docker-mcp-server
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| DOCKER_HOST | No | Docker daemon endpoint (e.g., tcp://..., unix://..., ssh://...). Used when DOCKER_MCP_SERVER_HOSTS is not set. | |
| SSH_AUTH_SOCK | No | Path to SSH agent socket for SSH-based remote daemon connections. | |
| DOCKER_CONTEXT | No | Name of Docker context to use for resolving the default daemon. | |
| DOCKER_CERT_PATH | No | Path to directory containing TLS certificates (ca.pem, cert.pem, key.pem). | |
| DOCKER_TLS_VERIFY | No | Set to '1' to enable TLS verification for the Docker daemon connection. | |
| DOCKER_MCP_SERVER_HOSTS | No | Comma-separated list of name=endpoint pairs for multiple daemons. e.g., 'local=auto, prod=ssh://user@host(ro)' | |
| DOCKER_MCP_SERVER_DISABLE | No | Comma-separated list of domains to disable (e.g., 'swarm,buildx,scout'). | |
| DOCKER_MCP_SERVER_READONLY | No | Set to '1', 'true', 'yes', or 'on' to register only read-only tools. | |
| DOCKER_MCP_SERVER_NO_LABELS | No | Set to '1' to disable provenance labels on created Docker objects. | |
| DOCKER_MCP_SERVER_NO_DESTRUCTIVE | No | Set to '1', 'true', 'yes', or 'on' to register everything except destructive tools. | |
| DOCKER_MCP_SERVER_REGISTRY_PASSWORD | No | Password or token for private registry authentication. | |
| DOCKER_MCP_SERVER_REGISTRY_USERNAME | No | Username for private registry authentication (fallback when not provided in tool call). | |
| DOCKER_MCP_SERVER_ALLOW_SELF_TERMINATE | No | Set to '1' to allow destructive actions on the server's own container (bypasses self-termination guard). |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| buildx_buildA | Build an image with BuildKit via Replaces the legacy args:
context - Build context: a filesystem path or Git/HTTP URL (verbatim; no |
| buildx_bakeA | Build multiple targets defined in a bake file (HCL, JSON, or compose). args:
targets - Bake targets to build (default: the |
| buildx_imagetools_inspectA | Inspect a manifest in a registry without pulling. Replaces args:
image - Image reference, e.g. "alpine:3.19" or "ghcr.io/org/repo@sha256:..."
raw - Return the raw manifest bytes (a JSON document) instead of the
human-rendered tree
format - Go template format string (mutually exclusive with |
| buildx_imagetools_createA | Create a manifest list / OCI image index from existing per-platform tags. Replaces args:
target - Tag for the new manifest list ( |
| buildx_listA | List builder instances. returns: list - One dict per builder (parsed from |
| buildx_history_listA | List recent build records (BuildKit build history), parsed from Each record is a past build with its ref, name, status, step counts, and timestamps — useful for
finding a build to drill into with args: builder - Builder instance to read history from (defaults to the active builder) returns: list - One dict per build record (ref, name, status, total/completed/cached steps, times) |
| buildx_history_inspectA | Inspect a single build record by ref, parsed from Returns the full record for one build — duration, materials, attestations, error (if any) — for
debugging a failed or slow build found via args:
ref - Build record ref. Pass the |
| buildx_inspectA | Inspect a builder instance. args: name - Builder name (defaults to the active builder) bootstrap - Boot the builder if it isn't already running returns: dict - {"returncode": int, "stdout": str, "stderr": str, "truncated": bool}. stdout is human-readable; parse with the agent or call buildx_list for JSON. |
| buildx_duA | Report BuildKit cache disk usage as a list of records. A large cache can easily generate more output than MAX_CLI_OUTPUT_BYTES; if that
happens the captured stdout is truncated and this tool drops the final (partial)
record before parsing. For an exhaustive accounting on a busy builder, run
args: builder - Override the active builder
returns: list - One dict per cache record (parsed from |
| buildx_pruneA | Remove BuildKit cache entries. Destructive: this tool always passes args: all - Include internal/frontend images filters - Filter by attributes (e.g. {"until": "24h", "type": "exec.cachemount"}) reserved_space - Amount of disk to always keep (e.g. "10GB") max_used_space - Maximum disk space the cache may use (e.g. "20GB") min_free_space - Target amount of free disk after pruning (e.g. "5GB") builder - Override the active builder timeout_seconds - Subprocess timeout (default 600s) returns: dict - {"returncode": int, "stdout": str, "stderr": str, "truncated": bool} |
| buildx_createA | Create a new BuildKit builder instance. Needed when the default args:
name - Name for the new builder (defaults to a generated name)
driver - BuildKit driver (e.g. "docker-container", "kubernetes", "remote")
driver_opts - Driver-specific options (each becomes |
| buildx_useA | Select the active builder for subsequent buildx operations. Without args:
name - Builder name to activate (from |
| buildx_removeA | Remove a builder instance. args:
name - Builder name to remove (mutually exclusive with |
| system_pingA | Check that the Docker server is responsive. returns: bool - True if the daemon responded successfully |
| system_versionA | Return Docker server version information. returns: dict - Version information from the Docker daemon |
| system_infoA | Return system-wide Docker information. returns: dict - System information from the Docker daemon |
