# How to integrate Ngrok MCP with Claude Agent SDK ```json { "title": "How to integrate Ngrok MCP with Claude Agent SDK", "toolkit": "Ngrok", "toolkit_slug": "ngrok", "framework": "Claude Agent SDK", "framework_slug": "claude-agents-sdk", "url": "https://composio.dev/toolkits/ngrok/framework/claude-agents-sdk", "markdown_url": "https://composio.dev/toolkits/ngrok/framework/claude-agents-sdk.md", "updated_at": "2026-05-12T10:20:16.556Z" } ``` ## Introduction This guide walks you through connecting Ngrok to the Claude Agent SDK using the Composio tool router. By the end, you'll have a working Ngrok agent that can list all active tunnels and endpoints, show https edges currently configured, list all api keys for your account through natural language commands. This guide will help you understand how to give your Claude Agent SDK agent real control over a Ngrok account through Composio's Ngrok MCP server. Before we dive in, let's take a quick look at the key ideas and tools involved. ## Also integrate Ngrok with - [OpenAI Agents SDK](https://composio.dev/toolkits/ngrok/framework/open-ai-agents-sdk) - [Claude Code](https://composio.dev/toolkits/ngrok/framework/claude-code) - [Claude Cowork](https://composio.dev/toolkits/ngrok/framework/claude-cowork) - [Codex](https://composio.dev/toolkits/ngrok/framework/codex) - [OpenClaw](https://composio.dev/toolkits/ngrok/framework/openclaw) - [Hermes](https://composio.dev/toolkits/ngrok/framework/hermes-agent) - [CLI](https://composio.dev/toolkits/ngrok/framework/cli) - [Google ADK](https://composio.dev/toolkits/ngrok/framework/google-adk) - [LangChain](https://composio.dev/toolkits/ngrok/framework/langchain) - [Vercel AI SDK](https://composio.dev/toolkits/ngrok/framework/ai-sdk) - [Mastra AI](https://composio.dev/toolkits/ngrok/framework/mastra-ai) - [LlamaIndex](https://composio.dev/toolkits/ngrok/framework/llama-index) - [CrewAI](https://composio.dev/toolkits/ngrok/framework/crew-ai) ## TL;DR Here's what you'll learn: - Get and set up your Claude/Anthropic and Composio API keys - Install the necessary dependencies - Initialize Composio and create a Tool Router session for Ngrok - Configure an AI agent that can use Ngrok as a tool - Run a live chat session where you can ask the agent to perform Ngrok operations ## What is Claude Agent SDK? The Claude Agent SDK is Anthropic's official framework for building AI agents powered by Claude. It provides a streamlined interface for creating agents with MCP tool support and conversation management. Key features include: - Native MCP Support: Built-in support for Model Context Protocol servers - Permission Modes: Control tool execution permissions - Streaming Responses: Real-time response streaming for interactive applications - Context Manager: Clean async context management for sessions ## What is the Ngrok MCP server, and what's possible with it? The Ngrok MCP server is an implementation of the Model Context Protocol that connects your AI agent and assistants like Claude, Cursor, etc directly to your Ngrok account. It provides structured and secure access to your Ngrok tunnels and API keys, so your agent can perform actions like managing endpoints, listing tunnels, handling API keys, and auditing IP restrictions on your behalf. - Active tunnel and endpoint monitoring: Instantly list all active tunnels and endpoints in your Ngrok account, making it simple to track running services and public URLs. - API key management: Programmatically create, list, and delete API keys to securely manage who and what can access your Ngrok resources. - HTTPS edge configuration visibility: Retrieve a comprehensive list of all HTTPS edges to review and manage how Ngrok handles encrypted traffic. - IP restriction and policy auditing: List and inspect all IP restrictions and policy rules, helping you enforce access control and security best practices. - Detailed access audit trails: Fetch details about specific IP restrictions for security audits and compliance, ensuring you always know who can access your tunnels and APIs. ## Supported Tools | Tool slug | Name | Description | |---|---|---| | `NGROK_CREATE_API_KEY` | Create API Key | Creates a new API key for authenticating with the ngrok API. This tool allows programmatic creation of API keys that can be used to access ngrok's API services. | | `NGROK_CREATE_CREDENTIAL` | Create Tunnel Credential | Creates a new tunnel authtoken credential for authenticating ngrok agents. This authtoken credential can be used to start a new tunnel session. The response to this API call is the only time the generated token is available. | | `NGROK_CREATE_ENDPOINT` | Create Endpoint | Create a cloud endpoint on the ngrok account. Use when you need to set up a new cloud endpoint with custom traffic policies for handling HTTP traffic. | | `NGROK_CREATE_EVENT_SOURCE` | Create Event Source | Add a new event source to an event subscription. Event sources define which types of events will trigger the subscription. Use this when you need to subscribe to additional event types for an existing event subscription. | | `NGROK_CREATE_EVENT_SUBSCRIPTION` | Create Event Subscription | Creates a new event subscription in ngrok. Event subscriptions allow you to be notified when specific events occur in your ngrok account. Use this when you need to set up webhooks or event-driven workflows for ngrok resource changes. | | `NGROK_CREATE_HTTPS_EDGE` | Create HTTPS Edge | Creates a new HTTPS edge in your ngrok account. HTTPS edges define how ngrok handles HTTPS traffic for your domains. Use this when you need to set up a new HTTPS endpoint with custom TLS or mutual TLS configuration. | | `NGROK_CREATE_HTTPS_EDGE_ROUTE` | Create HTTPS Edge Route | Creates a new route on an HTTPS edge in ngrok. Routes define how traffic matching specific patterns should be handled and can include various security and transformation modules. Use when you need to configure routing rules for an HTTPS edge with optional modules like OAuth, IP restrictions, header transformations, and more. | | `NGROK_CREATE_SSH_CREDENTIAL` | Create SSH Credential | Creates a new SSH credential from an uploaded public SSH key. This SSH credential can be used to start new tunnels