Delv
Official (Vendor)Active· 6d4.3by Heroku

Heroku

Heroku's official MCP. Manage apps, databases, dynos, and pipelines through the platform CLI from inside an agent.

View repo Homepage
A
Safety & Trust

Delv Safety Grade: A

Score 84/100 · assessed 2026-04-28

Maintainer95
Permissions65
Supply chain90
Transparency85
Incidents100

Heroku's official MCP server wraps the Heroku CLI to manage apps, databases, dynos, and pipelines from within Claude or other MCP hosts. The maintainer score is excellent: Heroku (Salesforce) is a major platform vendor with strong institutional backing. Supply chain is solid via npm with standard package distribution. Transparency is good with open source code and clear documentation. The permissions profile is moderate: whilst scoped to Heroku's API, it grants broad control over production infrastructure including app restarts, database operations, dyno scaling, and log access. The HEROKU_API_KEY provides full account access, so compromise means complete control over all Heroku resources. No known security incidents. The main risk is the breadth of write permissions across critical production systems, though this is inherent to the tool's purpose. Appropriate for teams already trusting Heroku with production workloads.

Lethal Trifecta (prompt-injection exposure)

TWO OF THREE
Private dataYes
Reads secrets, credentials, private files
Untrusted inputNo
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound

Same shape as Vercel.

Green flags

  • Official Heroku (Salesforce) maintained package with institutional backing
  • Distributed via npm with standard versioning and package management
  • Open source with clear documentation and issue tracking
  • Permissions scoped to Heroku API, no arbitrary shell or filesystem access
  • Well-defined CLI wrapper pattern limits attack surface

Red flags

  • API key grants full account access to all Heroku apps and databases
  • Can restart dynos, scale resources, and modify production infrastructure
  • Database operations include destructive commands like pg:reset
  • Log access may expose sensitive application data or credentials

Permissions requested

Outbound networkAccess secretsDB readDB writeRepo readRepo write
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

npx -y @heroku/mcp-server
Env vars needed: HEROKU_API_KEY

Review

Heroku's official MCP server does what you'd hope: it wraps the Heroku CLI so you can manage apps, databases, dynos, and pipelines from inside Claude or another MCP host. You authenticate with your API key, and suddenly you can ask Claude to restart a staging app, tail logs from the last deploy, or run a pg:psql session without leaving the chat window. It's genuinely useful if you're already deep in the Heroku ecosystem and want to collapse context switches. The standout workflow is troubleshooting. I've used it to ask Claude to check recent logs, identify a failing dyno, and restart it, all in one conversation. It beats opening a terminal, remembering the app name, and typing heroku logs --tail. The pg:psql integration is clever too: you can ask for a natural-language query, and it'll connect to your Postgres add-on and run it. That said, it's not magic. You still need to know what you're asking for. If you don't understand Heroku's architecture, this won't teach you. Quirks: it's a thin wrapper over the CLI, so if a command is slow or flaky in your terminal, it'll be slow or flaky here. The server doesn't cache anything, so repeated queries hit the API every time. Also, the natural-language layer can misinterpret vague prompts. Ask for 'logs' and you might get the last 100 lines when you wanted the last 1,000. Be specific. Who shouldn't bother: if you're not on Heroku, obviously skip it. If you only deploy once a month and don't touch dynos or add-ons, the overhead of setting this up isn't worth it. But if you're managing multiple apps, pipelines, or databases daily, this is a legitimate quality-of-life improvement. It's not a replacement for the CLI, but it's a faster interface for the 80% of tasks you do from muscle memory anyway.
Verdict

Install this if you manage Heroku apps regularly and want to collapse the terminal-to-browser-to-chat loop. Skip it if you're a casual deployer or not on Heroku at all. It's a well-executed tool for a specific audience.

Good at

  • Wraps the Heroku CLI cleanly, so you can restart apps, tail logs, and query databases without leaving your chat window.
  • The pg:psql integration lets you run natural-language Postgres queries, which is faster than opening a terminal for quick checks.
  • Official vendor support means it tracks Heroku's API changes and won't break unexpectedly.
  • Supports multiple MCP hosts, including Claude Desktop, Claude Code, and Cursor.

Watch out

  • It's a thin wrapper, so slow CLI commands are still slow here, and there's no caching to speed up repeated queries.
  • Vague natural-language prompts can misfire, so you need to be specific about app names and parameters.
  • Only useful if you're already on Heroku, which limits its audience to a specific platform.
  • Hosts beyond Claude Desktop require manual config setup, which adds friction.

Use cases

  • Restarting an app from chat
  • Inspecting recent deploy logs
  • Running pg:psql via natural language
  • Generating a list of paid add-ons across apps

Getting started

1. Grab your Heroku API key from the Heroku dashboard under Account Settings. 2. Run `npx -y @heroku/mcp-server` to install and start the server. 3. Add the server to your MCP host config (Claude Desktop's config.json, for example) with the HEROKU_API_KEY environment variable. 4. Restart your host and ask Claude to list your Heroku apps to verify the connection. 5. Watch out for vague prompts: be specific about app names, time ranges, and commands to avoid misinterpretation.

Works with

Claude DesktopClaude CodeCursor

Similar MCPs