Kastell

Official

Overview Schema Related Servers Score Discussions

server_provision

Destructive

Provision cloud servers on Hetzner, DigitalOcean, Vultr, or Linode with optional Coolify/Dokploy installation or bare VPS setup. Automates server creation and initial configuration.

Instructions

Provision a new server on a cloud provider. Default: Coolify auto-install via cloud-init. Pass mode:'bare' for a generic VPS without Coolify (installs UFW and runs system updates only). Requires provider API token as environment variable (HETZNER_TOKEN, DIGITALOCEAN_TOKEN, VULTR_TOKEN, LINODE_TOKEN). WARNING: Creates a billable cloud resource. Blocked when KASTELL_SAFE_MODE=true. Server takes 3-5 minutes to fully initialize after provisioning.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`provider`	Yes	Cloud provider to create server on
`region`	No	Region/location ID (e.g. 'nbg1' for Hetzner, 'fra1' for DigitalOcean, 'ewr' for Vultr, 'us-east' for Linode). Uses template defaults if omitted
`size`	No	Server type/plan ID (e.g. 'cax11' for Hetzner, 's-2vcpu-2gb' for DigitalOcean). Uses template defaults if omitted
`name`	Yes	Server hostname, 3-63 chars, lowercase, starts with letter, only alphanumeric and hyphens, ends with letter or number
`template`	No	Template for default region/size. 'starter' = cheapest, 'production' = more resources, 'dev' = development. Explicit region/size override template defaults. Default: starter	starter
`mode`	No	Server mode: 'coolify' installs Coolify, 'dokploy' installs Dokploy, 'bare' provisions generic VPS. Default: coolify	coolify

Implementation Reference

src/mcp/tools/serverProvision.ts:48-159 (handler)

The handleServerProvision function executes the provisioning logic, checking for SAFE_MODE, calling the core provisioner, and returning successful or error responses for the MCP tool.

export async function handleServerProvision(params: {
  provider: SupportedProvider;
  region?: string;
  size?: string;
  name: string;
  template?: "starter" | "production" | "dev";
  mode?: "coolify" | "dokploy" | "bare";
}, mcpServer?: McpServer): Promise<{ content: Array<{ type: "text"; text: string }>; isError?: boolean }> {
  const mode = params.mode ?? "coolify";

  // SAFE_MODE guard
  if (isSafeMode()) {
    return mcpError(
      "Provision is disabled in SAFE_MODE",
      "Set KASTELL_SAFE_MODE=false to enable server provisioning. WARNING: This creates billable cloud resources.",
    );
  }

  await mcpLog(mcpServer, `Provisioning ${params.provider} server: ${params.name}`);

  try {
    const result = await provisionServer({
      provider: params.provider,
      region: params.region,
      size: params.size,
      name: params.name,
      template: params.template,
      mode,
    });

    if (!result.success) {
      return mcpError(
        result.error ?? "Provision failed",
        result.hint,
        [
          {
            command: "server_info { action: 'list' }",
            reason: "Check existing servers",
          },
        ],
      );
    }

    if (!result.server) {
      return mcpError("Unexpected: server record missing");
    }

    const server = result.server;

    const suggestedActions =
      mode === "bare"
        ? [
            {
              command: `ssh root@${server.ip}`,
              reason: "Connect to your bare server via SSH",
            },
            {
              command: `server_secure { action: 'secure-setup', server: '${server.name}' }`,
              reason: "Harden SSH security + install fail2ban",
            },
            {
              command: `server_secure { action: 'firewall-setup', server: '${server.name}' }`,
              reason: "Setup UFW firewall",
            },
            {
              command: `server_info { action: 'status', server: '${server.name}' }`,
              reason: "Check cloud provider status",
            },
          ]
        : [
            {
              command: `server_info { action: 'health', server: '${server.name}' }`,
              reason: "Check Coolify health (wait 3-5 minutes after creation for Coolify to initialize)",
            },
            {
              command: `server_secure { action: 'secure-setup', server: '${server.name}' }`,
              reason: "Harden SSH security + install fail2ban",
            },
            {
              command: `server_secure { action: 'firewall-setup', server: '${server.name}' }`,
              reason: "Setup UFW firewall with Coolify ports",
            },
            {
              command: `server_info { action: 'status', server: '${server.name}' }`,
              reason: "Check cloud provider status",
            },
          ];

    await mcpLog(mcpServer, "Provision complete");

    return mcpSuccess({
      success: true,
      message: `Server "${server.name}" provisioned on ${server.provider}`,
      server: {
        id: server.id,
        name: server.name,
        provider: server.provider,
        ip: server.ip,
        region: server.region,
        size: server.size,
        mode,
        createdAt: server.createdAt,
      },
      ...(result.hint ? { hint: result.hint } : {}),
      suggested_actions: suggestedActions,
    });
  } catch (error: unknown) {
    return mcpError(
      error instanceof Error ? error.message : String(error),
    );
  }
}

src/mcp/tools/serverProvision.ts:11-44 (schema)

