Skip to main content
Glama
alpacax

Alpacon MCP Server

by alpacax

Alpacon MCP Server

๐Ÿš€ Zero-trust server access for AI agents: Let Claude, Cursor, and other AI tools operate your own and your customers' infrastructure through Alpaconโ€”no VPN, no SSH keys

An MCP (Model Context Protocol) server that extends Alpacon's browser-based, zero-trust infrastructure access to AI assistants. Execute commands, transfer files, monitor metrics, and manage servers across your own and customer environments using natural language.

Python Version MCP Compatible License

โœจ What is Alpacon MCP server?

Alpacon provides browser-based server access with zero-trust security built inโ€”no SSH keys, no VPNs. The Alpacon MCP Server brings that same secure access to AI assistants, so you can operate your own and your customers' infrastructure through natural language while every action is authenticated, authorized, and recorded.

๐ŸŽฏ Key benefits

  • Zero-trust access for AI: AI agents authenticate through Alpacon's identity layerโ€”same RBAC, audit trails, and session recording as human users

  • No credential management: No SSH keys or VPN configs to distributeโ€”one identity, every server

  • Natural language operations: "Show me CPU usage for all web servers in production"

  • AI-powered troubleshooting: "Investigate why server-web-01 is slow and suggest fixes"

  • Multi-workspace support: Access servers across your own and customer environments with a single interface

  • Compliance-ready: Every AI operation is logged with full session recording and audit trails

Related MCP server: MCP SSH Orchestrator

๐ŸŒŸ Core features

๐Ÿ” Zero-trust infrastructure access

  • Authenticate once, access every authorized server

  • Role-based access control (RBAC) with time-limited permissions

  • Full audit trail for every AI operation

  • Automatic session recording for compliance

๐Ÿ”ง Secure remote operations

  • Websh sessions for browser-based terminal access

  • Command execution with real-time output

  • File upload/download via WebFTP with S3 presigned URLs

  • Persistent connections with automatic session management

๐Ÿ“Š Real-time monitoring

  • CPU, memory, disk, and network metrics

  • Performance trend analysis and top server identification

  • Custom alert rule management

  • Comprehensive health dashboards

๐Ÿ’ป System administration

  • User, group, and IAM management

  • Package inventory and system information

  • Network interface and disk analysis

  • Event tracking and search

๐Ÿš€ Quick start

Just run this command and follow the interactive setup:

uvx alpacon-mcp

That's it! The setup wizard will:

  1. โœ… Ask for your region (default: ap1)

  2. โœ… Ask for your workspace name

  3. โœ… Ask for your API token

  4. โœ… Save configuration automatically

  5. โœ… Test the connection

  6. โœ… Show you the Claude Desktop config to copy

No manual file editing required!

Get your API token

Before running the setup, get your API token:

  1. Visit https://alpacon.io

  2. Log in to your account

  3. Click "API Token" in left sidebar

  4. Create new token or copy existing one

  5. Configure ACL permissions (important for command execution)

  6. Copy the token (starts with alpat-...)

Connect to your MCP client

After setup completes, add the configuration to your MCP client:

{
  "mcpServers": {
    "alpacon": {
      "command": "uvx",
      "args": ["alpacon-mcp"]
    }
  }
}

Client-specific locations:

  • Claude Desktop:

    • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

    • Windows: %APPDATA%\Claude\claude_desktop_config.json

  • Cursor: .cursor/mcp.json in your project

  • VS Code: MCP extension settings

Restart or reconnect your MCP client and you're ready! ๐ŸŽ‰


๐ŸŒ Remote MCP server (hosted, no install)

Don't want to run anything locally? Alpacon hosts a managed MCP server at https://mcp.alpacon.io/mcp using the streamable-http transport. Just point your AI client at the URL and sign in through your browser.

Why use the hosted server?