| system_dfA | Summarize Docker disk usage: layer storage plus per-object sizes for images, containers, volumes, build cache. Equivalent to returns: dict - {"LayersSize", "Images", "Containers", "Volumes", "BuildCache"} with per-object size fields |
| host_listA | List the Docker hosts configured via DOCKER_MCP_SERVER_HOSTS. With a single host (or the var unset) this is the one resolved daemon; with several it is the set the
returns: list[dict] - one per host: name; url (resolved daemon URL, null = docker-py platform default); read_only; tls (whether a per-host cert dir is configured); default (the omitted-host fallback) |
| system_loginA | Authenticate with a Docker registry. Security: the password is sent as a tool argument, which many MCP clients log verbatim. Prefer
running args: username - Registry username password - Registry password or token email - Registry account email registry - URL to the registry (defaults to Docker Hub) reauth - Force re-authentication even if valid credentials exist dockercfg_path - Path to a custom dockercfg file returns: dict - The server response from the login request |
| system_logoutA | Clear cached registry credentials from this server's in-memory Docker client. docker-py / the Engine have no true logout: Reaches into a private docker-py attribute ( args: registry - Registry key to clear, or None to clear every cached credential returns: dict - {"cleared": []} |
| system_eventsA | Stream real-time events from the Docker server, bounded by Returns when Caveat for "Wait for the next matching event" idiom: pass args: since - Show events created since this timestamp until - Show events created until this timestamp filters - Filters to apply to the event stream limit - Max events to return (default 100) timeout_seconds - Max wall-clock seconds before returning what was collected (default 30) returns: list - A list of decoded event dicts (length <= limit) |
| system_closeA | Close and drop pooled Docker client connection(s); each is rebuilt lazily on next use. Use this to force a stale or errored connection to be discarded. Prefer returns: bool - True once closed |
| system_reconnectA | Rebuild a pooled Docker client from its configured endpoint, to recover a wedged connection. Validates the rebuilt client before swapping in (and only then closes the old one), so a failed
rebuild leaves the working client in place. Rebuilds the default host's client when returns: dict - the rebuilt host's version info (same shape as |
| compose_upA | Bring up a Docker Compose project, detached. Always runs detached ( args:
project_dir - Dir with the compose file (default: server cwd; paths verbatim, no shell expansion)
files - Explicit compose file paths (repeatable, |
| compose_downA | Stop and remove containers, networks (and optionally volumes) for a compose project. args:
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_psA | List containers in a compose project, parsed from args:
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_logsA | Fetch a bounded slice of logs from a compose project (never follows). args:
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_configA | Render the canonical compose configuration after merges, profiles, and variable substitution. args:
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_buildA | Build images for a compose project. args:
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_pullA | Pre-fetch images for a compose project's services without starting them. Use this to stage images before an outage window, to refresh cached images before
args:
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_restartA | Stop then start services without recreating containers or applying config changes. Use this to bounce a service (e.g. to pick up a runtime file change or clear an
in-memory state). If the compose file has changed (new image, environment, volumes,
ports) use args:
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_stopA | Stop services in a compose project without removing their containers. Unlike args:
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_startA | Start existing (stopped) containers of a compose project. Counterpart to args:
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_runA | Run a one-off command against a compose service. Always passes args:
service - Service name from the compose file
command - Command + args to run (exec-form; no shell unless you invoke one)
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_execA | Run a command inside an already-running compose service container (see also Always passes args:
service - Service name from the compose file
command - Argv to execute inside the container
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_imagesA | List the images used by a compose project's services, parsed from Answers "what image and tag does each service container actually run?" — the containers must
exist ( args:
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_portA | Resolve the host binding for a service's container port. The compose equivalent of args:
service - Service name from the compose file
private_port - The container-internal port to look up
protocol - "tcp" (default) or "udp"
index - Container index when the service has multiple replicas (default 1)
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_waitA | Block until the named service containers stop, then return their exit codes. For one-shot / batch services. A long-running service that never exits blocks until
args:
services - One or more services to wait on. At least one is required.
