Overview
Stack ships with 39 curated providers across 13 categories. Each provider knows how to log in, provision a resource (when applicable), fetch credentials, and wire the output into your project files. 9 of them also install an MCP server so an LLM editor can work with the service without leaving your chat.
stack add <name>
once you've found what you need.
Auth at a glance
Stack supports four auth flows. The provider chooses; you don't configure anything.
| Flow | What it feels like | Providers |
|---|---|---|
OAuth (PKCE) | Browser opens, you click Authorise. No secret pasted. | supabase |
OAuth (device) | CLI shows a code, you paste it at a URL. Good for headless environments. | github |
PAT | You paste a personal access token once; Stack verifies it. | neon, turso, vercel, cloudflare, replicate, sentry, grafana, digitalocean |
API key | Paste a key; Stack hits the provider's API to verify. | convex, upstash, firebase, modal, railway, fly, render, aws, openai, anthropic, xai, deepseek, braintrust, posthog, stripe, linear, resend, sendgrid, mailgun, postmark, mixpanel, plausible, datadog, gcp, hetzner, auth0, workos, clerk, launchdarkly |
Every provider
Grouped by category. Provider names match what you type after stack add.
Database
Supabase
supabase
MCP
Postgres + Auth + Storage. Full upstream provisioning via the Management API.
- Auth
-
OAuth (PKCE)Browser OAuth (PKCE) via the Ashlr Stack app. - Secrets
-
SUPABASE_URLSUPABASE_ANON_KEYSUPABASE_SERVICE_ROLE_KEY - MCP
-
supabase@supabase/mcp-server-supabase scoped to the new project ref, with SUPABASE_ACCESS_TOKEN piped from Phantom. - Docs
- https://supabase.com/docs/reference/api/introduction
- Notes
- v1 provisions a project and fetches service keys. Database password is auto-generated and stored in Phantom.
Neon
neon
MCP
Serverless Postgres. Creates a project and pools the connection string.
- Auth
-
Personal access tokenPaste a personal API key from https://console.neon.tech/app/settings/api-keys. - Secrets
-
NEON_API_KEYDATABASE_URL - MCP
-
neon@neondatabase/mcp-server-neon with NEON_API_KEY piped from Phantom — branch, migrate, and query from the agent. - Docs
- https://neon.tech/docs/reference/api-reference
Turso
turso Edge SQLite (libSQL). Creates a database in your default org.
- Auth
-
Personal access tokenPaste a platform token from https://app.turso.tech/account/api-tokens. - Secrets
-
TURSO_DATABASE_URLTURSO_AUTH_TOKENTURSO_PLATFORM_TOKEN - Docs
- https://docs.turso.tech
Convex
convex
KEY-ONLY · v0.2
Reactive backend-as-a-service. Deploy key stored in Phantom.
- Auth
-
API key (paste)Create a deploy key in the Convex dashboard and paste it. - Secrets
-
CONVEX_DEPLOY_KEY - Docs
- https://docs.convex.dev
Upstash
upstash
KEY-ONLY · v0.2
Serverless Redis + Kafka. Management token stored in Phantom.
- Auth
-
API key (paste)Generate a management token from the Upstash console. - Secrets
-
UPSTASH_MANAGEMENT_TOKEN - Docs
- https://upstash.com/docs/devops/developer-api
Firebase
firebase
KEY-ONLY · v0.2
Realtime DB + Auth. Service-account JSON stored verbatim in Phantom.
- Auth
-
API key (paste)Paste the full service-account JSON from Firebase → Project settings → Service accounts. - Secrets
-
FIREBASE_SERVICE_ACCOUNT_JSON - Docs
- https://firebase.google.com/docs/admin/setup
Deploy
Modal
modal
KEY-ONLY · v0.2
Serverless compute for AI + data. Token stored in Phantom.
- Auth
-
API key (paste)Create a token in the Modal dashboard and paste it. - Secrets
-
MODAL_TOKEN - Docs
- https://modal.com/docs
Vercel
vercel
MCP
Frontend platform. Stores a scoped access token for deploys + env sync.