  • No install: No uvx, no Python, no local process to keep running

  • No API token: You authenticate through your browser (OAuth), not by pasting a token into a config file

  • No token.json: Nothing to create, store, or rotate on your machine

  • No region/workspace config: The workspaces you can access come from your loginโ€”you just say which one to use in your prompt (e.g. "list servers in the production workspace")

  • Always up to date: Run the latest tools without upgrading anything

How authentication works

The first time your client connects, it opens a browser window for you to log in to Alpacon (Auth0). After you sign in, the client receives a short-lived token and uses it for every requestโ€”the same identity, RBAC, and audit trail as the Alpacon web console. If your session needs multi-factor re-verification (for example after an MFA timeout), the client automatically reopens the browser to complete it.

Because access is granted per login, you do not set region, workspace, or any API token in your client config. Instead, you name the workspace in your prompt (e.g. "in the production workspace")โ€”tools require it, and the AI passes it along. The region is resolved automatically from your authorized workspaces, so you rarely need to mention it.

Add it to your AI client

Claude Code (CLI):

claude mcp add --transport http alpacon https://mcp.alpacon.io/mcp

On first use, Claude Code opens your browser to sign in. Verify with claude mcp list.

Claude Desktopโ€”add a custom connector (Settings โ†’ Connectors โ†’ Add custom connector) with the URL https://mcp.alpacon.io/mcp, or use the mcp-remote bridge in claude_desktop_config.json:

{
  "mcpServers": {
    "alpacon": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://mcp.alpacon.io/mcp"]
    }
  }
}

Cursorโ€”add to .cursor/mcp.json:

{
  "mcpServers": {
    "alpacon": {
      "url": "https://mcp.alpacon.io/mcp"
    }
  }
}

VS Code (native MCP)โ€”add to .vscode/mcp.json:

{
  "servers": {
    "alpacon": {
      "type": "http",
      "url": "https://mcp.alpacon.io/mcp"
    }
  }
}

Tip: Any MCP client that supports remote/streamable-http servers can connectโ€”just give it the URL https://mcp.alpacon.io/mcp. Clients that only support local (stdio) servers should use the mcp-remote bridge shown above for Claude Desktop.

Hosted vs. localโ€”which should I use?

Hosted (remote MCP)

Local (uvx alpacon-mcp)

Setup

Add a URL, sign in via browser

Install + configure token

Authentication

Browser OAuth (Auth0)

API token in token.json/env

Region/workspace

Resolved from login; named in prompt

Configured per token

Maintenance

None (managed)

Self-managed upgrades

Best for

Quick start, most users

Air-gapped/custom deployments, self-hosting


๐Ÿ“‹ CLI commands reference

uvx alpacon-mcp                                # Start server (auto-setup if needed)
uvx alpacon-mcp setup                          # Run setup wizard (shows token file path)
uvx alpacon-mcp setup --local                  # Use project config instead of global
uvx alpacon-mcp setup --token-file ~/my.json   # Use custom file location
uvx alpacon-mcp test                           # Test your connection
uvx alpacon-mcp list                           # Show configured workspaces
uvx alpacon-mcp add                            # Add another workspace (shows path)

๐Ÿ”ง Advanced installation options

Option A: install UV (if not already installed)

curl -LsSf https://astral.sh/uv/install.sh | sh

Option B: manual configuration

If you prefer to manually configure tokens:

Global Configuration (recommended):

mkdir -p ~/.alpacon-mcp
echo '{
  "ap1": {
    "production": "alpat-ABC123xyz789...",
    "staging": "alpat-DEF456uvw012..."
  }
}' > ~/.alpacon-mcp/token.json

Project-Local Configuration:

mkdir -p config
echo '{
  "ap1": {
    "my-workspace": "alpat-ABC123xyz789..."
  }
}' > config/token.json

Environment Variables:

export ALPACON_MCP_AP1_PRODUCTION_TOKEN="alpat-ABC123xyz789..."
uvx alpacon-mcp

Option C: development installation

git clone https://github.com/alpacax/alpacon-mcp.git
cd alpacon-mcp
uv venv && source .venv/bin/activate
uv install
python main.py

๐Ÿ”Œ Connect to other AI tools

Prefer not to install anything? Skip this section and use the hosted remote MCP server insteadโ€”just point your client at https://mcp.alpacon.io/mcp and sign in via browser.