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_topA | Show the running processes of a compose project's containers. Output is the args:
services - Restrict to these services (default: all)
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_cpA | Copy files/folders between a service container and the server host's filesystem. Exactly one of args:
source - |
| compose_killA | Send a signal to a compose project's containers (default SIGKILL). args:
services - Restrict to these services (default: all)
signal - Signal to send (default "SIGKILL"; e.g. "SIGTERM", "SIGHUP")
remove_orphans - Also remove containers for services not in the compose file
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_pauseA | Pause the containers of a compose project (freezes their processes in place). Paused containers stop consuming CPU but keep memory, network endpoints, and state; resume
with args:
services - Restrict to these services (default: all)
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_unpauseA | Unpause the containers of a compose project (resumes paused processes). args:
services - Restrict to these services (default: all)
project_dir - Dir with the compose file (default: server cwd)
files - Explicit compose file paths (repeatable, |
| compose_listA | List compose projects known to the daemon (across all directories). args: all - Include stopped projects
returns: list - One dict per project (parsed from |
| config_createA | Create an immutable Swarm config object; requires a swarm manager. Configs store non-sensitive configuration files (nginx.conf, app.yaml, etc.) and mount
them into service containers at a specified path. Unlike secrets, config data is not
encrypted at rest — use args: name - Unique config name within the swarm data - Raw bytes content of the config file labels - Labels to set on the config templating - Templating driver config (e.g. {"Name": "golang"} for Go template syntax) returns: dict - The created config's attrs including its id |
| config_inspectA | Get a swarm config's full inspect payload by id or name. Requires a swarm manager. Unlike a secret, a config's payload IS readable after creation:
args: id_or_name - The config id or name returns: dict - The config's attrs (ID, CreatedAt, UpdatedAt, Spec{Name, Labels, Data base64}) |
| config_listA | List swarm configs; requires a swarm manager. Unlike secrets, config attrs include the actual config data ( args: filters - Narrow the list; omit to return every config returns: list - A list of config attrs dicts |
| config_removeA | Remove a swarm config. args: id_or_name - The config id or name returns: bool - True after removal |
| container_runB | Run a container from an image. args:
image - The image to run
command - The command to run in the container
name - Name to assign to the container
detach - Run in the background and return container info
environment - Environment variables to set
ports - Port mappings, e.g. {'2222/tcp': 3333}
volumes - Volumes to mount
network - Name of the network to attach
hostname - Optional hostname for the container
user - Username or UID to run as
working_dir - Working directory inside the container
entrypoint - Entrypoint to override the image default
restart_policy - Restart policy, e.g. {'Name': 'on-failure', 'MaximumRetryCount': 3}
labels - Labels to set on the container
remove - Remove the container when it exits (only with detach=False)
auto_remove - Enable auto-removal of the container on daemon side
privileged - Give extended privileges to the container
tty - Allocate a pseudo-TTY
stdin_open - Keep STDIN open
mem_limit - Memory limit
cpu_count - Number of CPUs
extra_kwargs - Additional keyword arguments forwarded to ContainerCollection.run (call
|
| container_createA | Create a container from an image without starting it. Use this when you need to configure a container (with args: image - Image to create the container from, e.g. "nginx:alpine" command - Override the image's default command; string or list of strings extra_kwargs - Additional docker-py ContainerCollection.create keyword arguments returns: dict - The created container's attrs (not yet running) |
| container_inspectA | Return the full inspect detail for a single container. Use this when you need complete information about one container — config, state,
network settings, mounts, environment variables, and resource limits. For a quick
overview of many containers use args: id_or_name - Container id (full or short) or name
returns: dict - Full container inspect attrs (equivalent to |
| container_listA | List containers. args:
all - Show all containers, including stopped ones
since - Only show containers created after this id or name
before - Only show containers created before this id or name
limit - Maximum number of results
filters - Filter by attributes (e.g. status, label)
sparse - Skip inspect calls and return less detail
ignore_removed - Ignore containers removed during listing
managed_only - Only return containers created by this MCP server (filters on the
docker-mcp-server.managed label); combines with any |
| container_pruneA | Remove all stopped containers to reclaim disk space. Only removes containers that are not running — running containers are never affected.