via ngrok's SSH gateway. Use when you need to authenticate SSH-based tunnel connections with ngrok. | | `NGROK_CREATE_VAULT` | Create Vault | Creates a new vault in your ngrok account. Vaults are used for securely storing and managing sensitive data such as secrets, credentials, and tokens. | | `NGROK_CREATE_VAULT_SECRET` | Create Vault Secret | Tool to create a new secret in an ngrok vault for secure storage of sensitive data like API keys, passwords, or tokens. Use when you need to securely store sensitive information that can be referenced in traffic policies without exposing the actual values. | | `NGROK_DELETE_API_KEY` | Delete API Key | Delete an API key by its ID. This action permanently removes the specified API key from your ngrok account. This is an important security feature that allows users to revoke access when an API key is compromised or no longer needed. Once deleted, the API key cannot be recovered and any services using it will lose access. | | `NGROK_DELETE_CREDENTIALS` | Delete Credentials | Delete a tunnel authtoken credential by ID. This action permanently removes the specified credential from your ngrok account. | | `NGROK_DELETE_EDGE_ROUTE_CIRCUIT_BREAKER_MODULE` | Delete HTTPS Edge Route Circuit Breaker Module | Delete the Circuit Breaker module from an HTTPS Edge Route. This action removes the circuit breaker configuration that protects upstream services from being overwhelmed by automatically rejecting requests when error thresholds are exceeded. | | `NGROK_DELETE_EDGE_ROUTE_COMPRESSION_MODULE` | Delete Edge Route Compression Module | Delete the compression module from an HTTPS edge route. Use this to remove compression settings from a specific route within an HTTPS edge configuration. | | `NGROK_DELETE_EDGE_ROUTE_REQUEST_HEADERS_MODULE` | Delete Edge Route Request Headers Module | Delete the request headers module from an HTTPS edge route. This removes any custom request header modifications configured for the specified route. Use this action when you need to stop modifying request headers on a specific edge route. After deletion, requests will pass through without header modifications. | | `NGROK_DELETE_EDGE_ROUTE_RESPONSE_HEADERS_MODULE` | Delete Edge Route Response Headers Module | Delete the response headers module from an HTTPS edge route. Use when you need to remove response header manipulation from a specific route. | | `NGROK_DELETE_EDGE_ROUTE_SAML_MODULE` | Delete Edge Route SAML Module | Delete the SAML module configuration from an HTTPS edge route. This action removes SAML authentication from the specified route, allowing traffic to pass through without SAML validation. The operation is idempotent and returns success even if no SAML module exists. | | `NGROK_DELETE_EDGE_ROUTE_USER_AGENT_FILTER_MODULE` | Delete Edge Route User Agent Filter Module | Delete the user agent filter module from an HTTPS edge route. Use this to remove user agent filtering from a specific route within an HTTPS edge configuration. | | `NGROK_DELETE_EDGE_ROUTE_WEBHOOK_VERIFICATION_MODULE` | Delete Edge Route Webhook Verification Module | Delete the webhook verification module from an HTTPS edge route. This removes webhook signature verification configured for the specified route. Use this action when you need to stop verifying webhook signatures on a specific edge route. After deletion, webhooks will pass through without signature verification. | | `NGROK_DELETE_EDGE_ROUTE_WEBSOCKET_TCP_CONVERTER_MODULE` | Delete Edge Route WebSocket TCP Converter Module | Delete the WebSocket TCP converter module from an HTTPS edge route. Use when you need to remove WebSocket to TCP conversion functionality from a specific route. The operation is idempotent. | | `NGROK_DELETE_ENDPOINT` | Delete Endpoint | Delete an endpoint by ID. This action permanently removes the specified endpoint from your ngrok account. Currently only available for cloud endpoints. Cloud endpoints are those created through the ngrok dashboard or API with reserved domains. Once deleted, the endpoint cannot be recovered and traffic to the endpoint will no longer be processed. | | `NGROK_DELETE_EVENT_SOURCE` | Delete Event Source | Delete an event source from an event subscription. This removes a specific event type from the subscription, so the subscription will no longer trigger for that event. Event sources define which types of events trigger notifications for a subscription. Removing an event source does not delete the subscription itself - only the association with that specific event type. | | `NGROK_DELETE_EVENT_SUBSCRIPTION` | Delete Event Subscription | Delete an event subscription by ID. This action permanently removes the specified event subscription from your ngrok account. Event subscriptions allow you to receive notifications when specific events occur in your ngrok account. Once deleted, you will no longer receive notifications for events matching this subscription. | | `NGROK_DELETE_HTTPS_EDGE` | Delete HTTPS Edge | Delete an HTTPS edge by ID. This action permanently removes the specified HTTPS edge configuration from your ngrok account. HTTPS edges define how ngrok handles HTTPS traffic for your domains. Once deleted, the edge and all associated routes cannot be recovered, and traffic to the configured hostports will no longer be processed. | | `NGROK_DELETE_HTTPS_EDGE_ROUTE` | Delete HTTPS Edge Route | Delete an HTTPS edge route by ID. This action permanently removes the specified route from an HTTPS edge configuration in your ngrok account. HTTPS edge routes define how traffic is handled for specific hostnames and paths. Once deleted, the route cannot be recovered and traffic matching the route will no longer be processed. | | `NGROK_DELETE_RESERVED_DOMAIN_CERTIFICATE` | Delete Reserved Domain Certificate | Detach the certificate attached to a reserved domain. Use when you need to remove a certificate from a reserved domain without deleting the domain itself. | | `NGROK_DELETE_RESERVED_DOMAIN_CERTIFICATE_MANAGEMENT_POLICY` | Delete Reserved Domain Certificate Management Policy | Detach the certificate management policy from a reserved domain. Use this action when you need to remove certificate management configuration