// Build, deploy, and manage monday code apps with multi-region, cron, alerts, and security scanning. Use when user says "deploy my app", "push to monday-code", "deploy to monday", "check deployment status", "set environment variables", "push my app", "deploy backend", "deploy frontend", or wants to promote an app version.
| name | monday-code-deploy |
| description | Build, deploy, and manage monday code apps with multi-region, cron, alerts, and security scanning. Use when user says "deploy my app", "push to monday-code", "deploy to monday", "check deployment status", "set environment variables", "push my app", "deploy backend", "deploy frontend", or wants to promote an app version. |
| argument-hint | [frontend|backend|all|status|env|cron|alerts] |
| user-invocable | true |
| allowed-tools | ["Bash","Read","Write","Glob","Grep","mcp__monday-apps__*"] |
Build and deploy monday code apps to the monday-code platform (serverless + CDN).
mapps (npm -g i @mondaycom/apps-cli) CLI installed and authenticated (mapps init). This is the command-line tool for interacting with the monday-code platform.MNDY_MONGODB_CONNECTION_STRING for database access. Deploying an empty app first is recommended to get this value, which is needed for backend deployments.You will need to have the monday app id available as an environment variable (MONDAY_APP_ID) to deploy on your local machine. This is the unique identifier for your app in the monday ecosystem. The app ID will be displayed on the "General Settings" page of your app in the Developer Center.
Verify MONDAY_APP_ID:
echo "MONDAY_APP_ID=${MONDAY_APP_ID}"
If not set, ask the user. They can find it in the URL of their app in the Developer Center.
Verify mapps CLI is installed and authenticated:
mapps --version
If not authenticated:
mapps init
Build and verify:
# Frontend
cd frontend && npm run build
# Backend
cd backend && npm run build
Fix any TypeScript errors before deploying.
Frontend deployment (CDN):
cd frontend
npm run build
mapps code:push -c -d dist -a ${MONDAY_APP_ID:?} --force && rm -f dist.zip
Flags:
-c = CDN deployment (client-side static files)-d dist = Use the dist directory--force = Override existing deployment (required to push directly to the live version, without the need to create a draft version first, pushing and promoting)Backend deployment (Serverless):
cd backend
npm run build
mapps code:push -a ${MONDAY_APP_ID:?} --force && rm -f code.tar.gz
Fullstack deployment (both): Deploy frontend first, then backend:
# 1. Frontend to CDN
cd frontend && npm run build && mapps code:push -c -d dist -a ${MONDAY_APP_ID:?} --force && rm -f dist.zip
# 2. Backend to serverless
cd ../backend && npm run build && mapps code:push -a ${MONDAY_APP_ID:?} --force && rm -f code.tar.gz
With security scanning:
Add -s flag to enable security scanning of the deployment artifact:
mapps code:push -a ${MONDAY_APP_ID:?} -s
View the security report after deployment:
mapps code:report -a ${MONDAY_APP_ID:?}
Security scanning is non-blocking - deployment proceeds even if vulnerabilities are found.
After deployment, connect it to app features
mapps app-features:build -a ${MONDAY_APP_ID} -i <version_id> -f <feature_id> -d
Feature types and deployment mapping:
| Feature Type | Deployment | Flag |
|---|---|---|
| BoardView, ItemView, DashboardWidget, ProductView | CDN | -c |
| Workflow block | Serverless | (no flag) |
Check deployment status:
mapps code:status --appVersionId <version_id>
Or use MCP:
monday_apps_get_deployment_status({ appVersionId: VERSION_ID })
View logs:
# Get version ID first
mapps code:logs -i <version_id>
# Stream real-time logs
mapps code:logs -i <version_id> --follow
List current env vars:
mapps code:env -a ${MONDAY_APP_ID}
Set environment variable:
mapps code:env -a ${MONDAY_APP_ID} -k KEY -v "value"
Common secrets (as environmnet variables) to set in production:
MONDAY_CLIENT_SECRET - Required for JWT auth for a fullstack app(set in Developer Center > OAuth)MONDAY_SIGNING_SECRET - Required for verifying webhooks from automationsNote: MNDY_MONGODB_CONNECTION_STRING is auto-injected by monday-code after first deploy. Do NOT set it manually.
