Octopus Deploy MCP Server

Official

by OctopusDeploy

Overview Schema Related Servers Score Discussions

TypeScript

Remote

Execute an Octopus REST request (backstop)

execute

Destructive

Send custom HTTP requests to Octopus Deploy REST API for endpoints not covered by curated tools. Must first discover the method and path using grep_llms_txt.

Instructions

Reach Octopus REST endpoints not covered by the curated tools. Use this only after grep_llms_txt has shown you the right method and path.

Method gating is hard-coded server-side, three tiers:

GET → read tier: always allowed (subject to toolset allowlist + sensitive denylist).
POST/PUT/PATCH → write tier: blocked when --read-only is set; requires user confirmation via elicitation otherwise.
DELETE → delete tier: requires --allow-deletes (and is blocked when --read-only is set) AND a stronger user confirmation.

The HTTP method enum is the gate. The tool will not honour any 'isRead' flag the agent invents — the runtime classifies based on the actual method.

Other gates (in order): 0. Path shape: must be '/api' or start with '/api/'. Absolute URLs, '~/api/...', '/octopus/portal/...', query strings, fragments, '..' segments, and percent-encoded slashes are all rejected up front.

Sensitive denylist: API key endpoints and catastrophic deletes (DELETE /api/users/{id}, DELETE /api/spaces/{id}) are always blocked.
Path allowlist — only applied when --toolsets has narrowed the active set. With every toolset enabled (the default, or explicit --toolsets all) any path under /api is reachable subject to the other gates; when toolsets are narrowed, paths only resolve if their owning toolset is enabled so disabling a toolset (e.g. 'certificates') makes its endpoints unreachable even on GET.
Elicitation on every non-GET, with a stronger message for DELETE.

Discover endpoints with grep_llms_txt. Use octopus://api/capabilities to see which toolsets are enabled and whether write/delete modes are on.

Input Schema

TableJSON Schema

Name	Required	Description
`method`	Yes	HTTP method. The method itself is the read/write/delete classifier — GET is read-only, POST/PUT/PATCH are blocked when --read-only is set, DELETE additionally requires --allow-deletes. The agent cannot bypass this by lying about intent.
`path`	Yes	Server-relative path under the Octopus REST API. MUST be exactly '/api' or start with '/api/' — e.g. '/api/spaces/Spaces-1/feeds' or '/api/Spaces-1/projects'. Do NOT pass an absolute URL ('https://octopus.example/api/...'), an SDK-relative path ('~/api/...'), or a host-relative path outside /api ('/octopus/portal/...'); they are all rejected. Query parameters go in `query`, not in this string. Discover valid paths via grep_llms_txt.
`query`	No	Optional query-string parameters as a flat object.
`body`	No	Optional request body for POST/PUT/PATCH calls.
`asCsv`	No	If true, request 'text/csv' for tabular GET responses. The Octopus API honours this for endpoints that support CSV output.
`confirm`	No	Required only when the MCP client does not support elicitation. Set to true to confirm a non-GET call; otherwise the tool aborts.

Tool Definition Quality

A4.6/5.0

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

The description goes far beyond annotations (destructiveHint=true, etc.) by explaining the full gating logic: three-tier method policy, path validation (shape, denylist, allowlist), and elicitation requirements. It also warns that the agent cannot bypass by lying about flags. This provides complete behavioral transparency.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness3/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is long and detailed, with multiple paragraphs and nested bullet points. While well-structured, it is somewhat repetitive (e.g., method gating explained in two places). It could be more concise without losing clarity.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (6 parameters, nested objects, no output schema) and the fact it interacts with a broad REST API, the description covers all necessary contextual information: method gates, path validation, denylist, toolset allowlist, elicitation, and discovery via grep_llms_txt. This is complete.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 100% description coverage, but the description adds critical semantic context: method description explains read/write/delete classification, path describes validation rules (must be /api or start with /api/), and confirms parameter covers elicitation fallback. This enriches the schema significantly.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The tool's name 'execute' is generic, but the title and description clearly state it is for executing Octopus REST requests not covered by curated tools. It specifies the scope (REST endpoints under /api) and distinguishes from sibling tools that cover specific endpoints.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description explicitly tells agents to use this only after grep_llms_txt has shown the method and path. It also details when different HTTP methods are allowed (GET always, POST/PUT/PATCH with restrictions, DELETE with stricter gates). However, it does not explicitly list when to prefer a sibling tool over execute, though the context implies execute is a fallback.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/OctopusDeploy/mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server