from a domain. | | `NGROK_DELETE_SECRET` | Delete Secret | Delete a vault secret by ID. This action permanently removes the specified secret from your ngrok vault. | | `NGROK_DELETE_SSH_CREDENTIALS` | Delete SSH Credentials | Delete an SSH credential by ID. This action permanently removes the specified SSH credential from your ngrok account. SSH credentials are used to authenticate SSH connections through ngrok. Once deleted, the credential cannot be recovered and any services using it will lose access. | | `NGROK_DELETE_VAULT` | Delete Vault | Delete a vault by ID. This action permanently removes the specified vault from your ngrok account. | | `NGROK_GET_API_KEY` | Get API Key | Get the details of an API key by ID. Use this tool to retrieve information about a specific ngrok API key, including its description, metadata, and creation timestamp. | | `NGROK_GET_CREDENTIALS` | Get Credentials | Tool to retrieve detailed information about a tunnel authtoken credential by ID. Use when you need to view the details, metadata, or ACL rules of an existing credential. Note: The token field will be null for existing credentials (only available on creation). | | `NGROK_GET_EDGE_ROUTE_BACKEND_MODULE` | Get Edge Route Backend Module | Retrieves the backend module configuration for an HTTPS edge route. Backend modules define where traffic is routed after passing through the edge route's modules. Use this to verify backend configuration or audit routing behavior. | | `NGROK_GET_EDGE_ROUTE_CIRCUIT_BREAKER_MODULE` | Get Edge Route Circuit Breaker Module | Tool to retrieve the circuit breaker module configuration for a specific HTTPS edge route. Use when you need to check the current circuit breaker settings, verify protection parameters, or audit traffic protection policies. | | `NGROK_GET_EDGE_ROUTE_COMPRESSION_MODULE` | Get Edge Route Compression Module | Retrieves the compression module configuration for a specific HTTPS edge route. Use this to check if compression is enabled for the route. | | `NGROK_GET_EDGE_ROUTE_IP_RESTRICTION_MODULE` | Get Edge Route IP Restriction Module | Retrieves the IP restriction module configuration for a specific HTTPS edge route. Use this to check which IP policies are applied to control access to the route. | | `NGROK_GET_EDGE_ROUTE_OIDC_MODULE` | Get Edge Route OIDC Module | Retrieves the OIDC (OpenID Connect) module configuration for a specific HTTPS edge route. OIDC modules enable authentication via OpenID Connect providers on your edge routes. This action fetches the current OIDC configuration including provider settings, scopes, and session timeout settings. Returns null if the OIDC module is not configured for the route. | | `NGROK_GET_EDGE_ROUTE_REQUEST_HEADERS_MODULE` | Get Edge Route Request Headers Module | Retrieves the request headers module configuration for a specific HTTPS edge route. The request headers module allows you to add and remove headers from HTTP requests before they are sent to your upstream server. Use this action to inspect the current request header manipulation rules for a route. | | `NGROK_GET_EDGE_ROUTE_RESPONSE_HEADERS_MODULE` | Get Edge Route Response Headers Module | Get the response headers module configuration for an HTTPS edge route. Use when you need to retrieve the current response header manipulation settings for a specific route. | | `NGROK_GET_EDGE_ROUTE_SAML_MODULE` | Get Edge Route SAML Module | Retrieves the SAML authentication module configuration for a specific HTTPS edge route. Use this to view SAML settings including identity provider configuration, session timeouts, and authorized groups. | | `NGROK_GET_EDGE_ROUTE_TRAFFIC_POLICY` | Get Edge Route Traffic Policy | Retrieves the Traffic Policy module configuration for a specific HTTPS edge route. Traffic policies define how ngrok handles requests and responses on the edge route. Use this to inspect current traffic policy rules applied to an edge route. | | `NGROK_GET_EDGE_ROUTE_USER_AGENT_FILTER_MODULE` | Get Edge Route User Agent Filter Module | Retrieves the user agent filter module configuration for a specific HTTPS edge route. Use this to view filtering rules that control access based on User-Agent headers. | | `NGROK_GET_EDGE_ROUTE_WEBHOOK_VERIFICATION_MODULE` | Get Edge Route Webhook Verification Module | Retrieves the webhook verification module configuration for an HTTPS edge route. Webhook verification modules validate incoming webhooks from supported providers. Use this to verify webhook configuration or audit webhook security settings. | | `NGROK_GET_EDGE_ROUTE_WEBSOCKET_TCP_CONVERTER_MODULE` | Get Edge Route WebSocket TCP Converter Module | Retrieves the WebSocket TCP Converter module configuration for a specific HTTPS edge route. This module converts WebSocket connections to TCP streams. Use this to inspect whether the converter is enabled. | | `NGROK_GET_ENDPOINT` | Get Endpoint | Get the status of an endpoint by ID. Use this tool to retrieve detailed information about a specific ngrok endpoint, including its configuration, URLs, and associated resources. | | `NGROK_GET_EVENT_SOURCE` | Get Event Source | Get an event source by type for a specific event subscription. Use this tool to retrieve details about a specific event source type that triggers notifications for an event subscription. | | `NGROK_GET_HTTPS_EDGE` | Get HTTPS Edge | Get the details of an HTTPS edge by ID. Use this to retrieve information about a specific HTTPS edge configuration including its hostports, TLS settings, and routes. | | `NGROK_GET_HTTPS_EDGE_MUTUAL_TLS_MODULE` | Get HTTPS Edge Mutual TLS Module | Retrieves the mutual TLS module configuration for an HTTPS edge. Use this to check if mutual TLS is enabled and which certificate authorities are configured for client certificate validation. | | `NGROK_GET_HTTPS_EDGE_ROUTE` | Get HTTPS Edge Route | Retrieves detailed information about a specific HTTPS edge route by its ID. HTTPS edge routes define how ngrok routes traffic based on path matching rules and apply various modules like authentication, compression, and traffic policies. | | `NGROK_GET_IP_RESTRICTIONS` | Get IP Restriction Details | Retrieves detailed information about a specific IP restriction