infomaniak-mcp-agent

Drive your entire Infomaniak account from Claude — agentic, two-phase commit, open-source.

infomaniak-mcp-agent is an unofficial Model Context Protocol server that exposes the full surface of Infomaniak — Switzerland's sovereign cloud — as 77 tools an LLM can call directly: web hosting, mail (kSuite), kDrive, domains, DNS, DNSSEC, FTP/SSH users, AI products, account audits and more. Every destructive operation goes through a strict two-phase commit, so an agent can never silently delete or mutate something on your account.

You → Claude:  "audit the example.com hosting and tell me which mailboxes are over quota"
Claude → MCP:  infomaniak_audit_account → infomaniak_list_mail_hostings → infomaniak_list_mailboxes
Claude → You:  3 mailboxes >85% — paul@ (94%), notify@ (88%), team@ (87%). Want me to add an alert?

Table of contents

• Why · What it does · How it differs

• Install · Authentication · Quick example

• Tools (77 across 13 areas) · Limitations · Roadmap · FAQ

• Contributing · License

Related MCP server: Proton-MCP

Why this exists

Infomaniak is one of the very few independent, Swiss-owned, open-source-friendly cloud providers in Europe — running its own datacentres in Switzerland, on hydro and wind power, with no parent in the US or China. Its product range is huge (web hosting, mail, kDrive, kChat, DNS, AI cloud, Swiss Backup, …) but its API is split between a documented public surface and a private manager-only one — which means automating real workflows usually requires a browser session, custom scripts, or both.

This project closes that gap by exposing everything through a single MCP server, so Claude or any other MCP client can run real account operations through natural language: provision a hosting, rotate a DNS record, create a mailbox, audit your domains for upcoming expirations, browse your kDrive — without ever forcing you to leave the chat or write a script.

🎒 Built in the open, in real time, by vibe-coding

This project was built rapidly by an LLM driving a terminal session ("vibe-coding"), with live tests against a real Infomaniak account at every step. It works perfectly on the maintainer's local setup and the full pipeline is green (TypeScript strict, ESLint, Prettier, 37 tests, build, CodeQL, gitleaks).

That said — given how it was built and given that several endpoints used here are reverse-engineered (see REVERSE-ENGINEERING.md) — it is entirely possible that you'll hit (potentially big) bugs depending on your account topology, plan tier, scopes, or Infomaniak's own changes. We are here to fix them as they show up. Please:

1. Open an issue with the exact tool call, the input, the response, and your environment (Node version, OS, MCP client). Sanitize tokens / cookies / customer names before pasting.

2. Or, even better, send a PR with a failing test and we will work from there together.

We move fast and ship often. Don't be shy.

⚠️ Status: unofficial

This project is not affiliated with, endorsed by, or sponsored by Infomaniak Network SA. It is a community-driven tool that combines:

1. The public Infomaniak API (api.infomaniak.com), used with a Bearer token you generate yourself.

2. Reverse-engineered manager endpoints (manager.infomaniak.com/proxy/...), required for write operations on web hosting that the public API silently ignores.

For full transparency, read REVERSE-ENGINEERING.md. Infomaniak may change these endpoints without notice; we do our best to keep up but cannot guarantee long-term compatibility.

What you can do with it

Once installed, you can ask Claude things like:

• "List every domain on my account that expires in less than 60 days, sorted by date."

• "Create a new site staging.example.com on hosting WP1234567, PHP 8.3, root in /sites/staging."

• "Add a TXT record on example.com for the new Postmark DKIM, then verify it resolves."

• "How much disk does the database myprefix_wp123456 use, and which application is wired to it?"

• "Create a mailbox hello@example.com with a 16-character random password and forward it to my Gmail."

• "Show me which kDrives I'm an admin on and how full they are."

• "Audit my whole account: any locked product, expiring SSL, broken DNSSEC, ongoing operations?"

• "Undo the last DNS change I made through this session."

It will not silently mutate anything destructive: every change goes through a plan + confirmation token round-trip. You stay in control even if the model gets creative.

Why "agentic" and not "wrapper"

Most MCP servers expose one tool per HTTP endpoint and call it a day. This one is built differently:

• Guided dialogues — creating a site walks you through "which organization? which hosting? root domain or subdomain? what type? recap?" instead of asking you to know the right tool to call upfront.

• Two-phase commit — every destructive operation returns a plan with a single-use confirmation token (60 s TTL). Nothing is mutated until you call back with the token.

• Pre-flight checks — the server checks for conflicts (existing FQDN, busy hosting, expired domain) before hitting the API.

• Actionable errors — every error tells you what happened, why, and the next step you can take.

• Introspection — infomaniak_overview, infomaniak_help and infomaniak_explain give the agent context-on-demand instead of forcing it to memorize a tool catalog.

• Session memory — infomaniak_history lists every destructive action of the current session, and infomaniak_undo reverses the ones that are reversible.

See ARCHITECTURE.md for the full design rationale.

Install

Available on npm — the recommended path is to let npx fetch the latest release on demand:

npx infomaniak-mcp-agent

(no install step needed; npx resolves the latest version on first invocation and caches it).

