Docs
Everything you need to connect an agent to Bauta and deploy your first artifact.
Connect
Bauta is a remote MCP server. The endpoint (Streamable HTTP) is:
https://bauta.app/mcp
Claude (web or desktop): Settings → Connectors → Add custom connector, paste the endpoint URL, and complete the sign-in flow when prompted.
Claude Code:
claude mcp add --transport http bauta https://bauta.app/mcp
Authentication. Bauta uses standard MCP OAuth: the server
is its own OAuth authorization server and supports both
Dynamic Client Registration (RFC 7591) and
Client ID Metadata Documents (CIMD), so both
pre-registered and self-identifying MCP clients work without manual
client setup. CLI and desktop clients may use loopback redirect URIs on
localhost or 127.0.0.1 with any port. Discovery
metadata is served at the standard
/.well-known/oauth-authorization-server location.
Tools
Every tool declares whether it is read-only or destructive, and read and write operations are always separate tools.
| Tool | What it does |
|---|---|
deploy_artifact | Deploy an HTML or React artifact to a hosted URL (or publish a new revision of one you already own). |
update_artifact | Publish a new revision of an existing artifact; the URL stays the same. |
list_artifacts | List the artifacts you own: slug, title, sharing mode, published revision, timestamps. Read-only. |
rollback | Move an artifact's live version back to a prior revision — nothing is created or deleted, only the published pointer moves. |
rename_slug | Rename an artifact. Paid (org) artifacts pick a new slug and old links redirect (301) for a grace period; free artifacts re-roll a fresh random id and the old link stops working immediately. |
set_sharing | Change who can view an artifact: private, public, password, or email_otp. |
share_via_email | Grant a specific email address access to an artifact and send them an invite. |
list_share_recipients | List the addresses you have previously shared artifacts with. Read-only. |
bind_data_source | Attach a data snapshot to an artifact, served back to the artifact's own code at a stable /data URL; binding again replaces the snapshot. |
get_analytics | Aggregate view and deploy counts for one of your artifacts — cookieless, sampling-corrected estimates. Read-only. |
claim_artifact | Claim an anonymously deployed artifact with its single-use claim token: your account becomes the owner; the URL never changes. |
export_artifact | Export everything stored for one of your artifacts: metadata, every revision's original source, and the sharing configuration. Read-only. |
delete_artifact | Permanently delete an artifact — all revisions, sharing settings, and share grants; serving stops immediately at every URL. |
request_email_verification | Email a one-time code to an address you control, to attach it to your account as a verified email. |
verify_email_code | Complete email verification by submitting the one-time code. |
whoami | Show the caller's identity: the stable MCP subject and the linked Bauta account. Read-only. |
ping | Liveness check — answers "pong". No side effects. |
URLs
- Free artifacts (anonymous and claimed) serve at
share.bauta.app/random-id. Claiming never changes the URL; renaming re-rolls a fresh random id. - Organizations (paid plans) get vanity URLs on their own subdomain:
your-org.bauta.app/artifact-name/.
Artifact code never runs on bauta.app itself: content
executes inside a sandboxed iframe served from a separate registered
domain (bauta-usercontent.com), which carries no cookies and
is excluded from search-engine indexing.
Sharing modes
| Mode | Who can view |
|---|---|
private | Nobody. The default for every artifact — visitors are blocked instantly. |
public | Anyone with the link. Requires a claimed (signed-in) owner — anonymous artifacts can never be made public. |
password | Anyone with the link who enters the password you set. Viewers need no account. |
email_otp | Viewers verify their email with a one-time code. With email grants (via share_via_email) only granted addresses get a code; without grants, any address that completes verification may view, and every verified view is recorded in the audit log. |
Gated by default
Bauta's security posture, in one list:
- Private by default. Every artifact starts
private; nothing becomes public without an explicit owner action. - Anonymous is never public. An artifact deployed without a signed-in account is unlisted: it is reachable only with the access token returned once at deploy time, and serves a plain 404 to everyone else.
- Sandboxed execution. All artifact code runs in an iframe with
sandbox="allow-scripts"and nothing else, on a separate registered domain with no cookies — it cannot reach your session, other artifacts, or the parent page. - Deploy-time scanning. Outbound links in deployed content are checked against Google Safe Browsing before anything is stored; known-bad links reject the deploy.
- Rate limits. Deploys, gate attempts, verification emails, and abuse reports are all rate-limited.
- Report and takedown. Every served artifact page links to the abuse report form; taken-down content stops serving on every origin immediately.
- Audit log. Deploys, sharing changes, and email-verified views are recorded append-only.
- EU-hosted content, cookieless analytics. Artifact content lives in an EU-jurisdiction bucket; view counting uses no cookies and no third-party scripts. See the privacy policy.