I built an MCP server for the Arcane API — 125 tools for AI-driven Docker management #3083
Replies: 1 comment
-
|
I like the two-step token pattern for destructive operations. For infrastructure tools, I would add a few guardrails around that boundary so the confirmation token is not the only control. The checks I would want are:
The most useful negative tests are usually simple: token reuse fails, token for container A cannot confirm deletion of container B, changed arguments invalidate the token, expired token does not execute, failed Arcane API call still produces a terminal audit event, and a dry-run prune cannot be silently upgraded to execute. For agents managing Docker hosts, I would also treat compose project changes as a higher-risk class than single-container restarts. A compose update can mutate networks, volumes, env, images, and restart policy in one action, so it deserves a compact plan/receipt before execution. Disclosure: I work on Armorer Labs. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Been using Arcane for a while to manage Docker on my homelab. Great piece of kit. I wanted my AI coding agent to be able to interact with the same Docker host directly — deploy services, check logs, manage volumes — without me having to context-switch.
So I put together an MCP server wrapper around the Arcane API. It exposes 125 tools across 14 categories — containers, images, volumes, networks, Compose projects, registries, vulnerability scanning, etc. Any MCP-compatible agent (OpenCode, Claude Desktop, Cursor) can use it.
Quick example flow:
Every destructive operation uses a two-step confirmation token pattern (with a 120s TTL), so an agent can't blast through a safety gate in one call. Prune operations default to dry-run. All actions are logged to a structured audit file.
The server is a thin Python layer (FastMCP + httpx) that just proxies to the Arcane API with proper error handling and auth. No state, no database, no daemon.
Would love feedback, especially from anyone else experimenting with AI agents managing infrastructure. What guardrails are you using?
Repo: https://github.com/MikeCase/arcane-mcp
Install:
pip install git+https://github.com/MikeCase/arcane-mcp.gitBeta Was this translation helpful? Give feedback.
All reactions