{"id":"starbops-harvester-mcp-server","name":"harvester-mcp-server","homepage":null,"repo_url":"https://github.com/starbops/harvester-mcp-server","category":"infrastructure","subcategories":[],"tags":["mcp","model-context-protocol","kubernetes","harvester","hci","go","ai-assistants","cli","kubeconfig"],"what_it_does":"Provides a Go-based Model Context Protocol (MCP) server that lets AI assistants interact with a Harvester HCI cluster by translating MCP requests into Kubernetes/Harvester API operations (CRUD-like actions for selected core and Harvester-specific resources) and returning human-readable, LLM-friendly formatted results.","use_cases":["Use Claude Desktop/Cursor to list and inspect Kubernetes/Harvester resources (pods, deployments, services, namespaces, nodes, CRDs).","Query Harvester-specific resources such as virtual machines, images, volumes, and networks.","Assist operators with natural-language investigation of cluster state and summaries grouped by namespace/status.","Build conversational workflows for cluster read operations (and limited delete operations as documented)."],"not_for":["Performing fully automated infrastructure changes safely without operator oversight (no strong safety/permission controls are described beyond kubeconfig auth).","High-throughput or public multi-tenant access (this is a local/server process that uses a cluster kubeconfig).","Services requiring a documented web REST/GraphQL API, SDKs, webhooks, or rate-limit guarantees typical of SaaS APIs."],"best_when":"You run a single-tenant MCP server locally (or in a trusted environment) with a kubeconfig that has the minimum required permissions, and you primarily need read-only (list/get) cluster inspection plus occasional deletes.","avoid_when":"You need fine-grained authorization/auditing at the MCP tool level, you require strong guarantees around destructive operations, or you plan to expose this server to untrusted networks/users.","alternatives":["manusa/kubernetes-mcp-server (reference implementation for a Kubernetes MCP server)","Other Kubernetes-integrated agent tools/CLIs that wrap kubectl/k8s APIs directly","Generic MCP-to-Kubernetes bridges (if available) that provide a similar MCP interface without Harvester-specific resources"],"af_score":53.5,"security_score":43.5,"reliability_score":22.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:46:04.957301+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["kubeconfig (in-cluster config or --kubeconfig or KUBECONFIG or ~/.kube/config)"],"oauth":false,"scopes":false,"notes":"Authentication is delegated to Kubernetes via the provided kubeconfig. No additional auth layer for the MCP server is documented (e.g., no API key, no TLS termination, no MCP auth)."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source tool (license Apache-2.0) with self-hosted infrastructure costs only; no pricing model described."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":53.5,"security_score":43.5,"reliability_score":22.5,"mcp_server_quality":78.0,"documentation_accuracy":75.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":85.0,"rate_limit_clarity":5.0,"tls_enforcement":20.0,"auth_strength":60.0,"scope_granularity":40.0,"dependency_hygiene":50.0,"secret_handling":45.0,"security_notes":"Security is primarily determined by kubeconfig permissions to the target cluster. The MCP server’s external transport/security controls (TLS, authZ/authN for MCP requests) are not described, so assume it is intended for trusted environments. kubeconfig handling is via standard kubeconfig paths/flags; no explicit guidance is provided on preventing logging of sensitive info or enforcing least privilege, so risk depends on runtime configuration and logging.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":30.0,"error_recovery":20.0,"idempotency_support":"false","idempotency_notes":"Documented operations include list/get and delete; no explicit idempotency or retry semantics are described for MCP tools.","pagination_style":"unknown","retry_guidance_documented":false,"known_agent_gotchas":["This is backed by Kubernetes API semantics; agent prompts that request unsupported verbs/resources may fail depending on implemented tools.","Destructive operations (delete) are documented for some resource types; an agent may attempt deletes if not constrained.","Tool output is formatted for LLM consumption; downstream reasoning may be impacted by formatting summaries vs raw details.","Authorization is only as strong as the kubeconfig permissions; over-permissioning increases risk."]}}