Cursor IDE

Create .cursor/mcp.json in your project root:

{
  "mcpServers": {
    "alpacon": {
      "command": "uvx",
      "args": ["alpacon-mcp"]
    }
  }
}

VS Code with MCP extension

Install the MCP extension and add to settings:

{
  "mcp.servers": {
    "alpacon": {
      "command": "uvx",
      "args": ["alpacon-mcp"]
    }
  }
}

Note: Token configuration is automatically discovered from:

  1. ~/.alpacon-mcp/token.json (global - recommended)

  2. ./config/token.json (project-local)

  3. Environment variables

๐Ÿ’ฌ Usage examples

Server health monitoring

"Give me a comprehensive health check for server web-01 including CPU, memory, and disk usage for the last 24 hours"

Performance analysis

"Show me the top 5 servers with highest CPU usage and analyze performance trends"

System administration

"List all users who can login on server web-01 and check for any users with sudo privileges"

Automated troubleshooting

"Server web-01 is responding slowly. Help me investigate CPU, memory, disk I/O, and network usage to find the bottleneck"

Command execution

"Execute 'systemctl status nginx' on server web-01 and check the service logs"

File management

"Upload my config.txt file to /home/user/ on server web-01 and then download the logs folder as a zip"

Persistent shell sessions

"Create a persistent shell connection to server web-01 and run these commands: check disk usage, list running processes, and create a backup directory"

๐Ÿ”ง Available tools

๐Ÿ–ฅ๏ธ Server management

  • list_servers: List all servers in workspace

  • get_server: Get detailed server information

  • get_server_overview: Comprehensive server overview (system info + metrics)

  • list_server_notes: View server documentation

  • create_server_note: Create server notes

๐Ÿ“Š Monitoring & metrics

  • get_cpu_usage: CPU utilization metrics

  • get_memory_usage: Memory consumption data

  • get_disk_usage: Disk space metrics

  • get_disk_io: Disk I/O performance metrics

  • get_network_traffic: Network bandwidth usage

  • get_top_servers: Top servers by metric type(s)

  • get_alert_rules: Alert rules configuration

  • get_server_metrics_summary: Comprehensive health overview

๐Ÿ’ป System information

  • get_system_info: Hardware specifications and details

  • get_os_version: Operating system information

  • list_system_users: User account management

  • list_system_groups: Group membership details

  • list_system_packages: Installed software inventory

  • get_network_interfaces: Network configuration

  • get_disk_info: Storage device information

  • get_system_time: System time and uptime

๐Ÿ”ง Remote operations

Command API (requires ACL permission)

  • execute_command: Execute a command on a server and wait for the result

  • list_commands: List recent command history

  • execute_command_multi_server: Execute on multiple servers simultaneously

Websh (shell access)

  • execute_command: Execute single command (auto-manages connections)

  • execute_command_batch: Execute multiple commands on same server

  • websh_session_create: Create Websh session

  • websh_sessions_list: List active sessions

  • websh_session_reconnect: Create new channel for existing session

  • websh_session_terminate: Close sessions

  • websh_websocket_execute: Single command via WebSocket

  • websh_websocket_batch_execute: Multiple commands via WebSocket

  • websh_channel_connect: Persistent connection management

  • websh_channel_execute: Execute using persistent channels

  • websh_channels_list: List active WebSocket channels

  • websh_channel_disconnect: Disconnect and clean up connections

WebFTP (file management)

  • webftp_session_create: Create file transfer session

  • webftp_upload_file: Upload files using S3 presigned URLs

  • webftp_download_file: Download files/folders (folders as .zip)