by its ID. IP restrictions control which IP addresses can access various ngrok resources (dashboard, API, agents, or endpoints). This action fetches complete details including enforcement status, associated IP policies, and metadata. Use this action for auditing, verification, or before modifying IP restrictions. Note: Requires Account Governance add-on on a Pay-as-you-go plan to have IP restrictions. | | `NGROK_GET_RESERVED_DOMAIN` | Get Reserved Domain | Get the details of a reserved domain by ID. Use this to retrieve information about a specific reserved domain including its hostname, certificate configuration, and DNS settings. | | `NGROK_GET_SECRET` | Get Secret | Tool to retrieve detailed information about a vault secret by ID. Use when you need to view the metadata, description, or vault information for an existing secret. | | `NGROK_GET_SECRETS_BY_VAULT` | Get Secrets by Vault | Tool to get all secrets in a vault by vault ID. Use this to retrieve the list of secrets stored in a specific ngrok vault. Supports pagination for large result sets. | | `NGROK_GET_SSH_CREDENTIALS` | Get SSH Credentials | Tool to retrieve detailed information about an SSH credential by ID. Use when you need to view the details, public key, metadata, or ACL rules of an existing SSH credential. | | `NGROK_GET_VAULT` | Get Vault | Get the details of a vault by ID. Use this tool to retrieve information about a specific ngrok vault, including its name, description, metadata, and timestamps. | | `NGROK_LIST_AGENT_INGRESSES` | List Agent Ingresses | List all Agent Ingresses owned by this account. Agent Ingresses are used to configure custom domains for ngrok agent connections, allowing you to use your own domain instead of the default ngrok domains. | | `NGROK_LIST_API_KEYS` | List API Keys | This tool lists all API keys owned by the user. The API keys are used to authenticate API requests to ngrok's REST API. The endpoint returns a paginated list of API keys. | | `NGROK_LIST_BOT_USERS` | List Bot Users | Tool to list all bot users on this ngrok account. Use when you need to retrieve all bot users with their status and metadata. | | `NGROK_LIST_CERT_AUTHORITIES` | List Certificate Authorities | List all certificate authorities on this account. Certificate authorities are x509 certificates used to sign other x509 certificates. Supports pagination and filtering via CEL expressions. | | `NGROK_LIST_CREDENTIALS` | List Tunnel Credentials | List all tunnel authtoken credentials on the ngrok account. Use when you need to view all credentials that can authenticate ngrok agents and start tunnel sessions. | | `NGROK_LIST_ENDPOINTS` | List All Endpoints | List all active endpoints on the ngrok account. This tool will list all active endpoints on the ngrok account, providing visibility into running tunnels and endpoints. It requires no input parameters beyond authentication and serves as a fundamental component for monitoring, managing, and referencing ngrok resources. | | `NGROK_LIST_EVENT_DESTINATIONS` | List Event Destinations | List all Event Destinations on the ngrok account. Event Destinations define where and how ngrok should send event data (e.g., to AWS, Datadog, Azure). Use this to view configured event streaming targets. | | `NGROK_LIST_EVENT_SUBSCRIPTIONS` | List Event Subscriptions | List all event subscriptions on the ngrok account. Event subscriptions allow you to be notified when specific events occur in your ngrok account. Use this to view all configured event subscriptions. | | `NGROK_LIST_EVENT_SUBSCRIPTION_SOURCES` | List Event Subscription Sources | Tool to list the types for which this event subscription will trigger. Use when you need to see all event sources configured for a specific event subscription. | | `NGROK_LIST_FAILOVER_BACKENDS` | List Failover Backends | List all failover backends on this account. Failover backends define failover behavior within a list of referenced backends where traffic is sent to the first backend, and if that backend is offline, ngrok attempts to connect to the next backend in the list. | | `NGROK_LIST_HTTP_RESPONSE_BACKENDS` | List HTTP Response Backends | List all HTTP response backends on the account. Use this to retrieve all configured static HTTP response backends that return fixed responses with specific status codes. | | `NGROK_LIST_HTTPS_EDGES` | List HTTPS Edges | Lists all HTTPS Edges in your ngrok account. HTTPS edges are configurations that tell ngrok how to handle HTTPS traffic. The action returns a paginated list of all HTTPS edges associated with your account. | | `NGROK_LIST_IP_POLICIES` | List IP Policies | List all IP policies on this account. IP policies are reusable groups of CIDR ranges with an allow or deny action that can be attached to endpoints via the Endpoint Configuration IP Policy module. Supports pagination and filtering with CEL expressions. | | `NGROK_LIST_IP_POLICY_RULES` | List IP Policy Rules | This tool lists all IP policy rules associated with your ngrok account. It retrieves detailed information including rule id, creation timestamp, description, metadata, CIDR, the associated IP policy, and the action (allow or deny) for each rule. It supports pagination with parameters 'limit' for the maximum number of results and 'before_id' for pagination. | | `NGROK_LIST_IP_RESTRICTIONS` | List IP Restrictions | Lists all IP restrictions configured on the ngrok account. IP restrictions control which source CIDR blocks are permitted to access specific ngrok account features such as the dashboard, API, agents, or public endpoints. Supports pagination via 'limit' and 'before_id', and filtering via CEL expressions. Returns details including id, uri, created_at, description, metadata, enforced status, type, and associated IP policies for each restriction. | | `NGROK_LIST_RESERVED_ADDRS` | List Reserved Addresses | List all reserved addresses on this account. Use this to retrieve all TCP addresses that have been reserved for listening to traffic on your ngrok account. | | `NGROK_LIST_RESERVED_DOMAINS` | List Reserved Domains | List all reserved domains on this account. Use this to retrieve all hostnames that have been reserved for listening to HTTP, HTTPS, and TLS