Use args: filters - Narrow which stopped containers to remove; omit to remove all stopped returns: dict - {"ContainersDeleted": [...], "SpaceReclaimed": } |
| container_startA | Start an existing stopped container. Use this to restart a container that was previously created or stopped without removing it.
To create and start a new container in one step use args: id_or_name - Container id (full or short) or name returns: dict - The container's full attrs after starting |
| container_stopA | Gracefully stop a running container (its configured stop signal, then SIGKILL after a timeout). Prefer this over args: id_or_name - The container id or name stop_timeout_seconds - Seconds between the stop signal and SIGKILL (default 10) returns: dict - The container's attrs after the stop (exit code under State.ExitCode) |
| container_restartA | Restart a container. args: id_or_name - The container id or name stop_timeout_seconds - Seconds to wait for graceful stop before SIGKILL and restart returns: dict - The container's attrs after restart |
| container_killA | Send a signal to a running container (default SIGKILL — immediate, no graceful shutdown). Use it to force-kill a container that ignores args: id_or_name - The container id or name signal - Signal name or number as a string (e.g. "SIGHUP", "9"); default SIGKILL returns: dict - The container's attrs after the signal |
| container_pauseA | Suspend all processes in a container using the kernel freezer cgroup. Unlike sending SIGSTOP, the freezer cgroup suspends processes without their being able
to observe or intercept the suspension. A paused container keeps its resources (memory,
open file descriptors) but consumes no CPU. Resume with args: id_or_name - The container id or name returns: dict - The container's attrs after pause |
| container_unpauseA | Resume all processes in a paused container (the reverse of Only valid on a paused container — it fails if the container is merely stopped; use
args: id_or_name - The container id or name returns: dict - The container's attrs after unpause (State.Paused becomes false) |
| container_removeA | Remove a container. args:
id_or_name - The container id or name
volumes - Also remove anonymous volumes (the CLI's |
| container_logsA | Get the logs of a container: a one-shot snapshot by default, or a bounded live tail with Follow mode returns when Caveat for args:
id_or_name - The container id or name
stdout - Include stdout
stderr - Include stderr
timestamps - Include timestamps
tail - Number of lines from the end (default 200), or the literal "all" for everything
since - Only return logs created after this unix timestamp
until - Only return logs created before this unix timestamp (snapshot mode only)
follow - Follow the live log stream instead of returning a snapshot
limit_lines - Follow mode: max lines to collect before returning (default 200)
timeout_seconds - Follow mode: max wall-clock seconds before returning what was collected (default 30)
returns: str - Decoded log output (up to |
| container_statsA | Get one point-in-time resource-usage snapshot for a container (non-streaming). Returns the raw engine stats payload; CPU percent must be computed from the delta between
args: id_or_name - The container id or name returns: dict - Engine stats payload (read, cpu_stats, precpu_stats, memory_stats, networks, pids_stats, ...) |
| container_topA | List the processes running inside a container (the daemon runs Works on any running container without executing anything in it, so it needs no shell or args: id_or_name - The container id or name ps_args - Extra ps arguments (e.g. "aux"); default is the daemon's standard ps invocation returns: dict - {"Titles": [ps column names], "Processes": [[one row of values per process]]} |
| container_execA | Run a command inside a running container (for a compose service, prefer Security: when any element of args: id_or_name - The container id or name cmd - Command to execute (prefer exec-form argv, no shell, when any element is agent-controlled) stdout - Attach to stdout stderr - Attach to stderr stdin - Attach to stdin tty - Allocate a pseudo-TTY privileged - Run with extended privileges user - User to run the command as detach - Detach from the exec environment - Environment variables workdir - Working directory inside the container demux - Return stdout and stderr separately returns: dict - Mapping with exit_code and output keys |
| container_commitA | Snapshot a container's current filesystem state as a new image. Useful for capturing a debugging state or saving manual changes made inside a container.