  • webftp_uploads_list: Upload history

  • webftp_downloads_list: Download history

  • webftp_sessions_list: Active FTP sessions

๐Ÿ”” Alert management

  • list_alerts: List alerts with optional filtering

  • get_alert: Get alert details

  • mute_alert: Mute an alert temporarily

  • create_alert_rule: Create monitoring thresholds

  • update_alert_rule: Update alert rule configuration

  • delete_alert_rule: Delete an alert rule

๐Ÿ›ก๏ธ Security ACLs

  • list_command_acls: List command ACL rules

  • create_command_acl: Create command ACL rule

  • update_command_acl: Update command ACL rule

  • delete_command_acl: Delete command ACL rule

  • list_server_acls: List server ACL rules

  • create_server_acl: Create server ACL rule

  • list_file_acls: List file ACL rules

  • create_file_acl: Create file ACL rule

๐Ÿ“‹ Events & logging

  • list_events: Browse server events and logs

  • get_event: Get event details by ID

  • search_events: Search and filter events

๐Ÿ“ Audit logs

  • list_activity_logs: Audit user and system actions

  • get_activity_log: Get activity log details

  • list_server_logs: Server command execution logs

  • list_webftp_logs: WebFTP file transfer logs

๐Ÿ” Identity and access management (IAM)

User management:

  • list_iam_users: List workspace IAM users with pagination

  • get_iam_user: Get detailed user information

  • create_iam_user: Create new users with group assignment

  • update_iam_user: Update user details and group memberships

  • delete_iam_user: Remove users from workspace

Group management:

  • list_iam_groups: List all workspace groups

  • create_iam_group: Create new IAM group

โš™๏ธ Workspace

  • list_workspaces: List available workspaces

๐ŸŒ Supported platforms

Platform

Status

Notes

Claude Desktop

โœ… Full Support

Recommended client

Cursor IDE

โœ… Full Support

Native MCP integration

VS Code

โœ… Full Support

Requires MCP extension

Continue

โœ… Full Support

Via MCP protocol

Other MCP Clients

โœ… Compatible

Standard protocol support

๐Ÿ“– Documentation

๐Ÿš€ Advanced usage

Multi-workspace management

# Configure tokens for multiple workspaces (ap1 region)
python -c "
from utils.token_manager import TokenManager
tm = TokenManager()
tm.set_token('ap1', 'company-prod', 'ap1-company-prod-token')
tm.set_token('ap1', 'company-staging', 'ap1-company-staging-token')
tm.set_token('ap1', 'company-dev', 'ap1-company-dev-token')
"

Custom config file

# Use custom config file location
export ALPACON_MCP_CONFIG_FILE="/path/to/custom-tokens.json"
uvx alpacon-mcp

Docker deployment

# Build and run with Docker
docker build -t alpacon-mcp .
docker run -v $(pwd)/config:/app/config:ro alpacon-mcp

SSE mode (HTTP transport)

# Run in Server-Sent Events mode for web integration
python main_sse.py
# Server available at http://localhost:8237

๐Ÿ”’ Security & best practices

  • Zero-trust architecture: Every request authenticated and authorized through Alpacon's identity layer

  • Session recording: All Websh and WebFTP operations automatically recorded for audit

  • Workspace-based access control: Separate tokens per workspace with RBAC

  • ACL configuration required: Configure token permissions in Alpacon web interface for command execution

  • Audit logging: All operations logged with full traceability

โš ๏ธ Command execution limitations

Important: Websh and command execution tools can only run pre-approved commands configured in your token's ACL settings:

  1. Visit token details in Alpacon web interface (click on your token)

  2. Configure ACL permissions for allowed commands, servers, and operations

  3. Commands not in ACL will be rejected with 403/404 errors

  4. Contact your administrator if you need additional command permissions

๐Ÿค Contributing

We welcome contributions! Please see our Contributing Guide for details.

  • ๐Ÿ› Bug reports: Use GitHub issues

  • ๐Ÿ’ก Feature requests: Open discussions

  • ๐Ÿ“ Documentation: Help improve guides

  • ๐Ÿ”ง Code contributions: Submit pull requests

๐Ÿ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.


Ready to give your AI agents secure infrastructure access?

Built with โค๏ธ by AlpacaX for the Alpacon ecosystem

A
license - permissive license
-
quality - not tested
B
maintenance

Maintenance

โ€“Maintainers
40dResponse time
3wRelease cycle
12Releases (12mo)
Commit activity
Issues opened vs closed

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/alpacax/alpacon-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server