Which integrations are available for this server?

Integrates with Docker through Portainer, enabling container lifecycle management, image pulling, volume and network operations, and swarm awareness for cluster management. Offers Laravel-specific debugging tools such as reading Laravel error logs and executing artisan tinker commands within containers of a stack. Provides tools to manage Portainer environments, including deploying and updating stacks, managing containers, images, volumes, and networks, executing commands, analyzing logs, and inspecting endpoints.

How do I use portainer-mcp?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@portainer-mcp deploy the nginx stack from the docker-compose.yml" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

portainer-mcp

by ginkida

Overview Schema Related Servers Score Discussions

Python

Remote

Portainer MCP Server

License: MIT Python 3.10+ MCP PyPI

An MCP (Model Context Protocol) server that gives AI assistants — Claude, Copilot, Cursor, and others — 41 tools to manage Portainer container environments: deploy and update stacks, manage containers/images/volumes/networks, exec commands, analyze logs, debug Laravel apps, and inspect endpoints — all through natural language.

For LLM agents: This server connects via stdio transport. Every tool returns JSON. All mutating operations are audit-logged. Credentials are passed via environment variables, never hardcoded.

Why Use This

Natural language DevOps — Ask your AI assistant to deploy a stack, check container logs, or pull an image.
Swarm-aware — Automatically detects Docker Swarm clusters and uses the correct API.
Safe by default — Input validation, path traversal protection, sensitive field filtering, and force-remove disabled by default.
Works everywhere — Claude Desktop, Claude Code, Cursor, Windsurf, VS Code, Continue.dev.

Quick Start

1. Install

pip install portainer-mcp

Or from source:

git clone https://github.com/ginkida/portainer-mcp.git
cd portainer-mcp
pip install -e .

2. Configure your AI client

Pick your client below, paste the config, and replace the placeholder values with your Portainer credentials.

Client Configuration

Claude Desktop

File: ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows)

{
  "mcpServers": {
    "portainer": {
      "command": "python3",
      "args": ["-m", "portainer_mcp.server"],
      "env": {
        "PORTAINER_URL": "https://your-portainer:9443",
        "PORTAINER_USERNAME": "admin",
        "PORTAINER_PASSWORD": "your-password",
        "PORTAINER_VERIFY_SSL": "false"
      }
    }
  }
}

Claude Code

File: .mcp.json in your project root (project-scope) or ~/.claude.json (user-scope)

{
  "mcpServers": {
    "portainer": {
      "type": "stdio",
      "command": "python3",
      "args": ["-m", "portainer_mcp.server"],
      "env": {
        "PORTAINER_URL": "https://your-portainer:9443",
        "PORTAINER_USERNAME": "admin",
        "PORTAINER_PASSWORD": "${PORTAINER_PASSWORD}",
        "PORTAINER_VERIFY_SSL": "false"
      }
    }
  }
}

Or via CLI:

claude mcp add portainer -- python3 -m portainer_mcp.server

Cursor

File: ~/.cursor/mcp.json (global) or .cursor/mcp.json (project)

{
  "mcpServers": {
    "portainer": {
      "command": "python3",
      "args": ["-m", "portainer_mcp.server"],
      "env": {
        "PORTAINER_URL": "https://your-portainer:9443",
        "PORTAINER_USERNAME": "admin",
        "PORTAINER_PASSWORD": "your-password",
        "PORTAINER_VERIFY_SSL": "false"
      }
    }
  }
}

Windsurf

File: ~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "portainer": {
      "command": "python3",
      "args": ["-m", "portainer_mcp.server"],
      "env": {
        "PORTAINER_URL": "https://your-portainer:9443",
        "PORTAINER_USERNAME": "admin",
        "PORTAINER_PASSWORD": "your-password",
        "PORTAINER_VERIFY_SSL": "false"
      }
    }
  }
}

VS Code (GitHub Copilot)

File: .vscode/mcp.json in your workspace

{
  "servers": {
    "portainer": {
      "type": "stdio",
      "command": "python3",
      "args": ["-m", "portainer_mcp.server"],
      "env": {
        "PORTAINER_URL": "${input:portainer-url}",
        "PORTAINER_USERNAME": "${input:portainer-username}",
        "PORTAINER_PASSWORD": "${input:portainer-password}",
        "PORTAINER_VERIFY_SSL": "false"
      }
    }
  },
  "inputs": [
    { "type": "promptString", "id": "portainer-url", "description": "Portainer base URL" },
    { "type": "promptString", "id": "portainer-username", "description": "Portainer username" },
    { "type": "promptString", "id": "portainer-password", "description": "Portainer password", "password": true }
  ]
}

