{"id":"masx200-docker-mcp-server","name":"docker_mcp_server","homepage":null,"repo_url":"https://github.com/masx200/docker_mcp_server","category":"devtools","subcategories":[],"tags":["mcp","docker","devtools","automation","containers","mcp-server"],"what_it_does":"Provides an MCP server that exposes Docker operations as Model Context Protocol (MCP) tools via an HTTP/SSE/WebSocket bridge. It connects to a Docker daemon (optionally over TLS) and uses MCP Mediator to generate MCP tools for Docker client service methods, including many container/image/swarm/network/volume/registry operations.","use_cases":["Giving an AI agent controlled, tool-based access to a local/remote Docker daemon (e.g., create/start/stop containers).","CI/CD automation where an agent needs to inspect images/containers and manage swarm resources.","Interactive operations assistance for developers (e.g., diagnose container state, view logs, inspect networks/volumes).","Registry tasks via Docker (pull/push images; authenticate)."],"not_for":["Publicly exposed deployments without strong network/auth controls (the tool set can take destructive actions).","Use cases requiring fine-grained RBAC or per-tool authorization guarantees (not described).","Environments where mounting the Docker socket or granting Docker daemon access is prohibited.","Multi-tenant agent platforms where users could trigger host-impacting Docker operations."],"best_when":"Used locally or inside a tightly controlled environment (dev machine, dedicated build agent, internal network) with limited exposure, where operators can trust the agent and its prompts.","avoid_when":"Avoid exposing endpoints to the public internet or any broad audience; avoid using with weak/no TLS between components where traffic could be intercepted; avoid if you cannot sandbox/limit the Docker daemon permissions available to the service.","alternatives":["Using Docker directly (CLI or SDK) with an agent orchestrator you control.","A custom, narrowly-scoped wrapper that only allows specific Docker actions (read-only subset).","Other agent/tooling patterns like command whitelisting via an internal API rather than exposing broad Docker functionality through MCP."],"af_score":51.0,"security_score":35.0,"reliability_score":18.8,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T20:03:10.950849+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"http://localhost:3000/mcp/docker (also supports ws://localhost:3000/ws/docker and SSE endpoint /sse/docker)","has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["No first-class auth described for the MCP bridge endpoints (only Docker daemon connectivity options).","Docker registry authentication is supported as a Docker command/tool (docker_authenticate), which implies registry credentials are needed for that tool."],"oauth":false,"scopes":false,"notes":"README focuses on Docker daemon connection (DOCKER_HOST, TLS verify, cert path) rather than authenticating requests to the MCP/HTTP/WebSocket/SSE endpoints. No MCP endpoint authentication/authorization mechanism or scope model is documented."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing info; this appears to be a self-hosted open-source component (GPL-3.0)."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":51.0,"security_score":35.0,"reliability_score":18.8,"mcp_server_quality":78.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":55.0,"rate_limit_clarity":5.0,"tls_enforcement":60.0,"auth_strength":25.0,"scope_granularity":10.0,"dependency_hygiene":45.0,"secret_handling":40.0,"security_notes":"Security posture is heavily dependent on how the service is deployed. The MCP bridge endpoints appear to be accessible over HTTP/WebSocket/SSE without documented authentication/authorization; tool coverage includes highly privileged Docker operations. TLS options relate to connecting to the Docker daemon (e.g., --tls-verify, --cert-path), not necessarily to securing the MCP endpoints. Mounting /var/run/docker.sock grants broad host-level control. Registry auth is supported for push/pull, but no guidance is provided for secret storage/log redaction.","uptime_documented":0.0,"version_stability":30.0,"breaking_changes_history":20.0,"error_recovery":25.0,"idempotency_support":"false","idempotency_notes":"Many exposed Docker tools are inherently non-idempotent (e.g., start/stop/create/remove/push). No idempotency guarantees or retry guidance are documented.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["The MCP tools include destructive operations (remove containers/images/services, prune, leave swarm, etc.); an agent needs strong guardrails/confirmation logic.","If the Docker daemon is reachable via mounted docker.sock or exposed TCP, the MCP server effectively becomes a powerful remote-control surface.","Non-annotated method tool generation is supported, and tool naming/descriptions may be inferred—agents should still validate tool semantics and expected parameters.","Tool behavior depends on the permissions of the Docker daemon identity used by the server; failures may surface as Docker API errors without documented MCP-specific remediation."]}}