{"id":"makbn-docker-mcp-server","name":"docker_mcp_server","homepage":"https://makbn.github.io/docker_mcp_server/","repo_url":"https://github.com/makbn/docker_mcp_server","category":"infrastructure","subcategories":[],"tags":["mcp","model-context-protocol","docker","swarm","devtools","automation","infrastructure","java"],"what_it_does":"Provides a Model Context Protocol (MCP) server that exposes Docker Engine and Docker Swarm operations as MCP Tools, using the mcp_mediator framework to auto-generate tool interfaces from Docker client methods (optionally with @McpTool annotations).","use_cases":["Control a Docker host via an MCP-capable agent (start/stop containers, inspect resources, manage networks/volumes/images).","Swarm administration through MCP tools (join/leave/update/initialize, inspect swarm state).","Integrate Docker operations into AI-driven workflows in tools-first environments like Claude Desktop via an MCP server definition."],"not_for":["Running untrusted or arbitrary Docker commands without access controls and auditing.","Multi-tenant environments where tool calls could affect other users’ containers/registries.","Public internet exposure of an agent-controlled Docker bridge without strong network and auth hardening."],"best_when":"You have an MCP-capable client (e.g., Claude Desktop) running locally or in a controlled network and you want the agent to perform Docker/Swarms tasks by calling well-named MCP tools.","avoid_when":"You cannot restrict the Docker host permissions or you need robust safeguards against data exfiltration (logs/files via copy/logs/exec) and destructive operations (remove/prune/kill).","alternatives":["Use the Docker Engine API directly (with your own service + auth layer) instead of letting an MCP agent call Docker directly.","Wrap Docker operations behind a dedicated REST service with authorization and allowlists, and expose that service via MCP.","Use existing orchestration tools/APIs (e.g., Kubernetes equivalents) if your environment is not Docker-based."],"af_score":49.5,"security_score":40.5,"reliability_score":25.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T20:02:54.885914+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Docker Engine API authentication via TLS client certificates (tcp:// with --tls-verify and --cert-path).","Docker registry auth for pull/push/auth tools (reported as supported; exact method not specified in README)."],"oauth":false,"scopes":false,"notes":"No dedicated MCP authentication/authorization is described in the README; access is effectively controlled by who can reach the MCP server process and by Docker daemon permissions/tls settings."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":null},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":49.5,"security_score":40.5,"reliability_score":25.0,"mcp_server_quality":74.0,"documentation_accuracy":72.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":65.0,"rate_limit_clarity":10.0,"tls_enforcement":60.0,"auth_strength":45.0,"scope_granularity":20.0,"dependency_hygiene":35.0,"secret_handling":40.0,"security_notes":"Security is largely delegated to Docker daemon access controls (TLS client verification via --tls-verify/--cert-path) and to Docker registry auth for push/pull tools. README does not describe MCP-level auth, authorization scopes, allowlisting, sandboxing, audit logging, or secret redaction behavior. The tool set includes highly sensitive/dangerous capabilities (exec, copy archives, logs, remove/prune/kill), so the deployment must be network-restricted and permission-scoped at the Docker daemon level.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":40.0,"error_recovery":20.0,"idempotency_support":"false","idempotency_notes":"No idempotency or retry/idempotent-operation guidance is provided in the README; many exposed Docker operations are inherently non-idempotent (e.g., create/start/exec/remove).","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Destructive commands are exposed as tools (remove/kill/prune/leave/swarm operations), so an agent needs strict guardrails/allowlists.","The MCP tool interface is largely auto-generated; tool parameter naming/types and edge-case behavior may require inspecting the underlying DockerClientService and DockerMcpServer implementation.","Many commands interact with the Docker daemon and may fail due to permissions, daemon availability, or TLS/cert configuration; README does not document expected error formats or recovery patterns.","Operations that transfer data (docker_copy_archive_to_container/from_container, docker_log_container/service, docker_exec_command) can enable sensitive data exposure unless constrained."]}}