MCP communityWardn HubCommunity directory for MCP servers.

Discover

  • Explore
  • Categories
  • Users
  • Partners

Contribute

  • Submit
  • Submissions
  • Advertise
  • API tokens
  • Sign in
© 2026 Wardn AI
Wardn Hub
ExploreCategoriesUsersAdvertise

Argo CD MCP Server

io.github.argoproj-labs/mcp-for-argocd

Overview

MCP server for Argo CD that exposes application, cluster, resource, event, log, sync, and resource action tools over stdio, Streamable HTTP, or SSE transports.

WebsiteRepository

Documentation

Argo CD MCP Server

MCP server for Argo CD from the verified upstream repository argoproj-labs/mcp-for-argocd. The npm package is argocd-mcp version 0.8.0; npm metadata points to https://github.com/argoproj-labs/mcp-for-argocd.

Default stdio launch

{
  "command": "npx",
  "args": ["argocd-mcp@latest", "stdio"],
  "env": {
    "ARGOCD_BASE_URL": "",
    "ARGOCD_API_TOKEN": "",
    "ARGOCD_TOKEN_REGISTRY_PATH": "",
    "MCP_READ_ONLY": "false",
    "NODE_TLS_REJECT_UNAUTHORIZED": "1"
  }
}

ARGOCD_BASE_URL and ARGOCD_API_TOKEN are user-specific values and are left empty. ARGOCD_API_TOKEN is required unless ARGOCD_TOKEN_REGISTRY_PATH points to a valid token registry file.

Transports and arguments

The package supports stdio, http, and sse subcommands. HTTP and SSE accept --port with default 3000; HTTP also accepts --stateless. The default package launch is stdio, so HTTP/SSE options are documented as optional package arguments and are not included in the default launch.

HTTP transport serves POST /mcp and GET /healthz. In stateful mode clients must retain the MCP session ID. In stateless mode, any replica can handle any request, but GET /mcp and DELETE /mcp return 405.

Credentials and security

The server reads default credentials from ARGOCD_BASE_URL and ARGOCD_API_TOKEN, or from HTTP headers x-argocd-base-url and x-argocd-api-token. Tool calls may pass a non-secret argocdBaseUrl override, but API tokens are never accepted as tool arguments. For multi-instance use, ARGOCD_TOKEN_REGISTRY_PATH points to a JSON file containing {baseUrl, token} entries. If that file is set but unreadable or malformed, startup fails closed.

The default token is bound to the default base URL and is never sent to arbitrary per-call hosts. Non-default hosts require registry tokens. NODE_TLS_REJECT_UNAUTHORIZED=0 is documented for self-signed/private CA cases but disables TLS verification and should be used only when the tradeoff is understood.

Implemented tools

Cluster management:

  • list_clusters

Application management:

  • list_applications
  • get_application
  • create_application
  • update_application
  • delete_application
  • sync_application

Application and resource inspection:

  • get_application_resource_tree
  • get_application_managed_resources
  • get_application_workload_logs
  • get_application_events
  • get_resources

Resource operations:

  • get_resource_events
  • get_resource_actions
  • run_resource_action

When MCP_READ_ONLY=true, mutating tools are not registered: create_application, update_application, delete_application, sync_application, and run_resource_action.

Development and Docker

The upstream README documents cloning https://github.com/argoproj-labs/mcp-for-argocd.git, running pnpm install, pnpm run dev, make run, make dev, and Docker usage such as docker run -e ARGOCD_BASE_URL=<argocd_url> -e ARGOCD_API_TOKEN=<argocd_token> argoprojlabs/mcp-for-argocd http --stateless.

Latest Version

Version
0.8.0
Category
Cloud Platforms
Published
Jun 28, 2026
Updated
Jun 28, 2026
Published By
Abhimanyu Saharan