Or install globally if you prefer a stable binary in your $PATH:

npm install -g infomaniak-mcp-agent

If you'd rather pin to a specific commit (or hack on the source), install from this repo:

git clone https://github.com/Mogacode-ma/infomaniak-mcp-agent.git
cd infomaniak-mcp-agent
npm ci
npm run build
# resulting binary: ./dist/server.js

Configure Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %AppData%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "infomaniak": {
      "command": "npx",
      "args": ["-y", "infomaniak-mcp-agent"],
      "env": {
        "INFOMANIAK_API_TOKEN": "paste-your-token-here",
        "INFOMANIAK_AUTH_MODE": "auto"
      }
    }
  }
}

Restart Claude Desktop to pick up the change.

Configure Claude Code

claude mcp add infomaniak \
  -e INFOMANIAK_API_TOKEN=paste-your-token-here \
  -e INFOMANIAK_AUTH_MODE=auto \
  -- npx -y infomaniak-mcp-agent

Authentication

Two distinct credentials are needed because Infomaniak runs two APIs side-by-side:

1. Bearer token (required)

1. Sign in to your Infomaniak account.

2. Go to manager.infomaniak.com/v3/ng/profile/user/token/list.

3. Click "Create a token", give it a long lifetime, copy the value.

4. Set it in INFOMANIAK_API_TOKEN.

2. Manager session (auto, recommended)

The manager-private API does not accept Bearer tokens or OAuth (Infomaniak only exposes openid profile email phone scopes to third-party apps; web, mail, etc. are reserved). Instead, we read the SASESSION and MANAGER-XSRF-TOKEN cookies that your local Chrome already has when you are logged into manager.infomaniak.com.

With INFOMANIAK_AUTH_MODE=auto (the default), the MCP reads these cookies on demand using chrome-cookies-secure. Nothing is ever written to disk; cookies live in memory for the duration of one operation.

When the session expires, simply reload manager.infomaniak.com in Chrome — the MCP will pick up the fresh cookies on the next call.

3. Manager session (manual fallback)

For headless environments or troubleshooting:

INFOMANIAK_AUTH_MODE=manual
INFOMANIAK_SASESSION=...
INFOMANIAK_XSRF_TOKEN=...

To copy them: open Chrome DevTools on manager.infomaniak.com, Application → Cookies, copy SASESSION and MANAGER-XSRF-TOKEN (URL-encoded — paste as-is, the MCP decodes).

Quick example

A typical first conversation, end-to-end:

You:    What's on my account?
Claude: [calls infomaniak_overview]
        You have 16 organizations, 311 products: 47 web hostings, 73 domains,
        12 mail hostings, 3 kDrives, 2 AI Tools subscriptions.

You:    Any domain expiring soon?
Claude: [calls infomaniak_audit_account on each org]
        2 domains expire in <30 days: example.com (April 22), demo.org (May 04).
        4 SSL certificates were auto-renewed in the last 7 days. No locked products.

You:    Create a TXT record on example.com saying "v=spf1 include:spf.example.net ~all".
Claude: [calls infomaniak_dns_create_record → returns plan + token]
        Plan: CREATE TXT record on example.com → "v=spf1 include:spf.example.net ~all", TTL 3600.
        Confirm with token abc-123 within 60 s.

You:    Confirm.
Claude: [calls infomaniak_dns_create_record again with the token]
        Done. Record id 84219113. Logged in session history (undoable).

Tools

77 tools across 13 areas. Use infomaniak_help to fuzzy-search by intent, or infomaniak_explain to dump a tool's full JSON schema.

Introspection (start here)

Organizations & products

Web hosting sites

SSL certificates

Databases

⚠️ Note: this MCP intentionally does not expose a tool that changes a database user's password through the public API — see REVERSE-ENGINEERING.md §Database users for the destructive side-effect that prevents it. Rotate database passwords via direct MariaDB ALTER USER over SSH instead.

FTP / SSH users

DNS & DNSSEC

Mail

Identity ("who am I?")

Account / Org (deep)

Mail (deep)

Domain (deep)

kDrive (deep, manager-private)

VPS / Cloud Server

Node.js apps (Cloud Server hosting_3)

All Node.js tools are manager-private (the public Bearer API exposes only a state-check for Node.js hostings). They require INFOMANIAK_AUTH_MODE=auto (Chrome cookies) or manual (SASESSION + MANAGER-XSRF-TOKEN env vars). See REVERSE-ENGINEERING.md §Node.js DevOps.

kDrive

URL shortener

Swiss Backup

AI Tools

Workflows (multi-step)

Escape hatch (everything else)

Limitations

• Hard rate limit of 60 req/min on api.infomaniak.com. The MCP throttles automatically with a token-bucket. You will see brief queueing delays on heavy bursts; this is intentional and protects your token from blacklisting.

• No directory outside /sites/ when creating a site. Required by the manager backend (silently no-ops otherwise — see REVERSE-ENGINEERING.md).