Using Secrets Manager (for sensitive values accessed at runtime):
import { SecretsManager } from "@mondaycom/apps-sdk";
const secrets = new SecretsManager();
const { value } = await secrets.getSecret("MONDAY_CLIENT_SECRET");
** Set a secret value:** Either via the UI in the Developer Center > App > Host on monday > Server-side code > Secrets tab,
Or via CLI:
mapps code:secret -m set -i ${MONDAY_APP_ID} -k MONDAY_CLIENT_SECRET -v "your_client_secret_value"
For advanced features (multi-region deployment, cron jobs, alerts, promoting app versions), read references/advanced-features.md.
Use advanced features when:
If your app calls external APIs, you may need to configure an allowlist:
Configure in Developer Center > App > Outbound Communication.
/monday-testmapps code:pushmapps app-features:buildmapps code:envmapps code:push -sreferences/advanced-features.mdUser says: "Deploy my monday app to production"
Actions:
MONDAY_APP_ID is set and mapps CLI is authenticatedcd frontend && npm run buildmapps code:push -c -d dist -a ${MONDAY_APP_ID} --forcecd backend && npm run buildmapps code:push -a ${MONDAY_APP_ID} --forcemapps code:status --appVersionId <version_id>Result: App is live on monday-code with frontend on CDN and backend on serverless infrastructure.
mapps not authenticated / mapps init required:
mapps init and follow the prompts to authenticate with your monday account.MONDAY_APP_ID not set:
export MONDAY_APP_ID=<id>.Build fails (TypeScript errors):
npm run build locally and resolve any compilation errors.Deployment times out:
node_modules/ is excluded from the deployment artifact. The backend uses code.tar.gz which should only include built files.code:push fails with "app not found":
Environment variable not visible after deploy:
mapps code:env. Environment variables are baked in at deploy time.MNDY_MONGODB_CONNECTION_STRING is undefined:
mcp__monday-apps__*) to get app version and feature IDsMNDY_MONGODB_CONNECTION_STRING is auto-injected - never set manuallyreferences/advanced-features.md for multi-region, cron jobs, alerts, and promoting versionsMigrate an existing monday.com app from the old OAuth flow to the new OAuth 2.1 flow. Changes token endpoint from oauth2/token to oauth_ms/oauth/token, adds refresh token support, updates token storage, and optionally adds PKCE. ALWAYS use when someone mentions migrating monday OAuth, switching to the new OAuth flow, adding refresh tokens, updating the monday token endpoint, token expiration, or when code calls auth.monday.com/oauth2/token. Also trigger on OAuth deadline/deprecation announcements. Do NOT use for new OAuth from scratch, non-monday OAuth (Google, Slack, Spotify), client credentials flow, DCR, or general monday debugging.
Ensures Vibe design system (@vibe/core) components follow best practices and accessibility standards. Use when writing or reviewing UI code in monday.com apps that import from @vibe/core or @vibe/core/next.
Upgrades a project to a new major version of Vibe (@vibe/core) using MCP migration tools. Use when upgrading from v2 to v3 (monday-ui-react-core → @vibe/core) or from v3 to v4.
Build, test, and debug monday.com GraphQL queries and mutations. Introspects the live schema, handles pagination, column value formatting, and validates queries by executing them. Use when writing API queries, debugging response shapes, or figuring out column value JSON formats.
Bootstrap a project using the monday.com public GraphQL API. Installs the @mondaydotcomorg/api SDK, configures auth, pins API version, and sets up TypeScript codegen. Use when starting a new API integration or adding monday.com API to an existing project.
Migrate between monday.com API versions. Identifies your current version, shows breaking changes, guides code updates, and tests migrated queries. Use when a new API version is released or you need to upgrade from a deprecated version.