- Auth
-
Personal access tokenPaste a personal access token from https://vercel.com/account/tokens. - Secrets
-
VERCEL_TOKEN - MCP
-
vercelVercel MCP server with VERCEL_TOKEN piped from Phantom — list deployments, tail logs, sync env. - Docs
- https://vercel.com/docs/rest-api
Railway
railway
KEY-ONLY · v0.2
Infra from a repo. Project-level token stored in Phantom.
- Auth
-
API key (paste)Paste an API token from https://railway.app/account/tokens. - Secrets
-
RAILWAY_TOKEN - Docs
- https://docs.railway.app/reference/public-api
Fly.io
fly
KEY-ONLY · v0.2
VMs at the edge. Machines API token stored in Phantom.
- Auth
-
API key (paste)Paste an API token from https://fly.io/user/personal_access_tokens. - Secrets
-
FLY_API_TOKEN - Docs
- https://fly.io/docs/machines/api
Cloudflare
cloudflare
MCP
Workers, R2, D1. Account id inferred from the token's scope.
- Auth
-
Personal access tokenCreate a scoped API token at https://dash.cloudflare.com/profile/api-tokens. - Secrets
-
CLOUDFLARE_API_TOKENCLOUDFLARE_ACCOUNT_ID - MCP
-
cloudflareCloudflare MCP (Workers Bindings + R2 + D1) with CLOUDFLARE_API_TOKEN piped from Phantom. - Docs
- https://developers.cloudflare.com/api
Render
render
KEY-ONLY · v0.2
Zero-config hosting. API key stored in Phantom.
- Auth
-
API key (paste)Generate a key at https://dashboard.render.com/u/settings#api-keys. - Secrets
-
RENDER_API_KEY - Docs
- https://api-docs.render.com
Cloud
AWS
aws
KEY-ONLY · v0.2
S3, Lambda, RDS. IAM access keys stored in Phantom.
- Auth
-
API key (paste)Create an IAM access key pair in the AWS console and paste both halves. - Secrets
-
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_REGION - Docs
- https://docs.aws.amazon.com/iam/
- Notes
- v1 stores the keys only — no resource provisioning. Scope the IAM policy narrowly.
GCP
gcp
KEY-ONLY · v0.2
Google Cloud Platform. Service-account JSON + project ID stored in Phantom.
- Auth
-
API key (paste)Download a service-account JSON key from GCP → IAM & Admin → Service Accounts and paste the full JSON. - Secrets
-
GCP_SERVICE_ACCOUNT_JSONGCP_PROJECT_ID - Docs
- https://cloud.google.com/docs/authentication/getting-started
- Notes
- v1 validates JSON shape and project_id field only — live project endpoint verification requires an OAuth2 token exchange; deferred to v0.2.
DigitalOcean
digitalocean
KEY-ONLY · v0.2
Droplets, Kubernetes, managed databases. Personal access token verified via /v2/account.
- Auth
-
Personal access tokenCreate a personal access token at https://cloud.digitalocean.com/account/api/tokens. - Secrets
-
DIGITALOCEAN_TOKEN - Docs
- https://docs.digitalocean.com/reference/api/api-reference/
Hetzner
hetzner
KEY-ONLY · v0.2
Affordable European cloud servers. API token verified via /v1/locations.
- Auth
-
API key (paste)Create an API token in Hetzner Cloud Console → Project → Security → API Tokens. - Secrets
-
HETZNER_API_TOKEN - Docs
- https://docs.hetzner.cloud/
AI
OpenAI
openai
KEY-ONLY · v0.2
GPT, Realtime, embeddings. Key verified against /v1/models on paste.
- Auth
-
API key (paste)Paste a secret key from https://platform.openai.com/api-keys. - Secrets
-
OPENAI_API_KEY - Docs
- https://platform.openai.com/docs/api-reference
Anthropic
anthropic
KEY-ONLY · v0.2
Claude models + MCP. Key verified against the Messages API on paste.
- Auth
-
API key (paste)Paste a secret key from https://console.anthropic.com/settings/keys. - Secrets
-
ANTHROPIC_API_KEY - Docs
- https://docs.anthropic.com/en/api
xAI
xai
KEY-ONLY · v0.2
Grok + tool use. Key verified on paste.
- Auth
-
API key (paste)Paste a key from https://console.x.ai. - Secrets
-
XAI_API_KEY - Docs
- https://docs.x.ai/api
DeepSeek
deepseek
KEY-ONLY · v0.2
Open-weight models. Key verified on paste.