For repeatable builds use a Dockerfile instead. The container is paused by default during
the snapshot to ensure filesystem consistency — set args: id_or_name - Container id or name to snapshot repository - Repository name for the new image, e.g. "myorg/myimage" tag - Tag for the new image (default: "latest") message - Commit message stored in the image metadata author - Author string stored in the image metadata pause - Pause the container during commit for consistency (default True) changes - Dockerfile instructions (CMD, ENV, EXPOSE, etc.) to apply to the image conf - Additional image configuration overrides as a dict returns: dict - The new image's attrs |
| container_diffA | List filesystem changes a container has made relative to its image. Use it to audit what a container wrote before args: id_or_name - The container id or name returns: list - Dicts of {"Path", "Kind"}; Kind 0=modified, 1=added, 2=deleted |
| container_renameA | Rename a container in place; its id, state, and configuration are unchanged. Use it to free up or claim a container name (names are unique per daemon) — e.g. before
starting a replacement under the old name. Fails with a conflict error if the new name is
already taken. Not related to args: id_or_name - The container id or name name - The new name; must not be in use by any other container returns: dict - The container's attrs after the rename |
| container_updateA | Update resource limits on a container without recreating it. Changes take effect immediately on Linux (cgroups); not all fields are updatable on
every platform. Common args: id_or_name - Container id or name to update updates - Resource fields to update; see description for valid keys returns: dict - The container's full attrs after the update |
| container_waitA | Block until a container reaches a condition: stopped, "healthy", or its logs contain a pattern. One contract for every mode: never raises on timeout — the result always carries Health semantics: with no HEALTHCHECK defined, once the container is Log-match semantics: args:
id_or_name - The container id or name
until - Condition to wait for: "not-running" (default), "next-exit", "removed", "healthy",
or "log-match" (requires |
| container_exportA | Export a container's filesystem as a tar archive: to a file on the server host, or in band. With args: id_or_name - The container id or name dest_path - Destination path on the server host; omit to return the bytes in band overwrite - Replace dest_path if it already exists (default False) max_bytes - In-band mode: abort with ValueError beyond this many bytes (default 32 MiB) returns: bytes | dict - the tar bytes (in band), or {"path": , "bytes_written": int} |
| container_archive_getA | Retrieve a file or directory from a container as a tar archive, returned in band. For large paths prefer args: id_or_name - The container id or name path - Path inside the container max_bytes - Abort with ValueError if the archive exceeds this many bytes (defaults to 32 MiB) returns: dict - Mapping with archive (bytes) and stat (dict) keys |
| container_archive_get_to_fileA | Retrieve a file or directory from a container as a tar archive written to a file on the server host. Streams straight to disk (no in-band byte cap). The file is written by the server's user; args: id_or_name - The container id or name path - Path inside the container dest_path - Destination path on the server host for the tarball overwrite - Replace dest_path if it already exists (default False) returns: dict - {"path": , "bytes_written": int, "stat": dict} |
| container_archive_putA | Upload a tar archive to a path inside a container, from in-band bytes or a file on the server host. Pass exactly one of args: id_or_name - The container id or name path - Destination path inside the container (must already exist) data - Tar archive bytes; exactly one of data/from_file from_file - Path on the server host to the tar archive to upload; exactly one of data/from_file returns: bool - True if the upload succeeded |
| context_listA | List Docker CLI contexts known to the host running this MCP server. Contexts are a CLI concept (stored in the docker config dir) letting one CLI target multiple daemons. This server uses whatever DOCKER_HOST / current-context resolved to at startup, so changing contexts only affects future subprocess-based tools, not the docker-py SDK client. returns: list - One dict per context with at least name, description, dockerEndpoint, and current |
| context_inspectA | Return the full configuration for a single Docker context. args: name - Context name (use the |
| context_createA | Create a new Docker CLI context pointing at a daemon endpoint. args:
