app and how authentication is handled.

Instructions

Set an app's category, visibility, auth_mode, and/or auth_bypass_paths — the owner self-service fields (same controls the dashboard Launcher exposes to owners). Owner of the app (or global admin) required. visibility is one of public / private / hidden. auth_mode is authenticated (default — all routes go through AppCrane SSO) or headless (the app bypasses forward_auth ENTIRELY and is reachable without identity — right tool for telemetry ingest, public webhooks, status pages; the app's own server is responsible for any payload-level authn). auth_bypass_paths (v2.7.27+) is an array of path prefixes (e.g. ["/ws/local-runner"]) that bypass SSO on this app only — narrower than headless mode; the app authenticates those paths itself (e.g. token in query string). The platform strips incoming X-AppCrane-* headers on bypass paths (forgery defense intact) and suppresses access logging for them (token-in-query never sits in log storage). Owners may only assign an EXISTING category; creating a brand-new category is reserved for global admins. For powerful fields (github_url, branch, token, source_type, resource limits) use appcrane_update_app (admin only).

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
slugYesApp slug.
domainNov2.10.0: custom domain (e.g. "raise.glick.run") that serves this app at the ROOT of that domain with NO AppCrane SSO and NO topbar — the app does its own auth. Maps to production. Requires the domain's DNS to point at this host (Caddy auto-provisions TLS). Pass "" or null to remove. The /<slug> path under the platform domain stays.
categoryNoCategory/tag. Owners must pick one already in use; pass empty string to clear.
auth_modeNoauthenticated = AppCrane SSO + per-app role checks; headless = NO auth at the proxy (the entire app is reachable by anyone on the internet).
visibilityNopublic = anyone; private = assigned users; hidden = not discoverable.
auth_bypass_pathsNov2.7.27: array of path prefixes (e.g. ["/ws/local-runner"]) that bypass SSO forward_auth on this app. Requests under these prefixes reach the container with NO X-AppCrane-* identity headers — the app authenticates them itself. Caddy suppresses access logging for these paths to prevent query-string-token leakage. Pass [] or null to clear.
Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations exist, so description carries full burden. It comprehensively discloses behaviors: owner/admin requirement, visibility enum values, auth_mode details (headless bypasses all forward_auth), auth_bypass_paths header stripping and logging suppression, domain DNS and TLS provisioning, and category constraints. No contradictions with missing annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is front-loaded with purpose and includes structured parameter details. While verbose, it efficiently packs necessary information without redundancy. Could be slightly trimmed, but the complexity justifies length.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given 6 parameters, no output schema, and no annotations, the description covers all parameter details, ownership constraints, behavioral implications, and security considerations comprehensively. No obvious gaps for the intended functionality.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with detailed descriptions, but the description adds significant value beyond schema: explains headless mode use cases, auth_bypass_paths logging suppression and security context, domain requirements, and category ownership constraints. This enriches parameter understanding.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool sets app's category, visibility, auth_mode, and auth_bypass_paths, distinguishing it from sibling appcrane_update_app for admin-only fields. Verb 'set' and specific resource details provide unambiguous purpose.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly states required roles (owner or global admin), provides guidance on when to use headless mode (telemetry ingest, public webhooks, status pages) vs. auth_bypass_paths, and directs to alternative tool for powerful fields. This offers clear context for appropriate usage.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/gitayg/appcrane-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server