traffic on your ngrok account. | | `NGROK_LIST_SERVICE_USERS` | List Service Users | Tool to list all service users on this ngrok account. Use when you need to retrieve all service users with their status and metadata. | | `NGROK_LIST_SSH_CERTIFICATE_AUTHORITIES` | List SSH Certificate Authorities | List all SSH Certificate Authorities on this account. SSH Certificate Authorities are pairs of SSH certificates and their private keys used to sign other SSH host and user certificates. Supports pagination and filtering via CEL expressions. | | `NGROK_LIST_SSH_CREDENTIALS` | List SSH Credentials | List all SSH credentials on the ngrok account. Use when you need to view all SSH public keys that can authenticate to start SSH tunnels. | | `NGROK_LIST_SSH_HOST_CERTIFICATES` | List SSH Host Certificates | List all SSH Host Certificates issued on this account. SSH Host Certificates are used to sign SSH host keys and authenticate SSH servers. Supports pagination for efficient retrieval of large result sets. | | `NGROK_LIST_SSH_USER_CERTIFICATES` | List SSH User Certificates | List all SSH user certificates on the ngrok account. Use when you need to view all SSH certificates that authenticate SSH clients to SSH servers. | | `NGROK_LIST_STATIC_BACKENDS` | List Static Backends | List all static backends on the account. Static backends forward traffic to TCP addresses (hostname and port) that are reachable on the public internet. | | `NGROK_LIST_TCP_EDGES` | List TCP Edges | Lists all TCP Edges in your ngrok account. TCP edges are configurations that tell ngrok how to handle TCP traffic. The action returns a paginated list of all TCP edges associated with your account. | | `NGROK_LIST_TLS_CERTIFICATES` | List TLS Certificates | List all TLS certificates on the ngrok account. Use when you need to retrieve information about uploaded TLS certificates including validity, domains, and metadata. | | `NGROK_LIST_TLS_EDGES` | List TLS Edges | Lists all TLS Edges in your ngrok account. TLS edges are configurations that tell ngrok how to handle TLS traffic. The action returns a paginated list of all TLS edges associated with your account. | | `NGROK_LIST_TUNNELS` | List Active Tunnels | List all active tunnels in the ngrok account. This tool lists all active tunnels in the ngrok account, providing details such as tunnel ID, public URL, start time, protocol, configuration details, and metadata. It requires no input parameters beyond authentication and returns a paginated list of all running tunnels with their complete status information. | | `NGROK_LIST_TUNNEL_SESSIONS` | List Tunnel Sessions | List all online tunnel sessions running on this account. Tunnel sessions represent instances of ngrok agents or SSH reverse tunnel sessions connected to the ngrok service. Each tunnel session can include one or more tunnels. | | `NGROK_LIST_VAULTS` | List Vaults | List all vaults owned by the ngrok account. Vaults are used for securely storing and managing sensitive data such as secrets, credentials, and tokens. | | `NGROK_LIST_VAULT_SECRETS` | List Vault Secrets | List all vault secrets owned by the ngrok account. Use when you need to view all secrets stored in vaults for traffic policy configurations. | | `NGROK_LIST_WEIGHTED_BACKENDS` | List Weighted Backends | List all weighted backends on the ngrok account. Weighted backends balance traffic among referenced backends proportionally based on their assigned weights. | | `NGROK_REPLACE_EDGE_ROUTE_CIRCUIT_BREAKER_MODULE` | Replace Edge Route Circuit Breaker Module | Replaces the circuit breaker module configuration on an HTTPS edge route. Circuit breakers protect upstream applications by rejecting traffic when error rates exceed thresholds, giving systems time to recover. Use this action when you need to configure or update circuit breaker settings for a specific route on an HTTPS edge. | | `NGROK_REPLACE_EDGE_ROUTE_COMPRESSION_MODULE` | Replace Edge Route Compression Module | Replaces the compression module configuration for an HTTPS edge route. Use this when you need to enable or disable automatic HTTP response compression for a specific route. | | `NGROK_REPLACE_EDGE_ROUTE_REQUEST_HEADERS_MODULE` | Replace Edge Route Request Headers Module | Replaces the request headers module configuration for an HTTPS edge route. Use this to modify HTTP request headers before they are sent to your upstream application server. You can add new headers or remove existing ones. | | `NGROK_REPLACE_EDGE_ROUTE_RESPONSE_HEADERS_MODULE` | Replace Edge Route Response Headers Module | Replaces the response headers module configuration for an HTTPS edge route. Use this to control which HTTP headers are added to or removed from responses sent to clients. This allows customization of response headers for security, CORS, caching, or other purposes. | | `NGROK_REPLACE_EDGE_ROUTE_TRAFFIC_POLICY` | Replace Edge Route Traffic Policy | Replaces the traffic policy module on an HTTPS edge route. Traffic policies allow you to control and modify HTTP traffic flowing through your ngrok endpoints. Use this action when you need to update or change the traffic policy rules for a specific route on an HTTPS edge. | | `NGROK_REPLACE_EDGE_ROUTE_USER_AGENT_FILTER_MODULE` | Replace Edge Route User Agent Filter Module | Replaces the user agent filter module configuration for an HTTPS edge route. Use this to control which User-Agent strings are allowed or denied access to your route based on regex patterns. Denied patterns take precedence over allowed patterns. | | `NGROK_REPLACE_EDGE_ROUTE_WEBHOOK_VERIFICATION_MODULE` | Replace Edge Route Webhook Verification Module | Replaces the webhook verification module configuration for an HTTPS edge route. Use this to configure ngrok to automatically verify webhook signatures from supported providers. This ensures that only authenticated webhook requests from your chosen provider reach your backend service. | | `NGROK_UPDATE_API_KEY` | Update API Key | Updates attributes of an API key by ID. Use this to modify the description or metadata of an existing API key without changing its token or credentials. | | `NGROK_UPDATE_CREDENTIALS` | Update Credentials | Tool to update attributes of a tunnel authtoken