name - Name for the new context (must not already exist)
docker_host - Daemon URL, e.g. "tcp://10.0.0.5:2376" or "unix:///var/run/docker.sock"
description - Optional human description shown in |
| context_useA | Set the active Docker context for the CLI on the host running this MCP server. Note: this does not retarget the long-lived docker-py client — SDK-backed tools keep using the endpoint they connected to at startup. To retarget those, restart the server with a different DOCKER_HOST / DOCKER_CONTEXT. args: name - Existing context name to set as default returns: dict - {"returncode": int, "stdout": str, "stderr": str, "truncated": bool} |
| context_removeA | Remove a Docker CLI context. args: name - Context name to remove force - Force removal even if the context is the current one returns: dict - {"returncode": int, "stdout": str, "stderr": str, "truncated": bool} |
| image_buildA | Build an image from a Dockerfile using the daemon's classic builder. Use this for simple single-platform builds from a local context. For multi-platform
builds, BuildKit cache export/import, or advanced build features prefer args:
path - Build context directory path on the server host
tag - Name and optional tag in "name:tag" format to apply to the built image
quiet - Suppress verbose build output (final image id still returned)
nocache - Ignore the layer cache and rebuild all layers
rm - Remove intermediate containers on success (default True)
pull - Always pull a newer version of each FROM base image before building
forcerm - Remove intermediate containers even on build failure
dockerfile - Dockerfile filename relative to path (default: "Dockerfile")
buildargs - Build-time variables passed as |
| image_inspectA | Return the full inspect detail for a single local image. Includes config (env, entrypoint, exposed ports), size, layer digests ( args: id_or_name - Image name (with optional tag/digest) or id
returns: dict - Full image inspect attrs (equivalent to |
| image_registry_dataA | Get registry data for an image without pulling it, via the daemon's distribution endpoint. Uses the daemon (and its cached credentials) to resolve the remote descriptor and platform
list. For direct registry access without a daemon use Security: args: repository - Image reference auth_config - Optional registry authentication config returns: dict - Registry data attrs |
| image_listA | List images on the server. args: repository - Only show images of this repository all - Show intermediate image layers filters - Filter by attributes (label, dangling, before, since, etc.) returns: list - A list of image attrs dicts |
| image_pullA | Pull an image from a registry to the daemon's local store. args: repository - The image repository tag - The image tag (ignored when all_tags=True) all_tags - Pull all tags from the repository platform - Platform in os/arch format returns: dict | list - Pulled image attrs (or a list of attrs if all_tags=True) |
| image_pushA | Push an image or repository to a registry. Security: args: repository - The image repository tag - The tag to push auth_config - Optional registry authentication config returns: str - Push output as a string |
| image_removeA | Remove a local image by name or id. Fails without args: id_or_name - Image name (with optional tag/digest) or id to remove force - Remove even if referenced by stopped containers or multiple tags noprune - Do not delete untagged intermediate parent layers returns: bool - True after removal completes |
| image_searchA | Search Docker Hub for public images matching a term. Searches Docker Hub only — not GHCR, ECR, or other registries. For listing tags on a
specific image from any OCI registry use args: term - Search keyword, e.g. "nginx" or "python" limit - Maximum number of results to return (Docker Hub default is 25) returns: list - List of matching image dicts from Docker Hub |
| image_pruneA | Remove unused local images to reclaim disk space. Without filters removes only "dangling" images — untagged layers not referenced by any
tag or container. To remove all images not used by any container (including tagged ones)
pass args: filters - Narrow which images to remove; omit to remove dangling images only returns: dict - {"ImagesDeleted": [...], "SpaceReclaimed": } |
| image_loadA | Load an image from a tarball produced by image_save, from in-band bytes or a file on the server host. Pass exactly one of args:
data - Tarball contents; exactly one of data/from_file
from_file - Path to a tarball produced by |