• Manager session cookies expire (typically every few hours / when you sign out of Chrome). Re-open manager.infomaniak.com to refresh.

• One concurrent operation per hosting — Infomaniak rejects concurrent POSTs on the same hosting with 400 operation_in_progress. The MCP serializes write calls per hosting.

• WordPress installation is intentionally out of scope. Create the empty site with this MCP, then install WP from the manager's wizard (the applications/add flow uses an undocumented per-step wizard that is too brittle to automate cleanly today).

Roadmap

Shipped in v0.7 (current)

• ✅ Web hosting: list + create + delete sites, databases, FTP/SSH users

• ✅ DNS: full CRUD on records, DNSSEC enable/disable/check

• ✅ Mail: mailboxes, aliases, signatures, backups, redirections — all CRUD

• ✅ kDrive: list drives + browse files

• ✅ Swiss Backup: list slots

• ✅ AI Tools: list products + public model catalogue

• ✅ URL shortener: full CRUD

• ✅ Account audit: domains expiring soon, locked products, ongoing operations

• ✅ Workflow tools: provision_site_full, audit_dns_zones

• ✅ undo / history session tools

• ✅ Generic API escape hatch for any documented endpoint

Next (v0.8+)

• ⬜ kDrive write: upload, download, move, share, archive

• ⬜ Newsletter: campaigns, contacts (untouched today)

• ⬜ kChat: channels, threads, posts (no public API yet — needs reverse-engineering)

• ⬜ Workflow: provision_wordpress_site (needs a WP install path that does not depend on the brittle manager wizard)

• ⬜ Swiss Backup write: slot creation, schedules, restores

• ⬜ Per-tool happy-path tests to push coverage from 35% to 70%

• ⬜ MCPB packaging for one-click install in Claude Desktop

FAQ

Is this an official Infomaniak product?

No. It is community-driven, MIT-licensed, and not affiliated with, endorsed by, or sponsored by Infomaniak Network SA. See the disclaimers in NOTICE and REVERSE-ENGINEERING.md.

Does it work with clients other than Claude?

Yes. It speaks the standard Model Context Protocol over stdio, so it works with any MCP-capable client — Claude Desktop, Claude Code, Cursor, Cline, Continue, Zed AI, and the MCP Inspector for debugging.

Will my Infomaniak token / session ever leave my machine?

No. The server runs locally over stdio. Your Bearer token is read from INFOMANIAK_API_TOKEN (env or .env) and used only to call api.infomaniak.com. The Chrome cookies (SASESSION, MANAGER-XSRF-TOKEN) live in memory for the duration of a single tool call and are never persisted. Logs redact every sensitive value (tokens, cookies, passwords).

Does it support self-hosting / running outside macOS?

Yes — INFOMANIAK_AUTH_MODE=manual lets you paste cookies straight into env vars, which is the path to use on Linux servers, Docker containers, or CI. Auto-extraction from Chrome works on macOS, Windows, and Linux when Chrome is installed locally.

Why does site creation use a manager-private endpoint and not the public API?

Because the public POST /1/products/{id}/web_hostings/{hid}/sites endpoint silently returns a success response without actually creating anything. After reverse-engineering the manager bundle we found that the manager-private endpoint requires force_fqdn: true, directory: /sites/..., and environment: apache_php — none of which are documented. Full write-up in REVERSE-ENGINEERING.md.

Can it install WordPress automatically?

Not today. The manager's applications/add flow is a multi-step wizard with per-step tokens that is brittle to script. The recommended pattern is: create the empty site with this MCP, then install WordPress (or any other CMS) from the manager wizard or by uploading via FTP/SSH.

Is there a hosted / SaaS version?

No. By design — this server runs against your own credentials on your own machine. There is no hosted SaaS, no hosted proxy, no telemetry.

How do I report a bug or request a tool?

Open a GitHub issue. Include the exact tool call, the input, the response (sanitized — strip tokens, cookies, customer names), and your environment (Node version, OS, MCP client, plan tier). PRs with a failing test are doubly welcome.

What about Infomaniak's own AI Tools?

Infomaniak runs a Swiss-sovereign AI cloud hosting Llama, Mixtral, Whisper and other open-weights models. This MCP exposes infomaniak_list_ai_products and infomaniak_list_ai_models so an agent can discover what's available and what models are public on your account; we deliberately do not wrap their inference endpoints (use the OpenAI-compatible API directly for that).

Contributing

Contributions are welcome. Please read CONTRIBUTING.md and follow the CODE_OF_CONDUCT.md. Security issues should be reported privately per SECURITY.md.

If this saved you time

The fastest way to support the project is a ⭐ star on GitHub — it helps other Infomaniak users find this and tells me what to keep building.

You can also:

• Open an issue for bugs, edge cases, or missing tools

• Start a discussion for design or API questions

• Share what you built with it — I'd love to hear

License

MIT — see NOTICE for the trademark disclaimer.

This project is not affiliated with Infomaniak Network SA. "Infomaniak", "kDrive", "kChat", "kMeet", "kSuite", "Swiss Backup" are trademarks of Infomaniak Network SA.