credential by ID. Use when you need to modify the description, metadata, or ACL rules of an existing credential. | | `NGROK_UPDATE_ENDPOINT` | Update Endpoint | Tool to update an Endpoint by ID, currently available only for cloud endpoints. Use this to modify the description, metadata, traffic policy, bindings, or other attributes of an existing endpoint. | | `NGROK_UPDATE_EVENT_SUBSCRIPTION` | Update Event Subscription | Tool to update attributes of an event subscription by ID. Use when you need to modify the description, metadata, destination IDs, or sources of an existing event subscription. | | `NGROK_UPDATE_HTTPS_EDGE_ROUTE` | Update HTTPS Edge Route | Tool to update an HTTPS edge route by ID. Use when you need to modify route configuration for HTTPS traffic handling. Updates can include match patterns, module settings, and metadata. Unspecified modules remain unchanged. | | `NGROK_UPDATE_RESERVED_DOMAIN` | Update Reserved Domain | Tool to update the attributes of a reserved domain by ID. Use this to modify the description, metadata, certificate configuration, or DNS resolver targets of an existing reserved domain. | | `NGROK_UPDATE_SECRET` | Update Secret | Tool to update a vault secret by ID. Use when you need to modify the name, description, metadata, or value of an existing secret in the ngrok vault. | | `NGROK_UPDATE_SSH_CREDENTIAL` | Update SSH Credential | Tool to update attributes of an SSH credential by ID. Use when you need to modify the description, metadata, or ACL rules of an existing SSH credential. | | `NGROK_UPDATE_VAULT` | Update Vault | Tool to update attributes of a vault by ID. Use when you need to modify the name, description, or metadata of an existing vault. | ## Supported Triggers None listed. ## Creating MCP Server - Stand-alone vs Composio SDK The Ngrok MCP server is an implementation of the Model Context Protocol that connects your AI agent to Ngrok. It provides structured and secure access so your agent can perform Ngrok operations on your behalf through a secure, permission-based interface. With Composio's managed implementation, you don't have to create your own developer app. For production, if you're building an end product, we recommend using your own credentials. The managed server helps you prototype fast and go from 0-1 faster. ## Step-by-step Guide ### 1. Prerequisites Before starting, make sure you have: - Composio API Key and Claude/Anthropic API Key - Primary know-how of Claude Agents SDK - A Ngrok account - Some knowledge of Python ### 1. Getting API Keys for Claude/Anthropic and Composio Claude/Anthropic API Key - Go to the [Anthropic Console](https://console.anthropic.com/settings/organization/api-keys) and create an API key. You'll need credits to use the models. - Keep the API key safe. Composio API Key - Log in to the [Composio dashboard](https://dashboard.composio.dev?utm_source=toolkits&utm_medium=framework_docs). - Navigate to your API settings and generate a new API key. - Store this key securely as you'll need it for authentication. ### 2. Install dependencies No description provided. ```python pip install composio-anthropic claude-agent-sdk python-dotenv ``` ```typescript npm install @anthropic-ai/claude-agent-sdk @composio/core dotenv ``` ### 3. Set up environment variables Create a .env file in your project root. What's happening: - COMPOSIO_API_KEY authenticates with Composio - USER_ID identifies the user for session management - ANTHROPIC_API_KEY authenticates with Anthropic/Claude ```bash COMPOSIO_API_KEY=your_composio_api_key_here USER_ID=your_user_id_here ANTHROPIC_API_KEY=your_anthropic_api_key_here ``` ### 4. Import dependencies No description provided. ```python import asyncio from claude_agent_sdk import ClaudeSDKClient, ClaudeAgentOptions import os from composio import Composio from dotenv import load_dotenv load_dotenv() ``` ```typescript import 'dotenv/config'; import readline from 'node:readline'; import { Composio } from '@composio/core'; import { query, type Options } from "@anthropic-ai/claude-agent-sdk"; dotenv.config(); ``` ### 5. Create a Composio instance and Tool Router session No description provided. ```python async def chat_with_remote_mcp(): api_key = os.getenv("COMPOSIO_API_KEY") if not api_key: raise RuntimeError("COMPOSIO_API_KEY is not set") composio = Composio(api_key=api_key) # Create Tool Router session for Ngrok mcp_server = composio.create( user_id=os.getenv("USER_ID"), toolkits=["ngrok"] ) url = mcp_server.mcp.url if not url: raise ValueError("Session URL not found") ``` ```typescript async function chat() { const { COMPOSIO_API_KEY, USER_ID } = process.env; if (!COMPOSIO_API_KEY || !USER_ID) { throw new Error('COMPOSIO_API_KEY and USER_ID required in .env'); } const composio = new Composio({ apiKey: COMPOSIO_API_KEY }); // Create Tool Router session for Ngrok const session = await composio.create(USER_ID, { toolkits: ['ngrok'], }); const mcpUrl = session?.mcp.url; ``` ### 6. Configure Claude Agent with MCP No description provided. ```python # Configure remote MCP server for Claude options = ClaudeAgentOptions( permission_mode="bypassPermissions", mcp_servers={ "composio": { "type": "http", "url": url, "headers": { "x-api-key": os.getenv("COMPOSIO_API_KEY") } } }, system_prompt="You are a helpful assistant with access to Ngrok tools via Composio.", max_turns=10 ) ``` ```typescript const options: Options = { permissionMode: 'bypassPermissions', mcpServers: { composio: { type: 'http', url: mcpUrl, headers: { 'x-api-key': COMPOSIO_API_KEY } } }, systemPrompt: 'You are a helpful assistant with access to Ngrok tools via Composio.', maxTurns: 10, }; ``` ### 7. Create client and start chat loop No description provided. ```python # Create client with context manager async with ClaudeSDKClient(options=options) as client: print("\nChat started. Type 'exit' or 'quit' to end.\n") # Main chat loop while True: user_input = input("You: ").strip() if user_input.lower() in {"exit", "quit"}: print("Goodbye!") break # Send query await client.query(user_input) # Receive and print response print("Claude: ", end="", flush=True) async for message in client.receive_response(): if hasattr(message, "content"): for block in message.content: if hasattr(block, "text"): print(block.text, end="", flush=True) print() ``` ```typescript const rl = readline.createInterface({ input: process.stdin, output: process.stdout, prompt: 'You: ' }); console.log('\nChat started. Type "exit" to quit.