| image_saveA | Save an image as a tar archive: to a file on the server host, or in band. With args: id_or_name - Image name or id dest_path - Destination path on the server host; omit to return the bytes in band named - Whether to retain repository/tag names in the saved archive overwrite - Replace dest_path if it already exists (default False) max_bytes - In-band mode: abort with ValueError beyond this many bytes (default 32 MiB) returns: bytes | dict - the tarball bytes (in band), or {"path": , "bytes_written": int} |
| image_tagA | Tag an image into a repository. args: id_or_name - The source image name or id repository - Target repository name tag - Optional tag for the new image force - Force the tag returns: bool - True if the image was tagged |
| image_historyA | Return the layer history of an image. Useful for auditing what commands built each layer and diagnosing image size. Each entry
includes args: id_or_name - Image name (with optional tag/digest) or id returns: list - Layer history entries, newest first |
| network_createA | Create a network. The daemon default driver is args:
name - The name of the network
driver - Driver name (daemon default |
| network_inspectA | Return the full inspect detail for a single network. Includes the connected containers ( args: id_or_name - The network id or name
returns: dict - Full network inspect attrs (equivalent to |
| network_listA | List networks. Valid filter keys: args:
names - Filter by exact network names
ids - Filter by exact network ids
filters - Additional server-side filters; see description for valid keys
greedy - Fetch extended per-network details (including connected containers)
managed_only - Only return networks created by this MCP server (filters on the
docker-mcp-server.managed label); combines with any |
| network_pruneA | Remove networks that have no active container endpoints. Built-in networks (bridge, host, none) are never removed. Only networks with zero
connected containers are eligible. Valid filter keys: args: filters - Narrow which networks to remove; omit to remove all unused custom networks returns: dict - {"NetworksDeleted": [...]} |
| network_removeA | Remove a single custom network by id or name. Fails if any container is still attached (disconnect with args: id_or_name - The network id or name returns: bool - True after removal |
| network_connectA | Attach a running container to an additional network without restarting it. Use this to give a container access to services on a network it was not started with.
args: id_or_name - Network id or name to connect the container to container - Container id or name to attach aliases - Additional DNS names for this container within the network links - Legacy container links (deprecated) ipv4_address - Static IPv4 address to assign on this network ipv6_address - Static IPv6 address to assign on this network link_local_ips - Link-local IP addresses to assign driver_opt - Driver-specific endpoint options returns: bool - True after the container is connected |
| network_disconnectA | Disconnect a container from a network. The container keeps running with its other network attachments; only this endpoint is removed
(the reverse of args: id_or_name - The network id or name container - The container id or name to disconnect force - Force the disconnect; use to clear a stale endpoint (e.g. from a deleted container) returns: bool - True after the container is disconnected |
| node_inspectA | Get a swarm node's full inspect payload by id or name. Must run against a swarm manager. Shows role, availability, status, and manager reachability —
use args: id_or_name - The node id or hostname (as shown by |
| node_listA | List swarm nodes. args: filters - Filter by attributes (id, name, membership, role) returns: list - A list of node attrs dicts |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| lookup_docker_docs | Read the Docker SDK for Python documentation for a section before writing code that uses it. |
| verify_docker_method | Verify that a specific Docker SDK method exists before relying on it. |
| deploy_container | Deploy a containerized application end-to-end: image, network, volume, container. |
| troubleshoot_container | Troubleshoot a misbehaving container by gathering logs, state, and stats. |
| monitor_container_fleet | Sweep every running container for health and resource pressure (read-only monitoring). |
| triage_incident | Triage a host-wide incident from symptoms when you don't yet know which container is at fault. |
| migrate_container | Replace a running container with a new image while preserving its configuration. |
| clean_environment | Reclaim disk space by pruning unused docker resources. |
| prune_managed | Tear down only the resources this MCP server created, leaving everything else untouched. |
