Previous: list_tools
Next: get_registry_stats

whoami

Self-inspection for the authenticated caller. Returns email, Pro status, rate-limit remaining, and server time. Useful for debugging and letting agents check quota before a burst of calls.

whoami is the agent's self-awareness tool. It doesn't touch the registry at all — it just reflects the request context back to the caller.

When to use

  • The user asks "am I logged in?" / "am I on Pro?"
  • Debugging a failed shadcn add — check that the token actually resolved to a Pro account.
  • Before a burst of tool calls, the agent can check rateLimit.remaining and pace itself.
  • Support flows — get the email to match against a ticket.

How it works

  1. Pulls the { userId, email, token } context from AsyncLocalStorage (set by the MCP auth gate before the tool runs).
  2. Queries the mcpPro rate limiter for the caller's token prefix (token:{first16chars}) via getRateLimitInfo.
  3. Returns the response. Zero DB reads, zero registry reads — pure memory.

Because the auth gate has already validated Pro status before any tool runs, isPro is always true in a successful whoami response. If you don't have Pro, you never reach this tool — you get a 403 earlier.

Arguments

None.

Response

{
  "email": "[email protected]",
  "userId": "bIBcojrECyUGeDHHo5akXnzlBwTgFOyG",
  "isPro": true,
  "rateLimit": {
    "remaining": 587,
    "resetAt": "2026-04-16T14:32:18.412Z"
  },
  "serverTime": "2026-04-16T14:31:18.412Z"
}

If the rate limiter is unavailable (Redis outage), rateLimit is null — the tool still succeeds.

Example prompts

use shadcnio whoami to confirm I'm on Pro
use shadcnio whoami and tell me how many MCP calls I have left this minute
use shadcnio whoami — I'm debugging a failed install

Manual invocation

curl -s -X POST "https://www.shadcn.io/api/mcp?token=YOUR_TOKEN" \
  -H "content-type: application/json" -H "accept: application/json, text/event-stream" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"whoami","arguments":{}}}' \
  | sed -n 's/^data: //p' | jq '.result.content[0].text | fromjson'

Tips + gotchas

  • Never caches. The rate-limit snapshot is always fresh — that's the point. Cheap, because it's a single Redis GET.
  • isPro is always true in successful responses. MCP is Pro-gated before the tool runs. If you hit this tool, you're authenticated and paying.
  • rateLimit.remaining is per-token. Shared team tokens accumulate against one counter. For larger teams, use a Team/Org subscription so each seat resolves to their own user/token.
  • serverTime helps diagnose clock-skew issues when a client computes resetAt drift locally.

Was this page helpful?

Sign in to leave feedback.

list_tools

List shadcnio's 280+ browser-only developer utilities — hashing, encoding, image conversion, text/security/math. Returns { title, url } pairs.

get_registry_stats

Top-level counts across every surface on shadcn.io — blocks, ai, components, hooks, charts, etc., plus icon library and total icon counts. Module-cached for 10 minutes for near-zero-cost reads.