Continue.dev

File: ~/.continue/config.yaml or .continue/config.yaml

mcpServers:
  - name: portainer
    type: stdio
    command: python3
    args:
      - -m
      - portainer_mcp.server
    env:
      PORTAINER_URL: "https://your-portainer:9443"
      PORTAINER_USERNAME: "admin"
      PORTAINER_PASSWORD: "your-password"
      PORTAINER_VERIFY_SSL: "false"

Environment Variables

Variable	Required	Default	Description
`PORTAINER_URL`	Yes	—	Portainer base URL (e.g. `https://portainer.example.com:9443`)
`PORTAINER_USERNAME`	Yes	—	Portainer username
`PORTAINER_PASSWORD`	Yes	—	Portainer password
`PORTAINER_DEFAULT_ENDPOINT`	No	`1`	Default endpoint ID for container/image/stack operations
`PORTAINER_VERIFY_SSL`	No	`true`	Set to `false` for self-signed certificates

Tools

All 41 tools are listed below with their parameters and descriptions. Every tool returns JSON.

Authentication

Tool	Description
`portainer_status()`	Check connection and authentication status. Returns version and instance ID.

Endpoints (Environments)

Tool	Description
`portainer_endpoints_list()`	List all environments. Returns id, name, type, url, status.
`portainer_endpoint_inspect(endpoint_id)`	Get endpoint details (sensitive fields like TLS certs are filtered).

Stacks

Tool	Description
`portainer_stacks_list()`	List all stacks with id, name, type, status, endpoint_id.
`portainer_stack_inspect(stack_id)`	Get stack details including the docker-compose file content.
`portainer_stack_deploy(name, compose_content, endpoint_id?)`	Deploy a new stack. Auto-detects Swarm vs standalone.
`portainer_stack_update(stack_id, compose_content?, endpoint_id?)`	Update a stack. Omit compose_content to redeploy existing.
`portainer_stack_delete(stack_id)`	Delete a stack.
`portainer_stack_start(stack_id)`	Start a stopped stack.
`portainer_stack_stop(stack_id)`	Stop a running stack.

Containers

Tool	Description
`portainer_containers_list(endpoint_id?, show_all?)`	List containers. Set `show_all=true` to include stopped.
`portainer_container_inspect(container_id, endpoint_id?)`	Get detailed container info.
`portainer_container_start(container_id, endpoint_id?)`	Start a stopped container.
`portainer_container_stop(container_id, endpoint_id?)`	Stop a running container.
`portainer_container_restart(container_id, endpoint_id?)`	Restart a container.
`portainer_container_remove(container_id, force?, endpoint_id?)`	Remove a container. `force` defaults to false.
`portainer_container_logs(container_id, tail?, endpoint_id?)`	Get container logs. `tail` defaults to 100 (max 1000).
`portainer_container_logs_grep(container_id, pattern, tail?, context_lines?, endpoint_id?)`	Server-side regex over logs. Returns only matching lines (with optional context) — saves bandwidth on noisy logs.
`portainer_container_stats(container_id, endpoint_id?)`	Point-in-time CPU%, memory, network and block I/O stats (not a stream).
`portainer_container_exec(container_id, command, workdir?, user?, endpoint_id?)`	Run a shell command inside a running container and return its stdout/stderr + exit code. Audit-logged.
`portainer_stack_logs_errors(stack_name, tail?, endpoint_id?)`	Concurrent scan of every running container in a stack for HTTP 4xx/5xx, exceptions, fatal/critical levels, panics, OOM, PHP errors, etc.
`portainer_laravel_errors(stack_name, tail?, endpoint_id?)`	Read `/var/www/app/storage/logs/laravel.log` inside each container of a stack and return `production.ERROR/CRITICAL/EMERGENCY` entries — the actual exception behind a 500.
`portainer_laravel_tinker(stack_name, code, endpoint_id?)`	Execute PHP via `php artisan tinker --execute=...` in the first running `{stack}_backend.*` container. Code capped at 4096 chars. Audit-logged.