| inspect_stack | Inspect every docker resource that shares a label. |
| plan_compose_stack | Plan a multi-container application from an informal description. |
| deploy_compose_project | Bring up a Docker Compose project and verify it's healthy. |
| troubleshoot_compose_project | Diagnose a misbehaving Docker Compose project. |
| audit_docker_contexts | Review this server's configured hosts and Docker contexts, and the daemon it targets. |
| audit_swarm_health | Audit the health of a docker swarm: nodes, services, and task convergence. |
| find_latest_image_tag | Find the latest tag for an image without pulling it. |
| plan_multiarch_build | Plan and run a multi-platform image build with buildx. |
| audit_image_cves | Audit an image's CVE posture with Docker Scout. |
| compare_image_versions | Compare two image versions and report the CVE delta. |
| recommend_base_image | Recommend a safer base image via Docker Scout. |
| inspect_multiarch_manifest | Inspect a multi-arch manifest list / OCI image index without pulling. |
| create_multiarch_manifest | Create a multi-arch manifest list from existing per-platform tags. |
| migrate_from_docker_manifest | Translate `docker manifest …` commands into buildx imagetools equivalents. |
| review_dockerfile | Review a Dockerfile for security, correctness, and cache-efficiency issues. |
| audit_container_security | Audit running containers for risky runtime configuration (privilege, host access). |
| debug_container_networking | Diagnose why one container cannot reach another over the network. |
| investigate_disk_usage | Investigate what is consuming docker disk space before pruning. |
| backup_volume | Back up a named volume's contents to a tar file on the server host. |
| restore_volume | Restore a named volume's contents from a tar file on the server host. |
| deploy_swarm_stack | Deploy a Compose file to a swarm as a stack and verify the rollout. |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| list_docs_sections | List the available documentation sections. The response keeps the original `base_url` and `sections` (a list of section names) fields for backward compatibility with clients that parsed the pre-extension shape. Sections served from external URLs (compose, context, registry specs) appear in `sections` alongside the SDK ones; their absolute URLs live in `section_urls`. returns: str - JSON describing each section's source URL and how to read it |
| get_tool_catalog | List every tool this server knows about with its domain, mutation category, and whether the active env switches actually registered it. Read this to see the blast radius of a tool before calling it (READ_ONLY / MUTATING / DESTRUCTIVE) and to confirm which whole domains the operator disabled via DOCKER_MCP_SERVER_DISABLE (or the read-only switches) — a tool absent from the live tool list but present here as `registered: false` was filtered out by configuration, not missing by mistake. returns: str - JSON with `switches`, per-domain counts, and a per-tool list |
| get_hosts_resource | The Docker hosts configured via DOCKER_MCP_SERVER_HOSTS — the same data as the `host_list` tool: each host's name, resolved daemon URL, read_only / tls flags, and which one is the default used when a tool's `host` argument is omitted. The resolved default is observable here but is not itself a selectable label. returns: str - JSON list, one object per configured host |
| list_container_resources | Index every container with the resource URIs for reading its logs and live stats. Lists all containers (running and stopped). Each entry carries a `logs` URI (readable in any state — useful for diagnosing why a container exited) and, for running containers only, a `stats` URI (a stopped container has no live cgroup to sample). Exited containers include their `exit_code` as a triage signal. returns: str - JSON object {"containers": [{id, name, image, status, exit_code?, logs, stats?}, ...]} |
| list_service_resources | Index every swarm service with the resource URIs for reading its logs and task/rollout status. returns: str - JSON object {"services": [{id, name, image, mode, desired_replicas, logs, tasks}, ...]} |
| list_node_resources | Index every swarm node with its state, availability, role, and (for managers) reachability. Index only — no per-node child resource. Watch this to notice a node flapping between ready/down, or an unexpected availability/role change, without re-querying `node_list`. returns: str - JSON object {"nodes": [{id, hostname, state, availability, role, manager_reachability}, ...]} |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/GavinLucas/docker-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server