gandi-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@gandi-mcplist my domains"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
gandi-mcp
Production-grade Python MCP server for the Gandi v5 API.
Status
Stage: S3 (Complete). Under active development. See CLAUDE.md for the architectural overview.
Related MCP server: mcp-devtools
Features
71 MCP tools covering Gandi Domains, LiveDNS, Email, Billing, Organization, and Certificates (34 read / 29 write / 8 purchase)
Three-tier safety model: readonly (default) → readwrite → readwrite + purchases, gated at both tool-visibility and handler-runtime layers
No-purchasing mode: tools that spend money (domain registration, renewal, transfer-in, cert issuance, mailbox slots) are hidden by default even in readwrite mode
Bearer auth with optional
sharing_idscoping for reseller / multi-org accountsTyped, linted, tested: strict ty, ruff, pytest, bandit
Quick Start
# Install from source
git clone https://github.com/millsymills-com/gandi-mcp.git
cd gandi-mcp
uv sync --extra dev
# Configure
cp .env.example .env
# Edit .env: set GANDI_TOKEN at minimum
# Run
uv run gandi-mcpGlobal install (system-wide CLI)
To install gandi-mcp as a global binary on PATH (useful when wiring it into Claude Code without a per-project checkout):
# From the cloned repo
uv tool install /absolute/path/to/gandi-mcp
# Refresh after pulling new commits
uv tool upgrade --reinstall gandi-mcp
# Verify it's on PATH (the entry point starts the stdio server; Ctrl-C to stop)
command -v gandi-mcpConfiguration
See .env.example for every option.
Variable | Default | Description |
| - | Required. Personal Access Token from https://admin.gandi.net/ |
| - | Optional organization UUID to scope all requests to |
|
|
|
|
| When |
|
| Override only for testing |
|
| Request timeout in seconds |
|
| Total request attempts including the first (1 = no retry) |
Safety model
Three tiers, two orthogonal gates:
Mode | Purchases | Tools visible |
| n/a | Read tools only |
|
| Read + non-purchasing writes (DNS records, contacts, mailbox edits, cert revoke, |
|
| Everything including |
Defense-in-depth: every write tool also checks the mode at handler time, and every purchase tool also checks the purchase flag, so a stale tool list cached by an MCP client can't slip a write through.
Claude Code integration
Register the server in ~/.claude.json (global) or .claude/settings.json (project).
With a global install (uv tool install, recommended for global config; no project directory required):
{
"mcpServers": {
"gandi": {
"command": "gandi-mcp",
"env": {
"GANDI_TOKEN": "your-bearer-pat-here",
"GANDI_MODE": "readonly",
"GANDI_ALLOW_PURCHASES": "false"
}
}
}
}From a working copy (picks up local edits live):
{
"mcpServers": {
"gandi": {
"command": "uv",
"args": ["--directory", "/absolute/path/to/gandi-mcp", "run", "gandi-mcp"]
}
}
}In the working-copy form, environment variables are read from .env in the project directory. In the global-install form, set them under env in the JSON or via your shell environment.
Default the global config to GANDI_MODE=readonly until you actively need writes; every session inherits the mode you set here.
Limitations
Gaps in Gandi's v5 REST API that this server cannot work around. Each requires manual action in the Gandi web UI:
Registrar transfer-lock toggle. v5 reports
clientTransferProhibitedingandi_domain_get_domain/gandi_domain_get_statusresponses but exposes no PATCH/PUT endpoint to set it. Unlock fromDomains → <domain> → Transfer lockbefore initiating a registrar transfer-out.Email subscription cancellation.
gandi_email_refund_slotonly refunds an unused slot within the refund window. There is no v5 endpoint to stop a recurring email subscription. Cancel fromBilling → Subscriptions.Outbound transfer status / approval. v5 does not surface outbound-transfer state. Gandi sends an FOA email; approve there.
Development
# Lint and format
uv run ruff check src/ tests/
uv run ruff format --check src/ tests/
# Type check
uv run ty check src/gandi_mcp/
# Unit tests
uv run pytest tests/unit/ -v
# Full suite with coverage (matches CI gate: >=85% total, >=70% tools/*.py, >=90% core)
uv run pytest -m "not live" --cov=gandi_mcp --cov-report=term-missing --cov-report=json
uv run python scripts/check_coverage_thresholds.py
# Pre-commit hooks
uv run pre-commit installLicense
Apache-2.0. See LICENSE.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/millsymills-com/gandi-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server