- Auth
-
API key (paste)Paste a key from https://platform.deepseek.com/api_keys. - Secrets
-
DEEPSEEK_API_KEY - Docs
- https://api-docs.deepseek.com
Replicate
replicate
KEY-ONLY · v0.2
Open-source model inference with per-second billing. API token stored in Phantom.
- Auth
-
Personal access tokenCreate a token at https://replicate.com/account/api-tokens. - Secrets
-
REPLICATE_API_TOKEN - Docs
- https://replicate.com/docs/reference/http
Braintrust
braintrust
KEY-ONLY · v0.2
LLM evals + observability + prompt playground. Verified against /v1/organization on paste.
- Auth
-
API key (paste)Create a key at https://www.braintrust.dev/app/settings/api-keys. - Secrets
-
BRAINTRUST_API_KEY - Docs
- https://www.braintrust.dev/docs
Analytics
PostHog
posthog
MCP
KEY-ONLY · v0.2
Product analytics + flags. Personal API key stored in Phantom.
- Auth
-
API key (paste)Create a personal API key at https://app.posthog.com/me/settings (scope: all). - Secrets
-
POSTHOG_PERSONAL_API_KEY - MCP
-
posthogSSE MCP at mcp.posthog.com/sse, with the personal key piped through Phantom at call time. - Docs
- https://posthog.com/docs/api
Mixpanel
mixpanel
KEY-ONLY · v0.2
Product analytics. Project token + optional API secret stored in Phantom.
- Auth
-
API key (paste)Find your project token and API secret in Mixpanel → Settings → Project Settings. - Secrets
-
MIXPANEL_PROJECT_TOKENMIXPANEL_API_SECRET - Docs
- https://developer.mixpanel.com/reference/overview
Plausible
plausible
KEY-ONLY · v0.2
Privacy-friendly web analytics. API key verified against the stats API.
- Auth
-
API key (paste)Generate an API key at https://plausible.io/settings and note your site ID. - Secrets
-
PLAUSIBLE_API_KEYPLAUSIBLE_SITE_ID - Docs
- https://plausible.io/docs/stats-api
Observability
Datadog
datadog
KEY-ONLY · v0.2
Metrics, traces, logs. API + Application keys verified via /api/v1/validate.
- Auth
-
API key (paste)Create an API key at https://app.datadoghq.com/organization-settings/api-keys and an Application key at https://app.datadoghq.com/organization-settings/application-keys. - Secrets
-
DD_API_KEYDD_APP_KEY - Docs
- https://docs.datadoghq.com/api/latest/
Grafana
grafana
KEY-ONLY · v0.2
Dashboards + alerting. Service-account token verified against your Grafana instance.
- Auth
-
Personal access tokenCreate a service-account token in Grafana → Administration → Service accounts, and provide your Grafana base URL. - Secrets
-
GRAFANA_API_KEYGRAFANA_URL - Docs
- https://grafana.com/docs/grafana/latest/developers/http_api/
Errors
Sentry
sentry
MCP
Error + performance tracking. Creates a project and fetches its DSN.
- Auth
-
Personal access tokenPaste an auth token from https://sentry.io/settings/account/api/auth-tokens/ (scopes: project:read, project:write). - Secrets
-
SENTRY_AUTH_TOKENSENTRY_DSNSENTRY_ORGSENTRY_PROJECT - MCP
-
sentry@sentry/mcp-server with SENTRY_AUTH_TOKEN piped from Phantom and SENTRY_HOST defaulting to sentry.io. - Docs
- https://docs.sentry.io/api/
Payments
Stripe
stripe
MCP
KEY-ONLY · v0.2
Billing, subscriptions, tax. Restricted / test-mode secret key stored in Phantom.
- Auth
-
API key (paste)Create a restricted key at https://dashboard.stripe.com/apikeys (use test mode for development). - Secrets
-
STRIPE_SECRET_KEY - MCP
-
stripe@stripe/mcp with STRIPE_SECRET_KEY piped from Phantom — create products, prices, and inspect events from the agent. - Docs
- https://docs.stripe.com/api
- Notes
- v1 only stores the key. Full Stripe Connect / account linking lands when we register the Ashlr OAuth app.