The serverProvisionSchema defines the input validation for the server_provision tool using Zod.

export const serverProvisionSchema = {
  provider: z
    .enum(SUPPORTED_PROVIDERS)
    .describe("Cloud provider to create server on"),
  region: z
    .string()
    .optional()
    .describe(
      "Region/location ID (e.g. 'nbg1' for Hetzner, 'fra1' for DigitalOcean, 'ewr' for Vultr, 'us-east' for Linode). Uses template defaults if omitted",
    ),
  size: z
    .string()
    .optional()
    .describe(
      "Server type/plan ID (e.g. 'cax11' for Hetzner, 's-2vcpu-2gb' for DigitalOcean). Uses template defaults if omitted",
    ),
  name: z
    .string()
    .describe(
      "Server hostname, 3-63 chars, lowercase, starts with letter, only alphanumeric and hyphens, ends with letter or number",
    ),
  template: z
    .enum(["starter", "production", "dev"])
    .default("starter")
    .describe(
      "Template for default region/size. 'starter' = cheapest, 'production' = more resources, 'dev' = development. Explicit region/size override template defaults. Default: starter",
    ),
  mode: z
    .enum(["coolify", "dokploy", "bare"])
    .default("coolify")
    .describe(
      "Server mode: 'coolify' installs Coolify, 'dokploy' installs Dokploy, 'bare' provisions generic VPS. Default: coolify",
    ),
};

src/mcp/server.ts:146-158 (registration)

Registration of the 'server_provision' tool within the MCP server setup.

server.registerTool("server_provision", {
  description:
    "Provision a new server on a cloud provider. Default: Coolify auto-install via cloud-init. Pass mode:'bare' for a generic VPS without Coolify (installs UFW and runs system updates only). Requires provider API token as environment variable (HETZNER_TOKEN, DIGITALOCEAN_TOKEN, VULTR_TOKEN, LINODE_TOKEN). WARNING: Creates a billable cloud resource. Blocked when KASTELL_SAFE_MODE=true. Server takes 3-5 minutes to fully initialize after provisioning.",
  inputSchema: serverProvisionSchema,
  annotations: {
    title: "Server Provisioning",
    readOnlyHint: false,
    destructiveHint: true,
    idempotentHint: false,
    openWorldHint: true,
  },
}, async (params) => {
  return handleServerProvision(params, server);

Tool Definition Quality

A4.6/5.0

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Adds critical behavioral context beyond annotations: billing warning ('Creates a billable cloud resource'), environment variable auth requirements, KASTELL_SAFE_MODE blocking condition, and initialization timing (3-5 minutes). Annotations only declare destructive/write hints; description explains the real-world implications.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Seven sentences progressing logically: purpose → default behavior → mode alternative → auth requirements → cost warning → safety constraint → timing. Every sentence earns its place; no redundancy with structured fields.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Comprehensive coverage of operational risks (cost, safety), initialization timing, and provider constraints. Minor gap: no mention of return values (server ID, IP address) despite lack of output schema, though the side-effect warnings are appropriately prioritized.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

With 100% schema coverage, baseline is 3. Description adds valuable workflow context: explains Coolify auto-install default, clarifies bare mode installs UFW and updates (not in schema), and connects template defaults to practical outcomes (starter/production/dev).

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

States specific verb (provision) and resource (server) upfront. Clear distinction from management siblings (server_audit, server_backup, etc.) which operate on existing servers, while this creates new infrastructure.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Excellent internal guidance on mode selection (Coolify default vs bare vs dokploy) and explicit safe-mode blocking condition. Lacks explicit mapping to sibling alternatives, though the verb 'provision' makes the creation vs management distinction reasonably clear.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/kastelldev/kastell'

If you have feedback or need assistance with the MCP directory API, please join our Discord server