MCP server
Let an AI assistant read and manage your containers — safely, on your terms.
logdeck mcp runs a Model Context Protocol server over stdio, so an assistant like Claude Desktop, Cursor, or Claude Code can query your containers, logs, events, and stats directly — and, when you opt in, restart a container or run a command. It is a thin layer over the same HTTP API the web UI and CLI use, so it adds no new server and no new way in: your existing API token decides what it can do.
Setup
You need the logdeck CLI installed (see the CLI reference) and a running LogDeck server. Add one entry to your MCP client's configuration:
{
"mcpServers": {
"logdeck": {
"command": "logdeck",
"args": ["mcp"],
"env": {
"LOGDECK_URL": "https://logdeck.example.com",
"LOGDECK_TOKEN": "ldk_your_read_token"
}
}
}
}The server reads its connection from LOGDECK_URL and LOGDECK_TOKEN (or a saved CLI context). On startup it prints, to stderr, which tool tiers are live — for example MCP: read + lifecycle enabled — and warns if the token is not a scoped ldk_ API token.
Capability follows the token
The MCP server never widens what your token can do. Mutations are enforced by the LogDeck server, not the MCP layer, so the safe path is the default:
- A read-scoped token (
ldk_, created in Settings → API access) can read logs, stats, events, and container details, but every action tool returns a permission error. This is what you hand to an assistant by default — safe by construction. See scoped API tokens. - An admin token can additionally run the action tools you have enabled. You opt into that by choosing which token to configure.
Read tools
These are always available and are read-only.
list_containers
Containers across every host, including removed ones and their health state.
get_logs
Recent parsed logs for one container, with tail, level, regex, and time-range filters. Never follows.
search_logs
Regex search across many running containers, merged by timestamp.
inspect_container
The full inspect document for one container.
list_events
Docker/Podman events collected over a short bounded window.
container_stats / host_stats
Live CPU and memory per container, and per-host system stats.
list_images / list_volumes / list_networks
Images, volumes, and networks across hosts.
history_search / history_status / history_containers
Query the persisted log store: fast, indexed, cursor-paginated, and readable even for containers that no longer exist.
Actions are opt-in
Action tools are off by default and enabled with flags on the logdeck mcp command. Even with a flag set, a read token still cannot run them — the flag only decides which tools are advertised.
start_container / stop_container / restart_container
always registered (needs an admin token to run)
Reversible lifecycle actions.
remove_container
--allow-destructive
Remove a container. Marked destructive so clients prompt harder.
run_command
--allow-exec
Run one non-interactive command in a container and return separate stdout, stderr, and the exit code.
Pass --allow-all to enable every action tier at once:
"args": ["mcp", "--allow-destructive", "--allow-exec"]Environment-variable and settings writes are intentionally not exposed as tools. Client confirmation prompts are a convenience, not a security boundary — the token scope and these flags are.
Notes
- Log tools default to a small tail and cap the number of lines returned, to stay within an assistant's context.
history_searchis cursor-paginated for walking further back. run_commandis non-interactive: it runs one command, returns its output and exit code, and does not attach a terminal. For an interactive shell, use the web terminal.