Code
GitHub
github
MCP
Repos, Actions, OAuth. Device-flow token stored in Phantom.
- Auth
-
OAuth (device)Browser device-code flow — enter the code GitHub shows you, authorise, done. - Secrets
-
GITHUB_TOKEN - MCP
-
github@modelcontextprotocol/server-github with GITHUB_PERSONAL_ACCESS_TOKEN piped from Phantom. - Docs
- https://docs.github.com/en/rest
Tickets
Linear
linear
MCP
KEY-ONLY · v0.2
Issues, projects, cycles. Personal API key stored in Phantom.
- Auth
-
API key (paste)Create a personal API key at https://linear.app/settings/api. - Secrets
-
LINEAR_API_KEY - MCP
-
linearmcp-linear with LINEAR_API_KEY piped from Phantom. - Docs
- https://developers.linear.app/docs
Resend
resend
KEY-ONLY · v0.2
Transactional + React Email. API key stored in Phantom.
- Auth
-
API key (paste)Paste an API key from https://resend.com/api-keys. - Secrets
-
RESEND_API_KEY - Docs
- https://resend.com/docs
SendGrid
sendgrid
KEY-ONLY · v0.2
High-volume transactional mail. API key verified against /v3/scopes on paste.
- Auth
-
API key (paste)Paste an API key from https://app.sendgrid.com/settings/api_keys. - Secrets
-
SENDGRID_API_KEY - Docs
- https://docs.sendgrid.com/api-reference
Mailgun
mailgun
KEY-ONLY · v0.2
API-first email + routing. Key verified against /v3/domains on paste (HTTP Basic).
- Auth
-
API key (paste)Paste an API key from https://app.mailgun.com/settings/api_security. - Secrets
-
MAILGUN_API_KEY - Docs
- https://documentation.mailgun.com/docs/mailgun/api-reference/
Postmark
postmark
KEY-ONLY · v0.2
Deliverability-focused transactional. Account token verified against /servers on paste.
- Auth
-
API key (paste)Paste an account token from https://account.postmarkapp.com/api_tokens. - Secrets
-
POSTMARK_ACCOUNT_TOKEN - Docs
- https://postmarkapp.com/developer/api/overview
Auth
Auth0
auth0
KEY-ONLY · v0.2
Identity platform. Domain + M2M client credentials stored in Phantom.
- Auth
-
API key (paste)Create a Machine-to-Machine application in Auth0 → Applications and note the domain, client ID, and client secret. - Secrets
-
AUTH0_DOMAINAUTH0_CLIENT_IDAUTH0_CLIENT_SECRET - Docs
- https://auth0.com/docs/api/management/v2
- Notes
- Browser SDK: @auth0/auth0-spa-js. Server SDK: auth0 (bundled).
WorkOS
workos
KEY-ONLY · v0.2
Enterprise SSO + Directory Sync. API key verified via GET /organizations.
- Auth
-
API key (paste)Find your API key and client ID in the WorkOS dashboard → API Keys. - Secrets
-
WORKOS_API_KEYWORKOS_CLIENT_ID - Docs
- https://workos.com/docs/reference/api
Clerk
clerk
KEY-ONLY · v0.2
Drop-in auth + users. Secret key stored in Phantom.
- Auth
-
API key (paste)Paste a secret key from https://dashboard.clerk.com (API Keys). - Secrets
-
CLERK_SECRET_KEY - Docs
- https://clerk.com/docs
FeatureFlags
LaunchDarkly
launchdarkly
KEY-ONLY · v0.2
Feature flags + experimentation. SDK key + API token verified via /api/v2/caller-identity.
- Auth
-
API key (paste)Find your SDK key in LaunchDarkly → Environments and create an API token at LaunchDarkly → Account settings → Authorization. - Secrets
-
LAUNCHDARKLY_SDK_KEYLAUNCHDARKLY_API_TOKEN - Docs
- https://apidocs.launchdarkly.com/
Missing one?
The provider list is intentionally curated — we ship a provider when it has a real API + a sane auth story, not just a logo. If yours isn't here, open an issue with the shape you'd expect (secret slots, whether it needs upstream provisioning, whether it has an MCP server) on GitHub.