\n'); let isProcessing = false; async function ask(prompt: string) { isProcessing = true; rl.pause(); process.stdout.write('Claude is thinking...'); const stream = query({ prompt, options }); let firstChunk = true; for await (const msg of stream) { const content = (msg as any).message?.content || (msg as any).content; if (Array.isArray(content)) { for (const block of content) { if (block.type === 'text' && block.text) { if (firstChunk) { process.stdout.write('\r\x1b[K'); process.stdout.write('Claude: '); firstChunk = false; } process.stdout.write(block.text); } } } } process.stdout.write('\n\n'); isProcessing = false; rl.resume(); rl.prompt(); } rl.on('line', async (line) => { if (isProcessing) return; const input = line.trim(); if (input === 'exit') { rl.close(); process.exit(0); } if (input) await ask(input); else rl.prompt(); }); await ask('What can you help me with?'); } ``` ### 8. Run the application No description provided. ```python if __name__ == "__main__": asyncio.run(chat_with_remote_mcp()) ``` ```typescript try { await chat(); } catch (error) { console.error(error); process.exit(1); } ``` ## Complete Code ```python import asyncio from claude_agent_sdk import ClaudeSDKClient, ClaudeAgentOptions import os from composio import Composio from dotenv import load_dotenv load_dotenv() async def chat_with_remote_mcp(): api_key = os.getenv("COMPOSIO_API_KEY") if not api_key: raise RuntimeError("COMPOSIO_API_KEY is not set") composio = Composio(api_key=api_key) # Create Tool Router session for Ngrok mcp_server = composio.create( user_id=os.getenv("USER_ID"), toolkits=["ngrok"] ) url = mcp_server.mcp.url if not url: raise ValueError("Session URL not found") # Configure remote MCP server for Claude options = ClaudeAgentOptions( permission_mode="bypassPermissions", mcp_servers={ "composio": { "type": "http", "url": url, "headers": { "x-api-key": os.getenv("COMPOSIO_API_KEY") } } }, system_prompt="You are a helpful assistant with access to Ngrok tools via Composio.", max_turns=10 ) # Create client with context manager async with ClaudeSDKClient(options=options) as client: print("\nChat started. Type 'exit' or 'quit' to end.\n") # Main chat loop while True: user_input = input("You: ").strip() if user_input.lower() in {"exit", "quit"}: print("Goodbye!") break # Send query await client.query(user_input) # Receive and print response print("Claude: ", end="", flush=True) async for message in client.receive_response(): if hasattr(message, "content"): for block in message.content: if hasattr(block, "text"): print(block.text, end="", flush=True) print() if __name__ == "__main__": asyncio.run(chat_with_remote_mcp()) ``` ```typescript import 'dotenv/config'; import readline from 'node:readline'; import { Composio } from '@composio/core'; import { query, type Options } from "@anthropic-ai/claude-agent-sdk"; async function chat() { const { COMPOSIO_API_KEY, USER_ID } = process.env; if (!COMPOSIO_API_KEY || !USER_ID) { throw new Error('COMPOSIO_API_KEY and USER_ID required in .env'); } const composio = new Composio({ apiKey: COMPOSIO_API_KEY }); const session = await composio.create(USER_ID, { toolkits: ['ngrok'] }); const mcp_url = session?.mcp.url; const options: Options = { permissionMode: 'bypassPermissions', mcpServers: { composio: { type: 'http', url: mcp_url, headers: { 'x-api-key': COMPOSIO_API_KEY } } }, systemPrompt: 'You are a helpful assistant with access to Ngrok tools via Composio.', maxTurns: 10, }; const rl = readline.createInterface({ input: process.stdin, output: process.stdout, prompt: 'You: ' }); console.log('\nChat started. Type "exit" to quit.\n'); let isProcessing = false; async function ask(prompt: string) { isProcessing = true; rl.pause(); process.stdout.write('Claude is thinking...'); const stream = query({ prompt, options }); let firstChunk = true; for await (const msg of stream) { const content = (msg as any).message?.content || (msg as any).content; if (Array.isArray(content)) { for (const block of content) { if (block.type === 'text' && block.text) { if (firstChunk) { process.stdout.write('\r\x1b[K'); process.stdout.write('Claude: '); firstChunk = false; } process.stdout.write(block.text); } } } } process.stdout.write('\n\n'); isProcessing = false; rl.resume(); rl.prompt(); } rl.on('line', async (line) => { if (isProcessing) return; const input = line.trim(); if (input === 'exit') { rl.close(); process.exit(0); } if (input) await ask(input); else rl.prompt(); }); await ask('What can you help me with?'); } try { await chat(); } catch (error) { console.error(error); process.exit(1); } ``` ## Conclusion You've successfully built a Claude Agent SDK agent that can interact with Ngrok through Composio's Tool Router. Key features: - Native MCP support through Claude's agent framework - Streaming responses for real-time interaction - Permission bypass for smooth automated workflows You can extend this by adding more toolkits, implementing custom business logic, or building a web interface around the agent. ## How to build Ngrok MCP Agent with another framework - [OpenAI Agents SDK](https://composio.dev/toolkits/ngrok/framework/open-ai-agents-sdk) - [Claude Code](https://composio.dev/toolkits/ngrok/framework/claude-code) - [Claude Cowork](https://composio.dev/toolkits/ngrok/framework/claude-cowork) - [Codex](https://composio.dev/toolkits/ngrok/framework/codex) - [OpenClaw](https://composio.dev/toolkits/ngrok/framework/openclaw) - [Hermes](https://composio.dev/toolkits/ngrok/framework/hermes-agent) - [CLI](https://composio.dev/toolkits/ngrok/framework/cli) - [Google ADK](https://composio.dev/toolkits/ngrok/framework/google-adk) - [LangChain](https://composio.dev/toolkits/ngrok/framework/langchain) - [Vercel AI SDK](https://composio.dev/toolkits/ngrok/framework/ai-sdk) - [Mastra AI](https://composio.dev/toolkits/ngrok/framework/mastra-ai) - [LlamaIndex](https://composio.dev/toolkits/ngrok/framework/llama-index) - [CrewAI](https://composio.dev/toolkits/ngrok/framework/crew-ai) ## Related