infra-mcp
This server provides read-only MCP tools to monitor on-premises Linux VMs and PostgreSQL databases over SSH.
VM & Service Management
list_vms— Discover all configured VMs with reachability status and watched service namesget_service_status— Check systemd state, uptime, and last 5 log lines for a serviceget_service_logs— Retrieve bounded journald logs filtered by severity level and line countget_log_file— Fetch the last N lines of an allowed log file, with optional grep filteringget_infra_overview— Combined snapshot of service statuses and database health for a VM in one call
Database Inspection
get_db_status— View connection counts, waiting locks, and long-running queries for a PostgreSQL databasequery_db— Execute caller-suppliedSELECTstatements (read-only, row-limited)list_tables— List all tables (schema + name) in a database, with optional cache refreshdescribe_table— Inspect a table's columns, types, primary key, and foreign keys
Auditing
get_audit_log— View recent entries from the local append-only audit log of all remote operations
Safety & Security
All DB queries run in a
READ ONLYtransaction; SSH commands are checked against per-VM allowlistsLog file access is restricted to an allowed directory list (path traversal blocked)
All output is bounded server-side (200 log lines, 100 DB rows, 200 tables max) with truncation flagged
Provides read-only access to PostgreSQL databases over SSH, allowing agents to query tables, describe schemas, list tables, and check database health metrics such as connection counts and locks.
infra-mcp
Read-only MCP access to on-prem Linux VMs and PostgreSQL databases over SSH.
agent ──stdio──▶ infra-mcp ──SSH──▶ VMs (journald · log files)
└──▶ DBs (read-only PostgreSQL)An agent can check service health, retrieve bounded logs, inspect DB state, and explore table schemas — without terminal access. Every remote operation is allowlist-gated and written to an append-only audit log.
Install
uv tool install infra-mcp
# or
pip install infra-mcpRelated MCP server: Linux MCP Server
Configure
Copy infra-mcp.yaml.example to ~/.infra-mcp/infra-mcp.yaml and edit it.
# Generate a starter config from ~/.ssh/config
infra-mcp generate-config -o ~/.infra-mcp/infra-mcp.yaml
# Create the read-only PostgreSQL role(s)
infra-mcp setup
# Check VM reachability
infra-mcp test
# Refresh discovered services, log dirs, and databases (updates config in place)
infra-mcp discover --in-placeOverride the config path with --config or INFRA_MCP_CONFIG.
Run
infra-mcp runRegister as a stdio MCP server in your client (Claude Code, Cursor, …) with command infra-mcp run.
Updates
infra-mcp checks PyPI for a newer release once a day and, when one exists, prints a
one-line hint to stderr telling you how to upgrade:
uv tool upgrade infra-mcp # or: pip install --upgrade infra-mcpThe check runs in the background, never blocks startup, and never touches stdout. Print
the installed version with infra-mcp --version. Disable the check entirely by setting
INFRA_MCP_NO_UPDATE_CHECK=1.
Tools
VM & services
Tool | Purpose |
| All VMs with reachability and watched services |
| Service states + DB health for one VM in a single call |
| systemd state, uptime, last 5 log lines |
| Bounded journald logs, filtered by severity |
| Last N lines of an allowed log file, optional grep |
Databases
Tool | Purpose |
| Connection counts, waiting locks, long-running query count |
| Bounded caller-supplied |
| Tables in a database (schema + name), capped at 200 |
| Columns, types, primary key, foreign keys for one table |
Meta
Tool | Purpose |
| Recent entries from the local audit log |
All output is bounded server-side (200 log lines, 100 DB rows, 200 tables/columns max). Truncation is always flagged with a -- TRUNCATED: marker. list_tables and describe_table cache results in memory (TTL: schema_cache_ttl_hours, default 24 h); pass refresh: true to force a live re-read.
Security model
SSH commands and systemd services are checked against a per-VM allowlist before any network call.
All DB queries run as a read-only role inside a
READ ONLYtransaction.Log file paths are resolved against a per-VM directory allowlist (
..traversal blocked).Every remote operation is appended to a local JSONL audit log.
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/esp4ce/infra-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server