Images

Tool	Description
`portainer_images_list(endpoint_id?)`	List images with tags and sizes.
`portainer_image_inspect(image_id, endpoint_id?)`	Get detailed image info. Accepts `name:tag` or `name@sha256:digest`.
`portainer_image_pull(image_name, tag?, registry_auth?, endpoint_id?)`	Pull an image. `tag` defaults to `"latest"`. `registry_auth` is an optional base64-encoded JSON `{"username":..,"password":..,"serveraddress":..}` forwarded as `X-Registry-Auth` — required for private registries. The pull-progress stream is parsed and any `errorDetail` is surfaced as a tool error (the previous version returned success regardless).
`portainer_image_remove(image_id, endpoint_id?)`	Remove an image.

Volumes

Tool	Description
`portainer_volumes_list(endpoint_id?)`	List Docker volumes.
`portainer_volume_inspect(volume_name, endpoint_id?)`	Get detailed volume info.
`portainer_volume_create(name, driver?, labels?, endpoint_id?)`	Create a volume. `driver` defaults to `"local"`.
`portainer_volume_remove(volume_name, force?, endpoint_id?)`	Remove a volume. `force` defaults to false.

Networks

Tool	Description
`portainer_networks_list(endpoint_id?)`	List Docker networks with driver, scope and attached container count.
`portainer_network_inspect(network_id, endpoint_id?)`	Get detailed network info.
`portainer_network_create(name, driver?, internal?, labels?, endpoint_id?)`	Create a network. `driver` defaults to `"bridge"` (use `"overlay"` for Swarm).
`portainer_network_remove(network_id, endpoint_id?)`	Remove a network.
`portainer_network_connect(network_id, container_id, endpoint_id?)`	Attach a container to a network.
`portainer_network_disconnect(network_id, container_id, force?, endpoint_id?)`	Detach a container from a network.

System

Tool	Description
`portainer_docker_info(endpoint_id?)`	OS, CPU, memory, container/image counts, swarm state.
`portainer_docker_disk_usage(endpoint_id?)`	Per-category disk usage (containers, images, volumes, build cache) with reclaimable size.

Users

Tool	Description
`portainer_users_list()`	List all Portainer users with id, username, role.
`portainer_user_inspect(user_id)`	Get user details. Sensitive fields (password hash, TFA material, tokens) are filtered out.

Example Workflows

Deploy a new service:

"Deploy a stack called 'redis' with Redis 7 on port 6379"

The agent will call portainer_stack_deploy(name="redis", compose_content="...") with the generated compose YAML.

Debug a failing container:

"Why is the nginx container crashing?"

The agent will call portainer_containers_list() to find the container, then portainer_container_logs(container_id) to inspect the logs.

Update an existing stack:

"Update the arena-etl stack to use the new image tag v2.1"

The agent will call portainer_stack_inspect(stack_id) to get the current compose file, modify the image tag, then portainer_stack_update(stack_id, compose_content).

Security

JWT auth with proactive refresh (7h TTL, Portainer default is 8h), asyncio.Lock-guarded re-authentication for safe concurrent use, and 401/403-CSRF retry fallback.
CSRF handling for Portainer 2.39+ — Referer + X-CSRF-Token are sent only on mutating methods; CSRF token is harvested from X-CSRF-Token response headers and refreshed automatically.
SSL verification enabled by default. Only disable for self-signed certificates.
Input validation — container IDs, image references (incl. digests), stack names, volume/network names are regex-validated before any API call. Path traversal (..) is blocked.
Sensitive field filtering — endpoint_inspect strips TLS certificates, Azure credentials and security settings; user_inspect whitelists safe fields and hides password/TFA material.
Audit logging — every mutating operation (deploy, delete, remove, pull, start, stop, exec, tinker) is logged to stderr with parameters.
No hardcoded credentials — all secrets come from environment variables. Optional X-Registry-Auth for private-registry image pulls is passed in via parameter, never persisted.
Container removal — force defaults to false to prevent accidental deletion of running containers.
Log/exec size limits — output is capped at 100K characters to prevent memory exhaustion.

Development

git clone https://github.com/ginkida/portainer-mcp.git
cd portainer-mcp
pip install -e ".[dev]"

Run locally:

export PORTAINER_URL=https://your-portainer:9443
export PORTAINER_USERNAME=admin
export PORTAINER_PASSWORD=your-password
python3 -m portainer_mcp.server

Lint and type-check:

ruff check src/
mypy src/

Requirements

Python 3.10+
A running Portainer instance (CE or Business Edition)
Portainer API access (default port 9443)

License

MIT

Install Server

license - permissive license

quality

maintenance

How are these scores calculated?

Maintenance

–Maintainers

–Response time

5dRelease cycle

4Releases (12mo)

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Tools

View all tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/ginkida/portainer-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server