Toolkits - [Supabase](https://composio.dev/toolkits/supabase) - Supabase is an open-source backend platform offering scalable Postgres databases, authentication, storage, and real-time APIs. It lets developers build modern apps without managing infrastructure. - [Codeinterpreter](https://composio.dev/toolkits/codeinterpreter) - Codeinterpreter is a Python-based coding environment with built-in data analysis and visualization. It lets you instantly run scripts, plot results, and prototype solutions inside supported platforms. - [GitHub](https://composio.dev/toolkits/github) - GitHub is a code hosting platform for version control and collaborative software development. It streamlines project management, code review, and team workflows in one place. - [Ably](https://composio.dev/toolkits/ably) - Ably is a real-time messaging platform for live chat and data sync in modern apps. It offers global scale and rock-solid reliability for seamless, instant experiences. - [Abuselpdb](https://composio.dev/toolkits/abuselpdb) - Abuselpdb is a central database for reporting and checking IPs linked to malicious online activity. Use it to quickly identify and report suspicious or abusive IP addresses. - [Alchemy](https://composio.dev/toolkits/alchemy) - Alchemy is a blockchain development platform offering APIs and tools for Ethereum apps. It simplifies building and scaling Web3 projects with robust infrastructure. - [Algolia](https://composio.dev/toolkits/algolia) - Algolia is a hosted search API that powers lightning-fast, relevant search experiences for web and mobile apps. It helps developers deliver instant, typo-tolerant, and scalable search without complex infrastructure. - [Anchor browser](https://composio.dev/toolkits/anchor_browser) - Anchor browser is a developer platform for AI-powered web automation. It transforms complex browser actions into easy API endpoints for streamlined web interaction. - [Apiflash](https://composio.dev/toolkits/apiflash) - Apiflash is a website screenshot API for programmatically capturing web pages. It delivers high-quality screenshots on demand for automation, monitoring, or reporting. - [Apiverve](https://composio.dev/toolkits/apiverve) - Apiverve delivers a suite of powerful APIs that simplify integration for developers. It's designed for reliability and scalability so you can build faster, smarter applications without the integration headache. - [Appcircle](https://composio.dev/toolkits/appcircle) - Appcircle is an enterprise-grade mobile CI/CD platform for building, testing, and publishing mobile apps. It streamlines mobile DevOps so teams ship faster and with more confidence. - [Appdrag](https://composio.dev/toolkits/appdrag) - Appdrag is a cloud platform for building websites, APIs, and databases with drag-and-drop tools and code editing. It accelerates development and iteration by combining hosting, database management, and low-code features in one place. - [Appveyor](https://composio.dev/toolkits/appveyor) - AppVeyor is a cloud-based continuous integration service for building, testing, and deploying applications. It helps developers automate and streamline their software delivery pipelines. - [Backendless](https://composio.dev/toolkits/backendless) - Backendless is a backend-as-a-service platform for mobile and web apps, offering database, file storage, user authentication, and APIs. It helps developers ship scalable applications faster without managing server infrastructure. - [Baserow](https://composio.dev/toolkits/baserow) - Baserow is an open-source no-code database platform for building collaborative data apps. It makes it easy for teams to organize data and automate workflows without writing code. - [Bench](https://composio.dev/toolkits/bench) - Bench is a benchmarking tool for automated performance measurement and analysis. It helps you quickly evaluate, compare, and track your systems or workflows. - [Better stack](https://composio.dev/toolkits/better_stack) - Better Stack is a monitoring, logging, and incident management solution for apps and services. It helps teams ensure application reliability and performance with real-time insights. - [Bitbucket](https://composio.dev/toolkits/bitbucket) - Bitbucket is a Git-based code hosting and collaboration platform for teams. It enables secure repository management and streamlined code reviews. - [Blazemeter](https://composio.dev/toolkits/blazemeter) - Blazemeter is a continuous testing platform for web and mobile app performance. It empowers teams to automate and analyze large-scale tests with ease. - [Blocknative](https://composio.dev/toolkits/blocknative) - Blocknative delivers real-time mempool monitoring and transaction management for public blockchains. Instantly track pending transactions and optimize blockchain interactions with live data. ## Frequently Asked Questions ### What are the differences in Tool Router MCP and Ngrok MCP? With a standalone Ngrok MCP server, the agents and LLMs can only access a fixed set of Ngrok tools tied to that server. However, with the Composio Tool Router, agents can dynamically load tools from Ngrok and many other apps based on the task at hand, all through a single MCP endpoint. ### Can I use Tool Router MCP with Claude Agent SDK? Yes, you can. Claude Agent SDK fully supports MCP integration. You get structured tool calling, message history handling, and model orchestration while Tool Router takes care of discovering and serving the right Ngrok tools. ### Can I manage the permissions and scopes for Ngrok while using Tool Router? Yes, absolutely. You can configure which Ngrok scopes and actions are allowed when connecting your account to Composio. You can also bring your own OAuth credentials or API configuration so you keep full control over what the agent can do. ### How safe is my data with Composio Tool Router? All sensitive data such as tokens, keys, and configuration is fully encrypted at rest and in transit. Composio is SOC 2 Type 2 compliant and follows strict security practices so your Ngrok data and credentials are handled as safely as possible. --- [See all toolkits](https://composio.dev/toolkits) ยท [Composio docs](https://docs.composio.dev/llms.txt)